FileDocCategorySizeDatePackage
CSIV2TaggedComponentInfo.javaAPI DocGlassfish v2 API27878Fri May 04 22:34:54 BST 2007com.sun.enterprise.iiop

CSIV2TaggedComponentInfo

public final class CSIV2TaggedComponentInfo extends Object
This is the class that manages the CSIV2 tagged component information in the IORs.
author
Vivek Nagar
author
Harpreet Singh
author
Ken Cavanaugh

Fields Summary
public static final int
SUPPORTED_IDENTITY_TOKEN_TYPES
private static final String
DEFAULT_REALM
private static final Logger
_logger
private static final TaggedComponent
NULL_TAGGED_COMPONENT
private String
_realm_name
private byte[]
_realm_name_bytes
private ORB
orb
private int
sslMutualAuthPort
Constructors Summary
public CSIV2TaggedComponentInfo(ORB orb)

 
       
	this.orb = orb;	
    
public CSIV2TaggedComponentInfo(ORB orb, int sslMutualAuthPort)

	this( orb ) ;
	this.sslMutualAuthPort = sslMutualAuthPort ;
    
Methods Summary
public booleanallMechanismsRequireSSL(java.util.Set iorDescSet)
This method determines if all the mechanisms defined in the CSIV2 CompoundSecMechList structure require protected invocations.

	int size = iorDescSet.size();
	if(size == 0) {
	    return false;
	}

	Iterator<EjbIORConfigurationDescriptor> itr = 
	    iorDescSet.iterator();

	for(int i = 0; i < size; i++) {
	    EjbIORConfigurationDescriptor iorDesc = itr.next();
            int target_requires = getTargetRequires(iorDesc);
	    if(target_requires == 0) {
		return false;
	    }
	}

	return true;
    
public com.sun.corba.ee.org.omg.CSIIOP.AS_ContextSeccreateASContextSec(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)
Create the AS layer context within a compound mechanism definition.

        AS_ContextSec asContext = null;
        int target_supports = 0;
        int target_requires = 0;
        byte[] client_authentication_mechanism = {};
        byte[] target_name = {} ;
        String authMethod  = null;
        boolean authMethodRequired = false;

        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP: Creating AS_Context");
        }

        // If AS_ContextSec is not required to be generated in an IOR,
        // then optimize the code by not generating and filling in fields that are
        // irrelevant.

        if (iorDesc != null) {
            authMethod = iorDesc.getAuthenticationMethod();
            authMethodRequired = iorDesc.isAuthMethodRequired();
	}

        if ((authMethod != null) && 
	    (authMethod.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))) {

            asContext = new AS_ContextSec((short)target_supports, 
		(short)target_requires, client_authentication_mechanism, 
		target_name);

            return asContext;
	}
            
        /** Functionality for Realm Per App
         * Try to get the realm from the descriptor, else fill in default
         */
        if(_realm_name == null){// realm name should be populated at this point
            if(iorDesc != null){
                _realm_name = iorDesc.getRealmName();
            }

            if(_realm_name == null){
                _realm_name = DEFAULT_REALM;
                if(_logger.isLoggable(Level.FINE)){
                    _logger.log(Level.FINE, "IIOP:AS_Context: Realm Name = null,"
                                + " setting default realm for logging in");
                }
            }
        }

        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP:AS_Context: Realm Name for login = "+
                        _realm_name);
        }
        _realm_name_bytes = _realm_name.getBytes();
        
        target_name = GSSUtils.createExportedName(
                               GSSUtils.GSSUP_MECH_OID,
		               _realm_name_bytes);

        target_supports = EstablishTrustInClient.value;

        if  (authMethodRequired){
            target_requires = EstablishTrustInClient.value;
        }

        client_authentication_mechanism = Utility.getMechanism();

        asContext = new AS_ContextSec((short)target_supports,
                                        (short)target_requires,
                                        client_authentication_mechanism,
                                        target_name);

        return asContext;
    
private org.omg.IOP.TaggedComponentcreateCompoundSecMechListComponent(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] mechList)


 	CDROutputStream out = (CDROutputStream) orb.create_output_stream();
	out.putEndian();

	boolean stateful = false; 
	CompoundSecMechList list = new CompoundSecMechList(
	    stateful, mechList);
	CompoundSecMechListHelper.write(out, list);
	byte[] buf = out.toByteArray();
	org.omg.IOP.TaggedComponent tc = new org.omg.IOP.TaggedComponent( 
	    TAG_CSI_SEC_MECH_LIST.value, buf ) ;
	return tc;
    
private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[]createCompoundSecMechs(com.sun.enterprise.iiop.CSIV2TaggedComponentInfo$DescriptorMaker maker, com.sun.enterprise.deployment.EjbDescriptor desc)
Create the security mechanisms. Only 1 such mechanism is created although the spec allows multiple mechanisms (in decreasing order of preference). Note that creating more than one CompoundSecMech here will cause getSecurityMechanisms to fail, as it supports only one CompoundSecMech.


        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP: Creating CompoundSecMech");
        }

	Set iorDescSet = getIORConfigurationDescriptors( desc ) ;

        CompoundSecMech[] mechList = new CompoundSecMech[iorDescSet.size()]; 
	Iterator<EjbIORConfigurationDescriptor> itr = iorDescSet.iterator();
        if(_logger.isLoggable(Level.FINE)){
	    	_logger.log(Level.FINE,"IORDescSet SIZE:" + iorDescSet.size());
	}

	for(int i = 0; i < iorDescSet.size(); i++) {
	    EjbIORConfigurationDescriptor iorDesc = itr.next();
            int target_requires = getTargetRequires(iorDesc);
	    org.omg.IOP.TaggedComponent comp = maker.evaluate( iorDesc ) ;
	    
	    // Create AS_Context
            AS_ContextSec asContext = createASContextSec(iorDesc);
	    
            // Create SAS_Context
            SAS_ContextSec sasContext = createSASContextSec(iorDesc);
	    
	    // update the target requires value
	    int targ_req = target_requires | asContext.target_requires
		| sasContext.target_requires;
	    
            // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
            mechList[i] = new CompoundSecMech((short)targ_req,
                            comp, asContext, sasContext);
	}
        return mechList;
    
private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[]createCompoundSecMechs(java.util.List socketInfos, com.sun.enterprise.deployment.EjbDescriptor desc)


	DescriptorMaker maker = new DescriptorMaker() {
	    public org.omg.IOP.TaggedComponent evaluate( EjbIORConfigurationDescriptor desc ) {
		return createSSLInfo( socketInfos, desc, false ) ;
	    }
	} ;

	return createCompoundSecMechs( maker, desc ) ;
    
private com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[]createCompoundSecMechs(int sslPort, com.sun.enterprise.deployment.EjbDescriptor desc)


	DescriptorMaker maker = new DescriptorMaker() {
	    public org.omg.IOP.TaggedComponent evaluate( EjbIORConfigurationDescriptor desc ) {
		return createSSLInfo( sslPort, desc, false ) ;
	    }
	} ;

	return createCompoundSecMechs( maker, desc ) ;
    
public com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSeccreateSASContextSec(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)
Create the SAS layer context within a compound mechanism definition.

        SAS_ContextSec sasContext = null;
	// target_supports = 0 means that target supports ITTAbsent
        int target_supports = 0;
        int target_requires = 0;
        ServiceConfiguration[] priv = new ServiceConfiguration[0];
        String callerPropagation = null;
        byte[][] mechanisms = {};
        
        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP: Creating SAS_Context");
        }


	// this shall be non-zero if target_supports is non-zero
	int supported_identity_token_type = 0;

        if (iorDesc != null) {
            callerPropagation = iorDesc.getCallerPropagation();
        }

        if ((callerPropagation != null) 
	    && (callerPropagation.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE))){
            sasContext = new SAS_ContextSec((short)target_supports,
                                            (short)target_requires,
                                            priv, mechanisms,
					    supported_identity_token_type);
            return sasContext;
	}

	target_supports = IdentityAssertion.value;

        byte[] upm = Utility.getMechanism(); // Only username_password mechanism
        mechanisms = new byte[1][upm.length];
        for(int i = 0; i < upm.length; i++) {
            mechanisms[0][i] = upm[i];
        }

	// para 166 of CSIv2 spec says that the bit corresponding to the
	// ITTPrincipalName is non-zero if supported_mechanism has atleast
	// 1 element. Supported_mechanism has the value of GSSUP OID
	if (target_supports != 0){
	    supported_identity_token_type = SUPPORTED_IDENTITY_TOKEN_TYPES;
        }

        sasContext = new SAS_ContextSec((short)target_supports,
                                        (short)target_requires,
                                        priv, mechanisms,
					supported_identity_token_type);

        return sasContext;
    
private org.omg.IOP.TaggedComponentcreateSSLInfo(int sslport, com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc, boolean sslRequired)
Create the SSL tagged component within a compound mechanism definition.


	int targetSupports = getTargetSupportsDefault( iorDesc ) ;
	int targetRequires = getTargetRequiresDefault( iorDesc, sslRequired ) ;
	boolean mutualAuthRequired = (iorDesc != null) &&
	    ((targetRequires & EstablishTrustInClient.value) ==
	     EstablishTrustInClient.value) ;
        int ssl_port = mutualAuthRequired ? sslMutualAuthPort : sslport; 
	
        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for sslport "
		+ ssl_port );
        }

        /* 
         * if both targetSupports and targetRequires are zero, then the 
         * mechanism does not support a transport_mechanism and hence
         * a TAG_NULL_TAG must be generated.
         */

        if ( (targetSupports | targetRequires) == 0  || ssl_port == -1) {
	     return NULL_TAGGED_COMPONENT ;
	}

	TransportAddress[] listTa = generateTransportAddresses( ssl_port ) ;
	return createTlsSecTransComponent( targetSupports, targetRequires, listTa ) ;
    
private org.omg.IOP.TaggedComponentcreateSSLInfo(java.util.List socketInfos, com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc, boolean sslRequired)


	int targetSupports = getTargetSupportsDefault( iorDesc ) ;
	int targetRequires = getTargetRequiresDefault( iorDesc, sslRequired ) ;
	
        if(_logger.isLoggable(Level.FINE)){
            _logger.log(Level.FINE, "IIOP: Creating Transport Mechanism for socketInfos "
		+ socketInfos );
        }

        /* 
         * if both targetSupports and targetRequires are zero, then the 
         * mechanism does not support a transport_mechanism and hence
         * a TAG_NULL_TAG must be generated.
         */

        if ( (targetSupports | targetRequires) == 0 ) {
	     return NULL_TAGGED_COMPONENT ;
	}

	TransportAddress[] listTa = generateTransportAddresses(socketInfos);
	return createTlsSecTransComponent( targetSupports, targetRequires, listTa ) ;
    
public org.omg.IOP.TaggedComponentcreateSecurityTaggedComponent(int sslPort, com.sun.enterprise.deployment.EjbDescriptor desc)
Create the security mechanism list tagged component based on the deployer specified configuration information. This method is on the server side for all ejbs in the non-cluster app server case.


        org.omg.IOP.TaggedComponent tc = null;
	try {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
            }
	    
            // get the realm from the application object.
            _realm_name = desc.getApplication().getRealm();
            CompoundSecMech[] mechList = createCompoundSecMechs(sslPort, desc);
            tc = createCompoundSecMechListComponent(mechList);
        } catch(Exception e) {
            _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
        }

        return tc;
    
public org.omg.IOP.TaggedComponentcreateSecurityTaggedComponent(java.util.List socketInfos, com.sun.enterprise.deployment.EjbDescriptor desc)
Create the CSIv2 tagged component for a clustered app server.

        org.omg.IOP.TaggedComponent tc = null;
	try {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "IIOP: Creating a Security Tagged Component");
            }
	    
            // get the realm from the application object.
            _realm_name = desc.getApplication().getRealm();
	    CompoundSecMech[] mechList = createCompoundSecMechs( socketInfos, desc ) ;
	    tc =  createCompoundSecMechListComponent(mechList);
        } catch(Exception e) {
            _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
        }

        return tc;
    
public org.omg.IOP.TaggedComponentcreateSecurityTaggedComponent(int sslPort)
This method is called on the server side for all non-EJB POAs.


        org.omg.IOP.TaggedComponent tc = null;

	try {
	    Properties props = ORBManager.getCSIv2Props() ;

	    boolean sslRequired = getBooleanValue( props,
		ORBManager.ORB_SSL_SERVER_REQUIRED ) ;
	    boolean clientAuthRequired = getBooleanValue( props,
		ORBManager.ORB_CLIENT_AUTH_REQUIRED ) ;

	    CompoundSecMech[] mechList = new CompoundSecMech[1]; 

	    org.omg.IOP.TaggedComponent transportMech = createSSLInfo(
		sslPort, null, sslRequired);
	    
	    // Create AS_Context
	    AS_ContextSec asContext = createASContextSec(null);

	    // Create SAS_Context
	    SAS_ContextSec sasContext = createSASContextSec(null);

	    short targetRequires = 
		    (clientAuthRequired ? EstablishTrustInClient.value : 0);

	    // Convert Profile.TaggedComponent to org.omg.IOP.TaggedComponent
	    mechList[0] = new CompoundSecMech(targetRequires, 
		transportMech, asContext, sasContext);

	    tc =  createCompoundSecMechListComponent(mechList);
        } catch(Exception e) {
            _logger.log(Level.SEVERE,"iiop.createcompund_exception",e);
        }
        return tc;
    
private org.omg.IOP.TaggedComponentcreateTlsSecTransComponent(int targetSupports, int targetRequires, com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[] listTa)


	TLS_SEC_TRANS tls_sec = new TLS_SEC_TRANS(
	    (short)targetSupports, (short)targetRequires, listTa);

 	CDROutputStream out = (CDROutputStream) orb.create_output_stream();
 	out.putEndian() ; 
 	TLS_SEC_TRANSHelper.write((org.omg.CORBA.portable.OutputStream)out, tls_sec);

	byte[] buf = out.toByteArray() ;
	
	// create new Tagged Component for SSL
	org.omg.IOP.TaggedComponent tc = new org.omg.IOP.TaggedComponent(
			TAG_TLS_SEC_TRANS.value, buf ) ;
	return tc;
    
private com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[]generateTransportAddresses(int sslPort)


	String hostName = Utility.getLocalAddress();
	short shortPort = Utility.intToShort(sslPort);
	TransportAddress ta = new TransportAddress(hostName, shortPort);
	TransportAddress[] listTa = new TransportAddress[] { ta } ;

	return listTa;
    
private com.sun.corba.ee.org.omg.CSIIOP.TransportAddress[]generateTransportAddresses(java.util.List socketInfos)


        TransportAddress[] listTa = new TransportAddress[socketInfos.size()];
	for(int i=0; i<socketInfos.size(); i++){
            SocketInfo socketInfo = socketInfos.get(i);
            int sslport = socketInfo.port;
            String host = socketInfo.host;
            short short_port = Utility.intToShort(sslport);
            TransportAddress ta = new TransportAddress(host, short_port);
            listTa[i] = ta;
        }
	return listTa;
    
private booleangetBooleanValue(java.util.Properties props, java.lang.String name)

	String val = props.getProperty( name, "false" ) ;
	boolean result = val.equals( "true" ) ;
	return result ;
    
public static com.sun.enterprise.deployment.EjbDescriptorgetEjbDescriptor(org.omg.PortableInterceptor.IORInfo iorInfo)

	CSIv2Policy csiv2Policy = null;
	try {
	    csiv2Policy = (CSIv2Policy)iorInfo.get_effective_policy(
	        POARemoteReferenceFactory.CSIv2_POLICY_TYPE);
	} catch ( INV_POLICY ex ) {
	    _logger.log(Level.FINE, 
			"CSIV2TaggedComponentInfo.getEjbDescriptor: CSIv2Policy not present");
	}
	    
	// Add CSIv2 tagged component for this EJB type.
	if(_logger.isLoggable(Level.FINE)) {
	    _logger.log(Level.FINE, 
			"TxSecIORInterceptor.establish_components: CSIv2Policy: " + csiv2Policy);
	}

	EjbDescriptor ejbDesc = null ;
	if (csiv2Policy != null)
	    ejbDesc = csiv2Policy.getEjbDescriptor() ;

	return ejbDesc ;
    
private java.util.SetgetIORConfigurationDescriptors(com.sun.enterprise.deployment.EjbDescriptor desc)


	Set iorDescSet = desc.getIORConfigurationDescriptors();
	int size = iorDescSet.size();
	if (size == 0) {
	    // No IOR config descriptors:
	    // Either none were configured or 1.2.x app.

	    // Create an IOR config desc with SSL supported
	    EjbIORConfigurationDescriptor eDesc = 
		new EjbIORConfigurationDescriptor();
	    eDesc.setIntegrity(
		EjbIORConfigurationDescriptor.SUPPORTED);
	    eDesc.setConfidentiality(
		EjbIORConfigurationDescriptor.SUPPORTED);
	    eDesc.setEstablishTrustInClient(
		EjbIORConfigurationDescriptor.SUPPORTED);
	    iorDescSet.add(eDesc);
	    size = 1;

	    // Check if method permissions are set on the descriptor.
	    // If they are then enable username_password mechanism in as_context
	    Set permissions = desc.getPermissionedRoles();
	    if (permissions.size() > 0) {
                if(_logger.isLoggable(Level.FINE)){
                    _logger.log(Level.FINE,"IIOP:Application has protected methods");
                }

	        eDesc.setAuthMethodRequired(true);

                if (_realm_name != null) {
                    eDesc.setRealmName(_realm_name);
                }
	    }
	}

	return (Set<EjbIORConfigurationDescriptor>)iorDescSet ;
    
private com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANSgetSSLComponent(org.omg.IOP.TaggedComponent comp)


	TLS_SEC_TRANS ssl = null;        
	
        // a TAG_NULL_TAG implies that SSL is not required
        if (comp.tag == TAG_NULL_TAG.value){
            ssl = null;
        } else {
            byte[] b = comp.component_data;
            CDRInputStream in = (CDRInputStream)  new EncapsInputStream(orb, b, b.length);
            in.consumeEndian();
            ssl = TLS_SEC_TRANSHelper.read(in);
        }

	return ssl;
    
public com.sun.corba.ee.org.omg.CSIIOP.TLS_SEC_TRANSgetSSLInformation(com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mech)
Retrieve the SSL tagged component from the compound security mechanism.

	org.omg.IOP.TaggedComponent pcomp = mech.transport_mech; 
	TLS_SEC_TRANS ssl = getSSLComponent(pcomp);
	return ssl;
    
public com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[]getSecurityMechanisms(com.sun.corba.ee.spi.ior.IOR ior)
Get the Compound security mechanism list from the given IOR.

param
the IOR.
return
the array of compound security mechanisms.

	IIOPProfile prof = ior.getProfile();
	IIOPProfileTemplate ptemp = (IIOPProfileTemplate)prof.
 			    getTaggedProfileTemplate();
	Iterator<TaggedComponent> itr = ptemp.iteratorById(
	    TAG_CSI_SEC_MECH_LIST.value);

	if(!itr.hasNext()) {
            if(_logger.isLoggable(Level.FINE)){
                String msg = "IIOP:TAG_CSI_SEC_MECH_LIST tagged component not found";
                _logger.log(Level.FINE, msg);
	    }
	    return null;
	}

	TaggedComponent tcomp = itr.next();
	if(_logger.isLoggable(Level.FINE)){
	    _logger.log(Level.FINE,"Component:" + tcomp);
	}

	if (itr.hasNext()) {
	    String msg = "More than one TAG_CSI_SEC_MECH_LIST tagged " + 
			 "component found ";
            _logger.log(Level.SEVERE,"iiop.many_tagged_component");
	    throw new RuntimeException(msg);
	}

	org.omg.IOP.TaggedComponent comp = tcomp.getIOPComponent(orb);
	byte[] b = comp.component_data;
	CDRInputStream in = (CDRInputStream) new EncapsInputStream(orb, b, b.length);
	in.consumeEndian();
	CompoundSecMechList l = CompoundSecMechListHelper.read(in);
	CompoundSecMech[] list = l.mechanism_list;

	return list;
    
public intgetTargetRequires(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)
Get the value of target_requires for the transport layer.

	if ( iorDesc == null ) {
            return 0;
        }

	int requires = 0;
	String integrity = iorDesc.getIntegrity();
	if(integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
	    requires = requires | Integrity.value;
	}

	String confidentiality = iorDesc.getConfidentiality();
	if(confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
	    requires = requires | Confidentiality.value;
	}

	String establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
	if(establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
	    requires = requires | EstablishTrustInTarget.value;
	}

	String establishTrustInClient = iorDesc.getEstablishTrustInClient();
	if(establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.REQUIRED)) {
	    requires = requires | EstablishTrustInClient.value;
	}

	return requires;
    
private intgetTargetRequiresDefault(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor desc, boolean sslRequired)

	int targetRequires = 0 ;
	if (desc == null) {
	    if (sslRequired)
		targetRequires = Integrity.value | Confidentiality.value 
		    | EstablishTrustInClient.value;
	} else {
	    targetRequires = getTargetRequires(desc);
	}

	return targetRequires ;
    
public intgetTargetSupports(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor iorDesc)
Get the value of target_supports for the transport layer.

	if ( iorDesc == null ) {
            return 0;
        }

	int supports = 0;
	String integrity = iorDesc.getIntegrity();
	if(!integrity.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
	    supports = supports | Integrity.value;
	}

	String confidentiality = iorDesc.getConfidentiality();
	if(!confidentiality.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
	    supports = supports | Confidentiality.value;
	}

	String establishTrustInTarget = iorDesc.getEstablishTrustInTarget();
	if(!establishTrustInTarget.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
	    supports = supports | EstablishTrustInTarget.value;
	}

	String establishTrustInClient = iorDesc.getEstablishTrustInClient();
	if(!establishTrustInClient.equalsIgnoreCase(EjbIORConfigurationDescriptor.NONE)) {
	    supports = supports | EstablishTrustInClient.value;
	}

	return supports;
    
private intgetTargetSupportsDefault(com.sun.enterprise.deployment.EjbIORConfigurationDescriptor desc)

	int targetSupports = 0 ;
	if (desc == null)
	    targetSupports = Integrity.value | Confidentiality.value 
		| EstablishTrustInClient.value | EstablishTrustInTarget.value;
	else
	    targetSupports = getTargetSupports(desc);

	return targetSupports ;