configs/j2ee-corba/src/plan/plan.xml - geronimo - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--

     Copyright 2004-2005 The Apache Software Foundation

     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->

 <!-- $Rev$ $Date$ -->

 <!--
 Configuration for corba on a Geronimo server, including client and target security examples.
 -->
 <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">

     <gbean name="CORBASystemProperties" class="org.apache.geronimo.system.properties.SystemProperties">
         <attribute name="systemProperties">
             javax.rmi.CORBA.UtilClass=org.openejb.corba.util.UtilDelegateImpl
             org.openejb.corba.UtilDelegateClass=com.sun.corba.se.internal.POA.ShutdownUtilDelegate
             org.omg.CORBA.ORBSingletonClass=com.sun.corba.se.internal.corba.ORBSingleton
             org.omg.CORBA.ORBClass=org.openejb.corba.sunorb.OpenEJBORB
             javax.rmi.CORBA.PortableRemoteObjectClass=com.sun.corba.se.internal.javax.rmi.PortableRemoteObject
             javax.net.ssl.keyStorePassword=secret
             javax.net.ssl.trustStorePassword=secret
         </attribute>
         <attribute name="systemPathProperties">
             javax.net.ssl.keyStore=var/security/keystores/geronimo-default
             javax.net.ssl.trustStore=var/security/keystores/geronimo-default
         </attribute>

         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>
     </gbean>


     <!-- CORBA -->
     <gbean name="DynamicORBStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader">
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="NameServer" class="org.openejb.corba.SunNameService">
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>
         <attribute name="dbDir">var/cosnaming.db</attribute>
         <attribute name="port">${PlanCOSNamingPort}</attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <!-- connections require SSL, no client cert, client logs in with password, no identity token -->
     <gbean name="Server" class="org.openejb.corba.CORBABean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
                     <tss:requires>Integrity Confidentiality</tss:requires>
                 </tss:SSL>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:GSSUP required="true" targetName="default"/>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAbsent/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
         <dependency>
             <name>NameServer</name>
         </dependency>
         <dependency>
             <name>SecurityService</name>
         </dependency>
     </gbean>

     <!-- orb with no security whatsoever -->
     <gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:GSSUP required="true" targetName="default"/>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAbsent/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <type>CORBABean</type>
             <name>Server</name>
         </dependency>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
         <dependency>
             <name>NameServer</name>
         </dependency>
         <dependency>
             <name>SecurityService</name>
         </dependency>
     </gbean>

 <!-- tss bean examples, specify requirements for connection to orb.  Provide a ref in an ejb -->
     <!--
     <gbean name="SSLClientCert" class="org.openejb.corba.TSSBean">
         <attribute name="POAName">SSLClientCert</attribute>
         <reference name="Server">
             <name>Server</name>
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
                     <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
                 </tss:SSL>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAbsent/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
     </gbean>

     <gbean name="SSLClientPassword" class="org.openejb.corba.TSSBean">
         <attribute name="POAName">SSLClientPassword</attribute>
         <reference name="Server">
             <name>Server</name>
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
                     <tss:requires>Integrity Confidentiality</tss:requires>
                 </tss:SSL>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:GSSUP required="true" targetName="default"/>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAbsent/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="SSLIdentityToken" class="org.openejb.corba.TSSBean">
         <attribute name="POAName">SSLIdentityToken</attribute>
         <reference name="Server">
             <name>Server</name>
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
                     <tss:requires>Integrity Confidentiality</tss:requires>
                 </tss:SSL>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAnonymous/>
                                 <tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                                 <tss:ITTDistinguishedName/>
                                 <tss:ITTX509CertChain/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="IdentityTokenNoSecurity" class="org.openejb.corba.TSSBean">
         <attribute name="POAName">IdentityTokenNoSecurity</attribute>
         <reference name="Server">
             <name>UnprotectedServer</name>
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAnonymous/>
                                 <tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                                 <tss:ITTDistinguishedName/>
                                 <tss:ITTX509CertChain/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="SSLClientCertIdentityToken" class="org.openejb.corba.TSSBean">
         <attribute name="POAName">SSLClientCertIdentityToken</attribute>
         <reference name="Server">
             <name>Server</name>
         </reference>
         <xml-attribute name="tssConfig">
             <tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
                 <tss:default-principal>
                     <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
                 </tss:default-principal>
                 <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
                     <tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
                     <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
                 </tss:SSL>
                 <tss:compoundSecMechTypeList>
                     <tss:compoundSecMech>
                         <tss:sasMech>
                             <tss:identityTokenTypes>
                                 <tss:ITTAnonymous/>
                                 <tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                                 <tss:ITTDistinguishedName/>
                                 <tss:ITTX509CertChain/>
                             </tss:identityTokenTypes>
                         </tss:sasMech>
                     </tss:compoundSecMech>
                 </tss:compoundSecMechTypeList>
             </tss:tss>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>
 -->
     <!--CSS beans for client security.  These specify what the client is willing to provide -->
     <!--
     <gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">SSLClientCert</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires>Integrity Confidentiality EstablishTrustInClient</css:requires>
                         </css:SSL>
                         <css:sasMech>
                             <css:ITTAbsent/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="SSLClientPassword" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">SSLClientPassword</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
                             <css:requires>Integrity Confidentiality</css:requires>
                         </css:SSL>
                         <css:GSSUPStatic username="j2ee" password="j2ee" domain="default"/>
                         <css:sasMech>
                             <css:ITTAbsent/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="SSLIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">SSLIdentityTokenPrincipal</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
                             <css:requires>Integrity Confidentiality</css:requires>
                         </css:SSL>
                         <css:sasMech>
                             <css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="SSLIdentityTokenCert" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">SSLIdentityTokenCert</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
                             <css:requires>Integrity Confidentiality</css:requires>
                         </css:SSL>
                         <css:sasMech>
                             <css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="NoSecurityIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">NoSecurityIdentityTokenPrincipal</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:sasMech>
                             <css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="NoSecurityIdentityTokenCert" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">NoSecurityIdentityTokenCert</attribute>
         <xml-attribute name="nssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:sasMech>
                             <css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
                         </css:sasMech>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>

     <gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
         <reference name="ThreadPool">
             <name>DefaultThreadPool</name>
         </reference>
         <reference name="TransactionContextManager">
             <name>TransactionContextManager</name>
         </reference>
         <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
         <attribute name="description">NoSecurity</attribute>
         <attribute name="cssArgs"></attribute>
         <xml-attribute name="cssConfig">
             <css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
                 <css:compoundSecMechTypeList>
                     <css:compoundSecMech>
                         <css:SSL>
                             <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
                             <css:requires></css:requires>
                         </css:SSL>
                     </css:compoundSecMech>
                 </css:compoundSecMechTypeList>
             </css:css>
         </xml-attribute>
         <dependency>
             <name>SystemProperties</name>
         </dependency>
     </gbean>
 -->
 </module>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--

	Copyright 2004-2005 The Apache Software Foundation

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<!-- $Rev$ $Date$ -->

	<!--
	Configuration for corba on a Geronimo server, including client and target security examples.
	-->
	<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">

	<gbean name="CORBASystemProperties" class="org.apache.geronimo.system.properties.SystemProperties">
	<attribute name="systemProperties">
	javax.rmi.CORBA.UtilClass=org.openejb.corba.util.UtilDelegateImpl
	org.openejb.corba.UtilDelegateClass=com.sun.corba.se.internal.POA.ShutdownUtilDelegate
	org.omg.CORBA.ORBSingletonClass=com.sun.corba.se.internal.corba.ORBSingleton
	org.omg.CORBA.ORBClass=org.openejb.corba.sunorb.OpenEJBORB
	javax.rmi.CORBA.PortableRemoteObjectClass=com.sun.corba.se.internal.javax.rmi.PortableRemoteObject
	javax.net.ssl.keyStorePassword=secret
	javax.net.ssl.trustStorePassword=secret
	</attribute>
	<attribute name="systemPathProperties">
	javax.net.ssl.keyStore=var/security/keystores/geronimo-default
	javax.net.ssl.trustStore=var/security/keystores/geronimo-default
	</attribute>

	<reference name="ServerInfo">
	<name>ServerInfo</name>
	</reference>
	</gbean>


	<!-- CORBA -->
	<gbean name="DynamicORBStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader">
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="NameServer" class="org.openejb.corba.SunNameService">
	<reference name="ServerInfo">
	<name>ServerInfo</name>
	</reference>
	<attribute name="dbDir">var/cosnaming.db</attribute>
	<attribute name="port">${PlanCOSNamingPort}</attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<!-- connections require SSL, no client cert, client logs in with password, no identity token -->
	<gbean name="Server" class="org.openejb.corba.CORBABean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
	<tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
	<tss:requires>Integrity Confidentiality</tss:requires>
	</tss:SSL>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:GSSUP required="true" targetName="default"/>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAbsent/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	<dependency>
	<name>NameServer</name>
	</dependency>
	<dependency>
	<name>SecurityService</name>
	</dependency>
	</gbean>

	<!-- orb with no security whatsoever -->
	<gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:GSSUP required="true" targetName="default"/>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAbsent/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<type>CORBABean</type>
	<name>Server</name>
	</dependency>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	<dependency>
	<name>NameServer</name>
	</dependency>
	<dependency>
	<name>SecurityService</name>
	</dependency>
	</gbean>

	<!-- tss bean examples, specify requirements for connection to orb. Provide a ref in an ejb -->
	<!--
	<gbean name="SSLClientCert" class="org.openejb.corba.TSSBean">
	<attribute name="POAName">SSLClientCert</attribute>
	<reference name="Server">
	<name>Server</name>
	</reference>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
	<tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
	<tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
	</tss:SSL>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAbsent/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	</gbean>

	<gbean name="SSLClientPassword" class="org.openejb.corba.TSSBean">
	<attribute name="POAName">SSLClientPassword</attribute>
	<reference name="Server">
	<name>Server</name>
	</reference>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
	<tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
	<tss:requires>Integrity Confidentiality</tss:requires>
	</tss:SSL>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:GSSUP required="true" targetName="default"/>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAbsent/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="SSLIdentityToken" class="org.openejb.corba.TSSBean">
	<attribute name="POAName">SSLIdentityToken</attribute>
	<reference name="Server">
	<name>Server</name>
	</reference>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
	<tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
	<tss:requires>Integrity Confidentiality</tss:requires>
	</tss:SSL>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAnonymous/>
	<tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	<tss:ITTDistinguishedName/>
	<tss:ITTX509CertChain/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="IdentityTokenNoSecurity" class="org.openejb.corba.TSSBean">
	<attribute name="POAName">IdentityTokenNoSecurity</attribute>
	<reference name="Server">
	<name>UnprotectedServer</name>
	</reference>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAnonymous/>
	<tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	<tss:ITTDistinguishedName/>
	<tss:ITTX509CertChain/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="SSLClientCertIdentityToken" class="org.openejb.corba.TSSBean">
	<attribute name="POAName">SSLClientCertIdentityToken</attribute>
	<reference name="Server">
	<name>Server</name>
	</reference>
	<xml-attribute name="tssConfig">
	<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
	<tss:default-principal>
	<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
	</tss:default-principal>
	<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
	<tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
	<tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
	</tss:SSL>
	<tss:compoundSecMechTypeList>
	<tss:compoundSecMech>
	<tss:sasMech>
	<tss:identityTokenTypes>
	<tss:ITTAnonymous/>
	<tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	<tss:ITTDistinguishedName/>
	<tss:ITTX509CertChain/>
	</tss:identityTokenTypes>
	</tss:sasMech>
	</tss:compoundSecMech>
	</tss:compoundSecMechTypeList>
	</tss:tss>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>
	-->
	<!--CSS beans for client security. These specify what the client is willing to provide -->
	<!--
	<gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">SSLClientCert</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires>Integrity Confidentiality EstablishTrustInClient</css:requires>
	</css:SSL>
	<css:sasMech>
	<css:ITTAbsent/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="SSLClientPassword" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">SSLClientPassword</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
	<css:requires>Integrity Confidentiality</css:requires>
	</css:SSL>
	<css:GSSUPStatic username="j2ee" password="j2ee" domain="default"/>
	<css:sasMech>
	<css:ITTAbsent/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="SSLIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">SSLIdentityTokenPrincipal</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
	<css:requires>Integrity Confidentiality</css:requires>
	</css:SSL>
	<css:sasMech>
	<css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="SSLIdentityTokenCert" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">SSLIdentityTokenCert</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
	<css:requires>Integrity Confidentiality</css:requires>
	</css:SSL>
	<css:sasMech>
	<css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="NoSecurityIdentityTokenPrincipal" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">NoSecurityIdentityTokenPrincipal</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:sasMech>
	<css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="NoSecurityIdentityTokenCert" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">NoSecurityIdentityTokenCert</attribute>
	<xml-attribute name="nssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:sasMech>
	<css:ITTPrincipalNameDynamic principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
	</css:sasMech>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>

	<gbean name="NoSecurity" class="org.openejb.corba.CSSBean">
	<reference name="ThreadPool">
	<name>DefaultThreadPool</name>
	</reference>
	<reference name="TransactionContextManager">
	<name>TransactionContextManager</name>
	</reference>
	<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
	<attribute name="description">NoSecurity</attribute>
	<attribute name="cssArgs"></attribute>
	<xml-attribute name="cssConfig">
	<css:css xmlns:css="http://www.openejb.org/xml/ns/corba-css-config-2.0">
	<css:compoundSecMechTypeList>
	<css:compoundSecMech>
	<css:SSL>
	<css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
	<css:requires></css:requires>
	</css:SSL>
	</css:compoundSecMech>
	</css:compoundSecMechTypeList>
	</css:css>
	</xml-attribute>
	<dependency>
	<name>SystemProperties</name>
	</dependency>
	</gbean>
	-->
	</module>