红帽全球峰会此内容没有您所选择的语言版本。
Chapter 15. ORB Configuration
Common Object Request Broker Architecture (CORBA) is a standard that enables applications and services to work together even when they are written in multiple, otherwise-incompatible, languages or hosted on separate platforms. CORBA requests are brokered by a server-side component called an Object Request Broker (ORB). JBoss EAP provides an ORB instance, by means of the Open JDK ORB component.
The ORB is used internally for Java Transaction Service (JTS) transactions, and is also available for use by your own applications.
15.2. Configuring the ORB for JTS Transactions
In a default installation of JBoss EAP, the ORB support for transactions is disabled. You can configure ORB settings in the iiop-openjdk subsystem using the management CLI or the management console.
The iiop-openjdk subsystem is available when using the full or full-ha profile in a managed domain, or the standalone-full.xml or standalone-full-ha.xml configuration file for a standalone server.
For a listing of the available configuration options for the iiop-openjdk subsystem, see IIOP Subsystem Attributes.
Configure the ORB Using the Management CLI
You can configure each aspect of the ORB using the management CLI. This is the minimum configuration for the ORB to be used with JTS.
The following management CLI commands are configured for a managed domain using the full profile. If necessary, change the profile to suit the one you need to configure. If you are using a standalone server, omit the /profile=full portion of the commands.
Enable the Security Interceptors
Enable the security attribute by setting the value to identity.
/profile=full/subsystem=iiop-openjdk:write-attribute(name=security,value=identity)
/profile=full/subsystem=iiop-openjdk:write-attribute(name=security,value=identity)Enable Transactions in the IIOP Subsystem
To enable the ORB for JTS, set the value of transactions attribute to full, rather than the default spec.
/profile=full/subsystem=iiop-openjdk:write-attribute(name=transactions, value=full)
/profile=full/subsystem=iiop-openjdk:write-attribute(name=transactions, value=full)Enable JTS in the Transactions Subsystem
/profile=full/subsystem=transactions:write-attribute(name=jts,value=true)
/profile=full/subsystem=transactions:write-attribute(name=jts,value=true)For JTS activation, the server must be restarted as reload is not enough.
Configure the ORB Using the Management Console
- Select the Configuration tab from the top of the management console. In a managed domain, you must select the appropriate profile to modify.
-
Select Subsystems
IIOP (OpenJDK) and click View. - Click Edit and modify the attributes as needed.
- Click Save to save the changes.
You can configure the iiop-openjdk subsystem to use SSL/TLS to secure communication between clients and servers. The elytron subsystem, as well as the legacy security subsystem, provide the necessary components for configuring SSL/TLS for the iiop-openjdk subsystem as well as other subsystems within JBoss EAP. Use the following steps to configure the iiop-openjdk subsystem to use the elytron subsystem for SSL/TLS.
Use the following management CLI command to display the current legacy SSL/TLS configuration in the
iiop-openjdksubsystem./subsystem=iiop-openjdk:read-attribute(name=security-domain) { "outcome" => "success", "result" => "iiopSSLSecurityDomain" }/subsystem=iiop-openjdk:read-attribute(name=security-domain) { "outcome" => "success", "result" => "iiopSSLSecurityDomain" }Copy to Clipboard Copied! Toggle word wrap Toggle overflow The
iiop-openjdksubsystem must use either the legacysecuritysubsystem or theelytronsubsystem for SSL/TLS. You cannot use both at the same time. The above command shows theiiop-openjdksubsystem is using a legacy security domain for handling SSL/TLS. Before you can configure theiiop-openjdksubsystem to use theelytronsubsystem for SSL/TLS, you need to remove this reference:/subsystem=iiop-openjdk:undefine-attribute(name=security-realm)
/subsystem=iiop-openjdk:undefine-attribute(name=security-realm)Copy to Clipboard Copied! Toggle word wrap Toggle overflow If the
security-domainattribute in theiiop-openjdkis not defined, you can proceed to the next step.Create a
server-ssl-context.To use SSL/TLS with the
iiop-openjdksubsystem, you need to define aserver-ssl-context. JBoss EAP uses the configuration provided by theserver-ssl-contextwhen making an SSL/TLS connection as a server. You can find more details on creating aserver-ssl-contextin Enable One-way SSL/TLS for Applications using the Elytron Subsystem in How to Configure Server Security guide.Create a
client-ssl-context.To use SSL/TLS with the
iiop-openjdksubsystem, you need to define aclient-ssl-context. JBoss EAP uses the configuration provided by theclient-ssl-contextwhen making an SSL/TLS connection as a client. You can find more details on creating aclient-ssl-contextin Using a client-ssl-context in the How to Configure Server Security guide.Configure the
iiop-openjdksubsystem to use theclient-ssl-contextandserver-ssl-context.Example: Setting
client-ssl-contextandserver-ssl-contextCopy to Clipboard Copied! Toggle word wrap Toggle overflow Configure the connection to and from the
iiop-openjdksubsystem.You can indicate whether or not SSL/TLS connections are required when connecting to and from the
iiop-openjdksubsystem by adjusting the following attributes:-
To enable support for SSL in the
iiop-openjdksubsystem, setsupport-ssltotrue. Defaults tofalse. -
To require SSL/TLS connections from the
iiop-openjdksubsystem, setclient-requires-ssltotrue. Defaults tofalse. -
To require SSL/TLS connections to the
iiop-openjdksubsystem, setserver-requires-ssltotrue. Defaults tofalse. Note that setting this totruewill block attempts to connect to the non-SSL IIOP socket. -
To adjust the
socket-binding, setssl-socket-bindingto the desired binding. Defaults toiiop-ssl.
Example: Setting SSL/TLS Connections to and from IIOP as Required
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
To enable support for SSL in the
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}