IBM BJ0NJML Integration Guide - Page 195

HTTP Servlet Client programs call the secure version of the enterprise bean methods for each service type: T Enterprise Service: secureProcessExtnernalDataAsync(..) , secureProcessExtnernalDataSync(..) T Object Structure Service: secureProcessMOS(..) T Standard Service: secureAction(..) 2 To create a secure context for invoking the enterprise bean, do either one of the following procedures: T Add the following sample code to the client code: Properties env = new Properties(); . . . if(userid != null && password != null) { env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_PRINCIPAL, userid); } Context ctx = new IntialContext(env); //instead of using the default IntialContext() constructor T Use the default InitalContext constructor to pass the security information through the -D parameters in the .bat/.sh script that launches the client. -Djava.naming.security.principal= -Djava.naming.security.credentials= The SSL version of Internet Inter-ORB Protocol performs data encryption in the provider URL, while the system communicates with the enterprise bean. HTTP Servlet The HTTP servlet is a J2EE component that handles inbound HTTP posts to the system integration and follows the J2EE security principles. To secure the HTTP servlet, you first secure the enterprise bean. Securing the HTTP Servlet Security You can use HTTP basic authentication to secure the HTTP servlet. Authorized users, with a valid user name and password can post an XML transaction to the system. To enable HTTP basic authentication, modify the web.xml file of the Web application: 1 Remove the comments from the section of the integration servlets. One per service type. There are three security-constraint 181