The ORB provides a proprietary POA security
policy for specifying the authentication realm, and Quality of Protection.
The policy is created using the
create_security_policy
method on the POA Extension API.
|
|
|
| isAuthenticationRequired | Specifies whether client needs to authentication with the realm specified by getRealmName method. |
|
|
The realm against which the client should authenticate itself. |
|
|
Is the Quality of Protection optional or required. If it is optional, then, the client can also talk to the object using no protection (eg using plain IIOP). |
|
|
Get the Quality of Protection for the Object - no Protection, Integrity, and Confidentiality. |
|
|
Get the port used to listen for incomming secure communicatio |
|
|
Get the hostname used to listen for incomming secure communicatio |
Specifies the quality of protection of the communication required by the all the objects served by a POA instance. There are three pre-built constants:
NO_PROTECTION - no protection
INTEGRITY - use communication is only integrity protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
CONFIDENTIALITY - communication is integrity and confidentiality protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
You can also create custom quaility of protection using any set of CipherSuites supported by the ORB.
The ORB provides extension to the POA APIs for creating security policy objects.
Method Parameters Description create_security_policy realmName Create the Security Policy. The realmName specifies the realm against which the client is required to authenticate before it is allowed to invoke on objects in the POA created with this Policy. create_security_policy realmName,
qualityOfProtection,
isProtectionOptional,
host,
portCreate a Security Policy for using IIOP/SSL. The realmName specifies the realm against which the client is required to authenticate before it is allowed to invoke on objects in the POA created with this Policy. To require client authentication using SSL, set this parameter to Realm.PUBLIC_KEY_REALM. The realm name can be null to specify no client authentication is needed.
The qualityOfProtection specifies the required protection to use for communicating with the client.
The isProtectionOptional flag specifies if the protection is optional.
The host and port specify the listening address of the server.
Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.