Tim, Siddharth: Thanks for your comment.
I'd like to add something I just find:
In J2EE Blue Print(
http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/security/protecting_messages/index.html), regarding Integrity Mechanisms, it says :
Quote
In the J2EE architecture,....A Deployer must configure the containers involved in a call to implement integrity mechanisms. .... When integrity mechanisms are configured by the Deployer, the calling container must compute and attach a message signature to the call request, and verify the correspondence between the call response and the message signature attached to the call response. The called container must verify the correspondence between the call request and the attached message signature, and compute and attach a message signature to the call response.
Unquote
So, EJB container should be configurable to accept EJC client calls over SSL(RMI over SSL).
I could easily find codes sample from a client side that initiates JDNI lookup from a secured socket. But how is the EJB container side configured to accept incoming calls over SSL?
WebLogic has a IIOP Listener/Handler which can be configured to accept IIOP over SSL.
(
http://edocs.bea.com/wle/wle50/security/concepts.htm#1039095).
Oracle 9i has something similar
(
http://download-west.oracle.com/otndoc/oracle9i/901_doc/java.901/a90188/secure.htm#1011903)
Does this mean EJB container can be configured to accept client calls over SSL?
Please clarify it!
Thanks