Tuesday, September 2, 2003 07:54:25 Thank you for clarification.
I'll try to find another solution :) -- Best regards, Alexander On Fri, 29 Aug 2003 13:04:21 -0300 (EST), you wrote: FR> Interoperable security for EJB invocations is not implemented FR> yet. JBoss has security, of course, but not in an interoperable FR> (CORBA-compliant) way. FR> The CORBA compliant way of securing EJB invocations is based FR> on CSIv2 (Common Secure Interoperability version 2), an OMG FR> specification that our IIOP engine (JacORB) will support very FR> soon. This will make it easy for us to secure EJB invocations FR> over IIOP. As Bill said, we are planing to do this for J2EE FR> certification. FR> Note, however, that you will need CSIv2 support also at the FR> client-side. Not all C++ ORBs support CSIv2. (I know MICO does FR> it, other C++ ORBs might support CSIv2 as well.) FR> Cheers, FR> Francisco FR> On Fri, 29 Aug 2003, Bill Burke wrote: >> We don't have this interoperability with CORBA and security at this >> time. It is one of the things we are planning to implement once Sun >> grants us the license to certification (we're waiting patiently). >> >> You would have to build a bridge until then. Or you could fund >> Francisco Reverbel to implement it through a JBG support contract. >> >> I'll let Francisco chime in with more details. >> >> Bill >> >> Alexander Titov wrote: >> >> > Hello. >> > >> > In the section 8 (page 412-413) of the JBoss Administration and >> > Development Third Edition (3.2.x Series) book it is written, that >> > "Every secured EJB method invocation,... requires the authentication >> > and authorization of the caller because security information is >> > handled as a stateless attribute of the request that must be presented >> > and validated on each request". Each client-server "invocation >> > includes the method arguments passed by the client along with the user >> > identity and credentials from the client-side JAAS login performed..." >> > earlier. >> > >> > Does it mean that JBoss RMI implementation is proprietary? Where it is >> > possible to read about this implementation details? >> > >> > My problem is the following - I have CORBA client, which should make >> > EJB calls to JBoss container. Definitely I have to secure these >> > invocations. How should I pack the security information? Is there any >> > samples of such interoperability? >> > >> >> -- >> ================ >> Bill Burke >> Chief Architect >> JBoss Group LLC. >> ================ >> >> FR> ------------------------------------------------------- FR> This sf.net email is sponsored by:ThinkGeek FR> Welcome to geek heaven. FR> http://thinkgeek.com/sf FR> _______________________________________________ FR> JBoss-user mailing list FR> [EMAIL PROTECTED] FR> https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
