Securing enterprise bean access

If J2EE Authentication on the system is enabled, you must enable the security for each enterprise bean in the deployment descriptors.

About this task

Under the <enterprise-beans> section of the ejb-jar.xml file, three integration EJBs are deployed with a default value of 1, which indicates that no authentication is required.

The <ejg-name> to service mapping is:

<ejb-name> Service
enterpriseservice Enterprise Service
mosservice Object Structure Service
actionservice Standard Service

Procedure

  1. To force authentication, change the ALLOWDFLTLOGIN value to 0 (false), for each of three services, indicated in bold in the following code example:
    <enterprise-beans>
    <session id="Session_enterpriseservice">
      <ejb-name>enterpriseservice</ejb-name>
      <home>psdi.iface.gateway.MEAGatewayHome</home>
      <remote>psdi.iface.gateway.MEAGateway</remote>
      <local-home>psdi.iface.gateway.MEAGatewayHomeLocal</local-home>
      <local>psdi.iface.gateway.MEAGatewayLocal</local>
      <ejb-class>psdi.iface.gateway.MEAGatewayBean</ejb-class>
      <session-type>Stateless</session-type>
        <transaction-type>Container</transaction-type>
        <env-entry>
          <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
          <env-entry-type>java.lang.String</env-entry-type>
          <env-entry-value>0</env-entry-value>
        </env-entry>      
        <security-role-ref>
          <description>
            Application Users
          </description>
          <role-name>maximouser</role-name>
          <role-link>maximouser</role-link>
        </security-role-ref>
      </session>
      <session id="Session_mosservice">
        <ejb-name>mosservice</ejb-name>
        <home>psdi.iface.mos.MOSServiceHome</home>
        <remote>psdi.iface.mos.MOSServiceRemote</remote>
        <local-home>psdi.iface.mos.MOSServiceHomeLocal</local-home>
        <local>psdi.iface.mos.MOSServiceLocal</local>
        <ejb-class>psdi.iface.mos.MOSServiceBean</ejb-class>
        <session-type>Stateless</session-type>
        <transaction-type>Container</transaction-type>
        <env-entry>
          <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
          <env-entry-type>java.lang.String</env-entry-type>
          <env-entry-value>0</env-entry-value>
        </env-entry>      
        <security-role-ref>
          <description>
            Application Users
          </description>
          <role-name>maximouser</role-name>
          <role-link>maximouser</role-link>
         </security-role-ref>
        </session>
      <session id="Session_actionservice">
        <ejb-name>actionservice</ejb-name>
        <home>psdi.iface.action.MAXActionServiceHome</home>
        <remote>psdi.iface.action.MAXActionServiceRemote</remote>
        <local-home>psdi.iface.action.MAXActionServiceHomeLocal</local-home>
        <local>psdi.iface.action.MAXActionServiceLocal</local>
        <ejb-class>psdi.iface.action.MAXActionServiceBean</ejb-class>
        <session-type>Stateless</session-type>
        <transaction-type>Container</transaction-type>
        <env-entry>
          <env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
          <env-entry-type>java.lang.String</env-entry-type>
          <env-entry-value>0</env-entry-value>
        </env-entry>      
        <security-role-ref>
          <description>
            Application Users
          </description>
          <role-name>maximouser</role-name>
          <role-link>maximouser</role-link>
        </security-role-ref>
      </session>

    Client programs call the secure version of the enterprise bean methods for each service type:

    • Enterprise service: secureProcessExtnernalDataAsync(..) , secureProcessExtnernalDataSync(..)
    • Object structure service: secureProcessMOS(..)
    • Standard service: secureAction(..)
  2. To create a secure context for calling the enterprise bean, perform either one of the following tasks:
    • Add the following code to to the client code:
      Properties env = new Properties();
      .
      .
      .
      if(userid != null && password != null)
      {
      env.put(Context.SECURITY_CREDENTIALS, password);
      env.put(Context.SECURITY_PRINCIPAL, userid);
      }
      
      Context ctx = new IntialContext(env); 
      //instead of using the default IntialContext() constructor
    • Use the default InitalContext constructor to pass the security information through –D parameters in the .bat/.sh script that launches the client:
      –Djava.naming.security.principal=<username>
      –Djava.naming.security.credentials=<password> 

      The SSL version of the Internet Inter-ORB protocol performs data encryption in the provider URL, while the system communicates with the enterprise bean.



Feedback