geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r279718 - in /geronimo/trunk/modules/assembly: maven.xml src/plan/j2ee-client-corba-plan.xml src/plan/j2ee-server-corba-plan.xml
Date Fri, 09 Sep 2005 06:46:12 GMT
Author: djencks
Date: Thu Sep  8 23:46:08 2005
New Revision: 279718

URL: http://svn.apache.org/viewcvs?rev=279718&view=rev
Log:
add corba setup with lots of sample security choices

Added:
    geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml
    geronimo/trunk/modules/assembly/src/plan/j2ee-server-corba-plan.xml
Modified:
    geronimo/trunk/modules/assembly/maven.xml

Modified: geronimo/trunk/modules/assembly/maven.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/maven.xml?rev=279718&r1=279717&r2=279718&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/maven.xml (original)
+++ geronimo/trunk/modules/assembly/maven.xml Thu Sep  8 23:46:08 2005
@@ -266,8 +266,13 @@
         <j:set var="PlanOpenEJBPort" value="4201"/>
         <j:set var="PlanClientAddresses" value="127.0.0.1"/>
         <j:set var="PlanIIOPPort" value="9000"/>
-        <j:set var="PlanORBPort" value="2001"/>
+        <j:set var="PlanCOSNamingHost" value="localhost"/>
         <j:set var="PlanCOSNamingPort" value="1050"/>
+        <!-- why aren't these used? -->
+<!--        <j:set var="PlanORBHost" value="0.0.0.0"/>-->
+<!--        <j:set var="PlanORBPort" value="2001"/>-->
+        <j:set var="PlanORBSSLHost" value="0.0.0.0"/>
+        <j:set var="PlanORBSSLPort" value="2001"/>
         <j:set var="PlanActiveMQPort" value="61616"/>
         <j:set var="PlanDerbyPort" value="1527"/>
         <j:set var="PlanRemoteLoginPort" value="4242"/>
@@ -506,6 +511,21 @@
             <!--                password="manager"-->
             <!--                plan="${basedir}/target/plan/j2ee-tomcat-plan.xml"-->
             <!--            />-->
+
+            <!-- building server corba configuration-->
+            <deploy:distribute
+                uri="deployer:geronimo:jmx:rmi://localhost/jndi/rmi:/JMXConnector"
+                username="system"
+                password="manager"
+                plan="${basedir}/target/plan/j2ee-server-corba-plan.xml"
+                />
+            <!-- building app client corba configuration-->
+            <deploy:distribute
+                uri="deployer:geronimo:jmx:rmi://localhost/jndi/rmi:/JMXConnector"
+                username="system"
+                password="manager"
+                plan="${basedir}/target/plan/j2ee-client-corba-plan.xml"
+                />
 
 
             <!-- building tranql connector default database configuration-->

Added: geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml?rev=279718&view=auto
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml (added)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml Thu Sep  8 23:46:08
2005
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright 2004 The Apache Software Foundation
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev: 46040 $ $Date: 2004-09-14 14:28:44 -0700 (Tue, 14 Sep 2004) $ -->
+
+<!--
+CSSBean examples for app client
+-->
+<configuration
+    xmlns="http://geronimo.apache.org/xml/ns/deployment"
+    parentId="org/apache/geronimo/Client"
+    configId="org/apache/geronimo/ClientCorba"
+    >
+
+    <gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Client</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Client</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLClientCert</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality EstablishTrustInClient</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTAbsent/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLClientPassword" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Client</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Client</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLClientPassword</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:GSSUPStatic username="j2ee" password="j2ee" domain="default"
/>
+                        <css:sasMech>
+                            <css:ITTAbsent/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Client</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Client</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLIdentityTokenPrincipal</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-properties-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLIdentityTokenCert" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Client</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Client</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLIdentityTokenCert</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-cert-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Client</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Client</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">NoSecurity</attribute>
+        <attribute name="cssArgs"></attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+</configuration>
\ No newline at end of file

Added: geronimo/trunk/modules/assembly/src/plan/j2ee-server-corba-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-server-corba-plan.xml?rev=279718&view=auto
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-server-corba-plan.xml (added)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-server-corba-plan.xml Thu Sep  8 23:46:08
2005
@@ -0,0 +1,516 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright 2004-2005 The Apache Software Foundation
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!-- $Rev: 46040 $ $Date: 2004-09-14 14:28:44 -0700 (Tue, 14 Sep 2004) $ -->
+
+<!--
+Configuration for corba on a Geronimo serverl, including client and target security examples.
+
+-->
+<configuration
+    xmlns="http://geronimo.apache.org/xml/ns/deployment"
+    configId="org/apache/geronimo/ServerCORBA"
+    parentId="org/apache/geronimo/Server"
+    >
+
+    <!-- CORBA -->
+    <gbean name="DynamicORBStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader"/>
+
+    <gbean name="NameServer" class="org.openejb.corba.SunNameService">
+        <reference name="ServerInfo">
+            <module>org/apache/geronimo/System</module>
+            <name>ServerInfo</name>
+        </reference>
+        <attribute name="dbDir">var/cosnaming.db</attribute>
+        <attribute name="port">${PlanCOSNamingPort}</attribute>
+    </gbean>
+
+    <!-- connections require SSL, no client cert, client logs in with password, no identity
token -->
+    <gbean name="Server" class="org.openejb.corba.CORBABean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="NameService">
+            <name>NameServer</name>
+        </reference>
+        <reference name="SecurityService">
+            <module>*</module>
+            <name>SecurityService</name>
+        </reference>
+        <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+                    <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
+                    <tss:requires>Integrity Confidentiality</tss:requires>
+                </tss:SSL>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:GSSUP required="true" targetName="default"/>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAbsent/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLClientCert" class="org.openejb.corba.TSSBean">
+        <attribute name="POAName">SSLClientCert</attribute>
+        <reference name="Server">
+            <name>Server</name>
+        </reference>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+                    <tss:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</tss:supports>
+                    <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
+                </tss:SSL>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAbsent/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLClientPassword" class="org.openejb.corba.TSSBean">
+        <attribute name="POAName">SSLClientPassword</attribute>
+        <reference name="Server">
+            <name>Server</name>
+        </reference>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+                    <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
+                    <tss:requires>Integrity Confidentiality</tss:requires>
+                </tss:SSL>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:GSSUP required="true" targetName="default"/>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAbsent/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLIdentityToken" class="org.openejb.corba.TSSBean">
+        <attribute name="POAName">SSLIdentityToken</attribute>
+        <reference name="Server">
+            <name>Server</name>
+        </reference>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+                    <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
+                    <tss:requires>Integrity Confidentiality</tss:requires>
+                </tss:SSL>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAnonymous/>
+                                <tss:ITTPrincipalNameGSSUP realm-name="cts-properties-realm"/>
+                                <tss:ITTDistinguishedName realm-name="cts-properties-realm"/>
+                                <tss:ITTX509CertChain realm-name="cts-properties-realm"/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <!-- orb with no security whatsoever -->
+    <gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="NameService">
+            <name>NameServer</name>
+        </reference>
+        <reference name="SecurityService">
+            <module>*</module>
+            <name>SecurityService</name>
+        </reference>
+        <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:GSSUP required="true" targetName="default"/>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAbsent/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="IdentityTokenNoSecurity" class="org.openejb.corba.TSSBean">
+        <attribute name="POAName">IdentityTokenNoSecurity</attribute>
+        <reference name="Server">
+            <name>UnprotectedServer</name>
+        </reference>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="cts-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAnonymous/>
+                                <tss:ITTPrincipalNameGSSUP realm-name="cts-properties-realm"/>
+                                <tss:ITTDistinguishedName realm-name="cts-properties-realm"/>
+                                <tss:ITTX509CertChain realm-name="cts-properties-realm"/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLClientCertIdentityToken" class="org.openejb.corba.TSSBean">
+        <attribute name="POAName">SSLClientCertIdentityToken</attribute>
+        <reference name="Server">
+            <name>Server</name>
+        </reference>
+        <xml-attribute name="tssConfig">
+            <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config_1_0" xmlns:sec="http://geronimo.apache.org/xml/ns/security">
+                <tss:default-principal realm-name="public-properties-realm">
+                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest"/>
+                </tss:default-principal>
+                <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+                    <tss:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</tss:supports>
+                    <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
+                </tss:SSL>
+                <tss:compoundSecMechTypeList>
+                    <tss:compoundSecMech>
+                        <tss:sasMech>
+                            <tss:identityTokenTypes>
+                                <tss:ITTAnonymous/>
+                                <tss:ITTPrincipalNameGSSUP realm-name="cts-properties-realm"/>
+                                <tss:ITTDistinguishedName realm-name="cts-properties-realm"/>
+                                <tss:ITTX509CertChain realm-name="cts-properties-realm"/>
+                            </tss:identityTokenTypes>
+                        </tss:sasMech>
+                    </tss:compoundSecMech>
+                </tss:compoundSecMechTypeList>
+            </tss:tss>
+        </xml-attribute>
+    </gbean>
+
+    <!--CSS beans for client security.  These specify what the client is willing to provide
-->
+    <gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLClientCert</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality EstablishTrustInClient</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTAbsent/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLClientPassword" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLClientPassword</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:GSSUPStatic username="j2ee" password="j2ee" domain="default"/>
+                        <css:sasMech>
+                            <css:ITTAbsent/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLIdentityTokenPrincipal</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-properties-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="SSLIdentityTokenCert" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">SSLIdentityTokenCert</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
+                            <css:requires>Integrity Confidentiality</css:requires>
+                        </css:SSL>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-cert-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="NoSecurityIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">NoSecurityIdentityTokenPrincipal</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-properties-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="NoSecurityIdentityTokenCert" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">NoSecurityIdentityTokenCert</attribute>
+        <xml-attribute name="nssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:sasMech>
+                            <css:ITTPrincipalNameDynamic domain="cts-cert-realm"/>
+                        </css:sasMech>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+    <gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
+        <reference name="ThreadPool">
+            <module>org/apache/geronimo/Server</module>
+            <name>DefaultThreadPool</name>
+        </reference>
+        <reference name="TransactionContextManager">
+            <module>org/apache/geronimo/Server</module>
+            <name>TransactionContextManager</name>
+        </reference>
+        <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
+        <attribute name="description">NoSecurity</attribute>
+        <attribute name="cssArgs"></attribute>
+        <xml-attribute name="cssConfig">
+            <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config_1_0">
+                <css:compoundSecMechTypeList>
+                    <css:compoundSecMech>
+                        <css:SSL>
+                            <css:supports>Integrity Confidentiality EstablishTrustInTarget
EstablishTrustInClient</css:supports>
+                            <css:requires></css:requires>
+                        </css:SSL>
+                    </css:compoundSecMech>
+                </css:compoundSecMechTypeList>
+            </css:css>
+        </xml-attribute>
+    </gbean>
+
+</configuration>



Mime
View raw message