Security Current

The SecurityCurrent interface is used to

create a new SecurityContext

set/get the SecurityContext at the ORB or Thread level

create Identity and InitialContext Tokens

get the negotiated cipher suite and caller Certificate Chain (when using IIOP/SSL or TLS)

get the caller's host and port

When the request is initiated by a client to a secure object supporting username/password based client authentication, or Identity assertions, the client side security service looks for a SecurityContext at the thread level, and then at the ORB level. If a SecurityContext is not setup, the AuthCallback (if any) is called to create and return a SecurityContext. If a SecurityContext is still not available and the object requires a SecurityContext, then a security exception is thrown to the client. The security context is propagated to the server inside IIOP service context as defined in the CSIv2 specification.
When a IIOP request carrying security service context is recieved by the server side security service, it calls the Authenticator to validate the contained tokens and sets up the caller SecurityContext for the application. Unless this SecurityContext is modified or a new one is setup, the SecurityContext continues to serve as the identity with which the application code is executed.

Fig 1: The SecurityCurrent API.
Method Description

createInitialContextToken Create a GSSUP Initial Context Token using a username, password, and realm.

createIdentityToken Create an Identity Token. Identity Tokens of different types can be created.

newContext Create a new Security Context.

set/unset ORBContext Set/Unset the ORB level security context.

stack`/unstack ThreadContext Set/Unset the thread security context. The thread security context overrides the ORB level security context.

getSecurityContext Get the security context for the current thread. If there is no security context on the thread, the ORB context is returned.

getThreadSecurityContext Get the security context for the given thread. If there is no security context on the thread, the ORB context is returned.

getCaller Get the security context of the caller.

get/set Authenticator Get/Set the Authenticator used for authenticating the received Initial Context Tokens.

get/set AuthCallback Get/Set the client side callback for creating a Security Context.

getPort Get the port of the remote client. It returns 0 if the client is local. For nested invocations done on behalf of the same remote invocations, the getPort continues to return a valid value.

getLocalAddress Get the local IP address on which this invocation was received. It returns null if the client is local. For nested invocations done on behalf of the same remote invocations, the getLocalAddress continues to return a non-null value.

getLocalPort Get the local IP port on which this invocation was received. It returns null if the client is local. For nested invocations done on behalf of the same remote invocations, the getLocalPort continues to return a valid value.

getNegotiatedCipherSuite Get the negotiated CipherSuite. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only.

getCertificateChain Get the peers Certificate chain. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only.

**Fig 1: The SecurityCurrent API.**
Method	Description
createInitialContextToken	Create a GSSUP Initial Context Token using a username, password, and realm.
createIdentityToken	Create an Identity Token. Identity Tokens of different types can be created.
newContext	Create a new Security Context.
set/unset ORBContext	Set/Unset the ORB level security context.
stack`/unstack ThreadContext	Set/Unset the thread security context. The thread security context overrides the ORB level security context.
getSecurityContext	Get the security context for the current thread. If there is no security context on the thread, the ORB context is returned.
getThreadSecurityContext	Get the security context for the given thread. If there is no security context on the thread, the ORB context is returned.
getCaller	Get the security context of the caller.
get/set Authenticator	Get/Set the Authenticator used for authenticating the received Initial Context Tokens.
get/set AuthCallback	Get/Set the client side callback for creating a Security Context.
getPort	Get the port of the remote client. It returns 0 if the client is local. For nested invocations done on behalf of the same remote invocations, the getPort continues to return a valid value.
getLocalAddress	Get the local IP address on which this invocation was received. It returns null if the client is local. For nested invocations done on behalf of the same remote invocations, the getLocalAddress continues to return a non-null value.
getLocalPort	Get the local IP port on which this invocation was received. It returns null if the client is local. For nested invocations done on behalf of the same remote invocations, the getLocalPort continues to return a valid value.
getNegotiatedCipherSuite	Get the negotiated CipherSuite. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only.
getCertificateChain	Get the peers Certificate chain. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only.

Copyright © 1998-2003, Novell, Inc. All rights reserved.