Table of Contents
Advertisement
HTTP Servlet
Securing the HTTP Servlet
Security
Client programs call the secure version of the enterprise bean methods for
each service type:
Enterprise Service: secureProcessExtnernalDataAsync(..) ,
secureProcessExtnernalDataSync(..)
Object Structure Service: secureProcessMOS(..)
Standard Service: secureAction(..)
2
To create a secure context for invoking the enterprise bean, do either one of
the following procedures:
Add the following sample code to the client code:
Properties env = new Properties();
.
.
.
if(userid != null && password != null)
{
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.SECURITY_PRINCIPAL, userid);
}
Context ctx = new IntialContext(env);
//instead of using the default IntialContext() constructor
Use the default InitalContext constructor to pass the security information
through the –D parameters in the .bat/.sh script that launches the client.
–Djava.naming.security.principal=<username>
–Djava.naming.security.credentials=<password>
The SSL version of Internet Inter-ORB Protocol performs data encryption in the
provider URL, while the system communicates with the enterprise bean.
The HTTP servlet is a J2EE component that handles inbound HTTP posts to the
system integration and follows the J2EE security principles. To secure the HTTP
servlet, you first secure the enterprise bean.
You can use HTTP basic authentication to secure the HTTP servlet. Authorized
users, with a valid user name and password can post an XML transaction to the
system.
To enable HTTP basic authentication, modify the web.xml file of the Web
application:
1
Remove the comments from the <security-constraint> section of the
integration servlets. One per service type. There are three security-constraint
HTTP Servlet
181
- Quick Links:
- Enterprise Services
Hide quick links:
Advertisement
Table of Contents
