The SecurityPolicy can be used by the clients to specify the security attributes required by the objects implemented using the POA instance being created.
The security attributes include:
SecureTransportInfo (TCP addresses, cipher suites, etc.)
ClientAuthInfo (support for GSSUP username/password based client auth mechanism)
boolean specifying IdentityAssertion support
The optional SecureTransportInfo specifies the attributes for IIOP/SSL. These include:
TransportPolicyValue - this specifies the list of primary and secondary TCPAddresses. If the derived class ClusterPolicyValue is used, then a clustering scheme is specified as well.
QualityOfProtection - is a list of CipherSuites that are acceptable to use for protection of communication. There are three pre-built constants:
NO_PROTECTION - no protection
INTEGRITY - use communication is only integrity protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
CONFIDENTIALITY - communication is integrity and confidentiality protected using the available default Cipher Suites. The default CipherSuites are specified using the CertificateManager.
boolean specifying whether client authentication (using public key technology) during SSL handshake is required.
enable TLS - TLS 1.0 is allowed otherwise only SSL 3.0 is allowed
boolean specifying whether IIOP/SSL is mandatory or optional
The ClientAuthInfo is used to specify the realm name
that the user should provide credentials (username/password) for,
and whether client authentication is optional or required.
Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.