Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 13. ORB configuration

This chapter guides you through configuring the Object Request Broker (ORB) to support Java Transaction Service (JTS) and ensure secure communications via SSL/TLS in JBoss EAP.

13.1. Understanding Common Object Request Broker Architecture (CORBA)

Common Object Request Broker Architecture (CORBA) is a standard that allows applications and services to interoperate across different programming languages and platforms through a component called the Object Request Broker (ORB). JBoss EAP provides an ORB instance, by means of the Open JDK ORB component.

The ORB is used internally for JTS transactions, and is also available for use by your own applications.

Note

The Object Transaction Service (OTS) is a cross-platform service that forms part of CORBA. The OTS specification is maintained by the Object Management Group. JTS is a specification for building a transaction manager, and JTS was designed based on the OTS specification.

Additional resources

13.2. Configuring the ORB for JTS using the management CLI and management console

This section provides steps to configure the Object Request Broker (ORB) for Java Transaction Service (JTS) using both the management CLI and management console in JBoss EAP. Configuring the ORB ensures robust transactional capabilities for distributed environments.

Prerequisites

  • You have installed JBoss EAP.
  • You have access to the management CLI and the management console with administrative privileges.
Procedure

You can use this procedure in standalone or domain mode. If you decide to use standalone mode, then please do not use the profile=full prefix and use standalone-full.xml configuration.

  1. Enable security interceptors:

    Using the management CLI, execute the following command to set the security attribute to identity:

    Copy to Clipboard Toggle word wrap 
    /profile=full/subsystem=iiop-openjdk:write-attribute(name=security,value=identity)

    Alternatively, using the management console:

    • Navigate to the Configuration tab.
    • Select Subsystems IIOP (OpenJDK) View.
    • Click Edit, modify the attributes as needed, and click Save.

  2. Enable transactions in the IIOP subsystem:

    To enable ORB for JTS, set the transactions attribute to full using the CLI:

    Copy to Clipboard Toggle word wrap 
    /profile=full/subsystem=iiop-openjdk:write-attribute(name=transactions,value=full)

    In the management console:

    • Navigate to Subsystems IIOP (OpenJDK) View.
    • Click Edit, modify the attributes as needed, and click Save.

  3. Enable JTS in the Transactions subsystem:

    Using the CLI, set the jts attribute to true:

    Copy to Clipboard Toggle word wrap 
    /profile=full/subsystem=transactions:write-attribute(name=jts,value=true)

    In the management console:

    • Navigate to Subsystems Transactions View.
    • Click Edit, modify the attributes as needed, and click Save.

  4. Restart the server:

    A full server restart is required to activate JTS, as a simple reload is insufficient.

Verification

  • Verify the configuration using the CLI by reading the attribute settings:

    Copy to Clipboard Toggle word wrap 
    /profile=full/subsystem=iiop-openjdk:read-resource
  • Alternatively, check the updated attributes in the management console after the server restart.

13.3. Configuring IIOP to use SSL/TLS

You can configure the iiop-openjdk subsystem to use SSL/TLS for secure communication between clients and servers. The steps below outline how to configure SSL/TLS for the IIOP subsystem.

Prerequisites

  • You have installed JBoss EAP.
  • You have access to the management CLI or management console with administrative privileges.

Procedure

  1. Create a server-ssl-context:

    Copy to Clipboard Toggle word wrap 
    /subsystem=elytron/server-ssl-context=<server-ssl-context_name>:add(key-manager=<key-manager_name>, protocols=<list_of_protocols>)

    For a working example of creating a server-ssl-context, please refer to the latest JBoss EAP security guide: Configuring SSL/TLS in JBoss EAP guide.

    To use SSL/TLS with the iiop-openjdk subsystem, you need to define a server-ssl-context. JBoss EAP uses the configuration provided by the server-ssl-context when making an SSL/TLS connection as a server. You can find more information about server-ssl-context attributes in the Configuring SSL/TLS in JBoss EAP guide.

  2. Create a client-ssl-context. For example:

    Copy to Clipboard Toggle word wrap 
    /subsystem=elytron/client-ssl-context=exampleCSC:add(key-manager=applicationKM, protocols=["TLSv1.2"])

    To use SSL/TLS with the iiop-openjdk subsystem, you need to define a client-ssl-context. JBoss EAP uses the configuration provided by the client-ssl-context when making an SSL/TLS connection as a client. You can find more details on creating a client-ssl-context in Using a client-ssl-context in the How to Configure Server Security guide.

    Note

    Please note that this link directs you to the JBoss EAP security guide for JBoss EAP 7.4. We are currently in the process of updating the documentation for Red Hat JBoss Enterprise Application Platform 8.0. This link will be updated once the new documentation is complete.

  3. Configure the iiop-openjdk subsystem to use the client-ssl-context and server-ssl-context.

    Example: Setting client-ssl-context and server-ssl-context

    Copy to Clipboard Toggle word wrap 
    batch

/subsystem=iiop-openjdk:write-attribute(name=client-ssl-context,value=iiopClientSSC)

/subsystem=iiop-openjdk:write-attribute(name=server-ssl-context,value=iiopServerSSC)

run-batch

reload

  4. Configure the connection to and from the iiop-openjdk subsystem.

    You can indicate whether or not SSL/TLS connections are required when connecting to and from the iiop-openjdk subsystem by adjusting the following attributes:

    • To enable support for SSL in the iiop-openjdk subsystem, set support-ssl to true. Defaults to false.
    • To require SSL/TLS connections from the iiop-openjdk subsystem, set client-requires-ssl to true. Defaults to false.
    • To require SSL/TLS connections to the iiop-openjdk subsystem, set server-requires-ssl to true. Defaults to false. Note that setting this to true will block attempts to connect to the non-SSL IIOP socket.
    • To adjust the socket-binding, set ssl-socket-binding to the desired binding. Defaults to iiop-ssl.

    Example: Setting SSL/TLS Connections to and from IIOP as Required

    Copy to Clipboard Toggle word wrap 
    /subsystem=iiop-openjdk:write-attribute(name=support-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=client-requires-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=server-requires-ssl,value=true)

/subsystem=iiop-openjdk:write-attribute(name=ssl-socket-binding,value=iiop-ssl)

reload

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.