Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 14. ORB Configuration

Common Object Request Broker Architecture (CORBA) is a standard that enables applications and services to work together even when they are written in multiple, otherwise-incompatible, languages or hosted on separate platforms. CORBA requests are brokered by a server-side component called an Object Request Broker (ORB). JBoss EAP provides an ORB instance, by means of the Open JDK ORB component.

The ORB is used internally for Java Transaction Service (JTS) transactions, and is also available for use by your own applications.

14.2. Configure the ORB for JTS Transactions
Copy link

In a default installation of JBoss EAP, the ORB support for transactions is disabled. You can configure ORB settings in the iiop-openjdk subsystem using the management CLI or the management console.

Note

The iiop-openjdk subsystem is available when using the full or full-ha profile in a managed domain, or the standalone-full.xml or standalone-full-ha.xml configuration file for a standalone server.

For a listing of the available configuration options for the iiop-openjdk subsystem, see IIOP Subsystem Attributes.

Configure the ORB Using the Management CLI

You can configure each aspect of the ORB using the management CLI. This is the minimum configuration for the ORB to be used with JTS.

The following management CLI commands are configured for a managed domain using the full profile. If necessary, change the profile to suit the one you need to configure. If you are using a standalone server, omit the /profile=full portion of the commands.

Enable the Security Interceptors

Enable the security attribute by setting the value to identity. 

/profile=full/subsystem=iiop-openjdk:write-attribute(name=security,value=identity)
Copy to Clipboard Toggle word wrap
Enable Transactions in the IIOP Subsystem

To enable the ORB for JTS, set the value of transactions attribute to full, rather than the default spec. 

/profile=full/subsystem=iiop-openjdk:write-attribute(name=transactions, value=full)
Copy to Clipboard Toggle word wrap
Enable JTS in the Transactions Subsystem
/profile=full/subsystem=transactions:write-attribute(name=jts,value=true)
Copy to Clipboard Toggle word wrap
Note

For JTS activation, the server must be restarted as reload is not enough.

Configure the ORB Using the Management Console

  1. Select the Configuration tab from the top of the management console.
  2. Select Subsystems. In a managed domain, you will need to select the appropriate profile first.
  3. Select the IIOP subsystem and click View.
  4. Click the Edit button and modify the attributes as needed. Click on the Need Help? link for detailed explanations of each field.
  5. Click Save to save the changes.

You can configure the iiop-openjdk subsystem to use SSL/TLS to secure communication between clients and servers. The elytron subsystem, as well as the legacy security subsystem, provide the necessary components for configuring SSL/TLS for the iiop-openjdk subsystem as well as other subsystems within JBoss EAP. Use the following steps to configure the iiop-openjdk subsystem to use the elytron subsystem for SSL/TLS.

  1. Use the following management CLI command to display the current legacy SSL/TLS configuration in the iiop-openjdk subsystem. 

    /subsystem=iiop-openjdk:read-attribute(name=security-domain)
{
    "outcome" => "success",
    "result" => "iiopSSLSecurityDomain"
}
    Copy to Clipboard Toggle word wrap

    The iiop-openjdk subsystem must use either the legacy security subsystem or the elytron subsystem for SSL/TLS. You cannot use both at the same time. The above command shows the iiop-openjdk subsystem is using a legacy security domain for handling SSL/TLS. Before you can configure the iiop-openjdk subsystem to use the elytron subsystem for SSL/TLS, you need to remove this reference: 

    /subsystem=iiop-openjdk:undefine-attribute(name=security-realm)
    Copy to Clipboard Toggle word wrap

    If the security-domain attribute in the iiop-openjdk is not defined, you can proceed to the next step.

  2. Create a server-ssl-context.

    To use SSL/TLS with the iiop-openjdk subsystem, you need to define a server-ssl-context. JBoss EAP uses the configuration provided by the server-ssl-context when making an SSL/TLS connection as a server. You can find more details on creating a server-ssl-context in Enable One-way SSL/TLS for Applications using the Elytron Subsystem in How to Configure Server Security guide.

  3. Create a client-ssl-context.

    To use SSL/TLS with the iiop-openjdk subsystem, you need to define a client-ssl-context. JBoss EAP uses the configuration provided by the client-ssl-context when making an SSL/TLS connection as a client. You can find more details on creating a client-ssl-context in Using a client-ssl-context in the How to Configure Server Security guide.

  4. Configure the iiop-openjdk subsystem to use the client-ssl-context and server-ssl-context.

    Example: Setting client-ssl-context and server-ssl-context

    batch

/subsystem=iiop-openjdk:write-attribute(name=client-ssl-context,value=iiopClientSSC)

/subsystem=iiop-openjdk:write-attribute(name=server-ssl-context,value=iiopServerSSC)

run-batch

reload
    Copy to Clipboard Toggle word wrap

  5. Configure the connection to and from the iiop-openjdk subsystem.

    You can indicate whether or not SSL/TLS connections are required when connecting to and from the iiop-openjdk subsystem by adjusting the following attributes:

    • To enable support for SSL in the iiop-openjdk subsystem, set support-ssl to true. Defaults to false.
    • To require SSL/TLS connections from the iiop-openjdk subsystem, set client-requires-ssl to true. Defaults to false.
    • To require SSL/TLS connections to the iiop-openjdk subsystem, set server-requires-ssl to true. Defaults to false.
    • To adjust the socket-binding, set ssl-socket-binding to the desired binding. Defaults to iiop-ssl.

    Example: Setting SSL/TLS Connections to and from IIOP as Required

    /subsystem=iiop-openjdk:write-attribute(name=support-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=client-requires-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=server-requires-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=ssl-socket-binding,value=iiop-ssl)

reload
    Copy to Clipboard Toggle word wrap

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat