The SecurityCurrent
interface is used to:
create a new SecurityContext
set/get the SecurityContext at the ORB or thread level
create identity and InitialContext tokens
get the negotiated cipher suite and caller certificate chain (when using IIOP/SSL or TLS)
get the caller's host and port
When the request is initiated by a client to a secure object supporting
username/password based client authentication, or identity assertions,
the client side security service looks for a SecurityContext at the thread
level, and then at the ORB level. If a SecurityContext is not setup,
the AuthCallback
(if any) is called to create and return a SecurityContext. If a
SecurityContext
is still not available and the object requires a SecurityContext,
then a security exception is thrown to the client. The security context
is propagated to the server inside IIOP service context as defined
in the CSIv2 specification.
When a IIOP request carrying security service context is recieved
by the server side security service, it calls the Authenticator
to validate the contained tokens and sets up the caller SecurityContext
for the application. Unless this SecurityContext is modified or a new one
is setup, the SecurityContext continues to serve as the identity with which
the application code is executed.
|
|
|
createInitialContextToken |
Create a GSSUP initial context token using a username, password, and realm. |
createIdentityToken |
Create an identity token. Identity tokens of different types can be created. |
newContext |
Create a new Security Context. |
setORBContext, unsetORBContext |
Set/Unset the ORB level security context. |
stackThreadContext, unstackThreadContext |
Set/unset the thread security context. The thread security context overrides the ORB level security context. |
getSecurityContext |
Get the security context for the current thread. If there is no security context on the thread, the ORB context is returned. |
getThreadSecurityContext |
Get the security context for the given thread. If there is no security context on the thread, the ORB context is returned. |
getCaller |
Get the security context of the caller. |
getAuthenticator, setAuthenticator |
The get/set the authenticator methods are used for authenticating the received initial context tokens. |
getAuthCallback, setAuthCallback |
Get/set the client side callback for creating a security context. |
getPort |
Get the port of the remote client. It returns 0 if the client is local.
For nested invocations done on behalf of the same remote invocations, the
getPort
continues to return a valid value. |
getLocalAddress |
Get the local IP address on which this invocation was received.
It returns null if the client is local. For nested invocations done on
behalf of the same remote invocations, the getLocalAddress continues
to return a non-null value. |
getLocalPort |
Get the local IP port on which this invocation was received.
It returns null if the client is local. For nested invocations done on
behalf of the same remote invocations, the getLocalPort continues
to return a valid value. |
getNegotiatedCipherSuite |
Get the negotiated CipherSuite. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only. |
getCertificateChain |
Get the peers' certificate chain. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only. |
Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.