You can configure RMI/IIOP over SSL in two ways: using a username and password, or using a client certificate.
To use a username and password, configure the ior-security-config element in the sun-ejb-jar.xml file. The following configuration establishes SSL between an application client and an EJB component using a username and password. The user has to login to the ACC using either the sun-acc.xml mechanism or the Programmatic Login mechanism.
<ior-security-config> <transport-config> <integrity>required</integrity> <confidentiality>required</confidentiality> <establish-trust-in-target>supported</establish-trust-in-target> <establish-trust-in-client>none</establish-trust-in-client> </transport-config> <as-context> <auth-method>username_password</auth-method> <realm>default</realm> <required>true</required> </as-context> <sas-context> <caller-propagation>none</caller-propagation> </sas-context> </ior-security-config>
For more information about the sun-ejb-jar.xml and sun-acc.xml files, see the Sun Java System Application Server 9.1 Application Deployment Guide.
To use a client certificate, configure the ior-security-config element in the sun-ejb-jar.xml file. The following configuration establishes SSL between an application client and an EJB component using a client certificate.
<ior-security-config> <transport-config> <integrity>required</integrity> <confidentiality>required</confidentiality> <establish-trust-in-target>supported</establish-trust-in-target> <establish-trust-in-client>required</establish-trust-in-client> </transport-config> <as-context> <auth-method>none</auth-method> <realm>default</realm> <required>false</required> </as-context> <sas-context> <caller-propagation>none</caller-propagation> </sas-context> </ior-security-config>
To use a client certificate, you must also specify the system properties for the keystore and truststore to be used in establishing SSL. To use SSL with the Application Client Container (ACC), you need to set VMARGS environment variable in one of the following ways:
Set the environment variable VMARGS in the shell. For example, in the ksh or bash shell, the command to set this environment variable would be as follows:
export VMARGS="-Djavax.net.ssl.keyStore=${keystore.db.file} -Djavax.net.ssl.trustStore=${truststore.db.file} -Djavax.net.ssl.keyStorePass word=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"
Set the env element in the asant script (see Chapter 3, The asant Utility). For example:
<target name="runclient"> <exec executable="${S1AS_HOME}/bin/appclient"> <env key="VMARGS" value=" -Djavax.net.ssl.keyStore=${keystore.db.file} -Djavax.net.ssl.trustStore=${truststore.db.file} -Djavax.net.ssl.keyStorePasword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/> <arg value="-client"/> <arg value="${appClient.jar}"/> </exec> </target>