Oracle8i CORBA Developer's Guide and Reference
Release 3 (8.1.7)

Part Number A83722-01


Solution Area



Go to previous page Go to beginning of chapter Go to next page

Server-Side Authentication

This example includes setting a trustpoint. If you do not want to involve trustpoints, just remove the section of the code that sets the trustpoint.



This is a very simple CORBA example using server side ssl for login. The 
helloWorld server object merely returns a greeting plus the Java VM version 
number to the client.

The purpose of the example is to show how to use ssl server side 
authentication for logins. 

Setup required
You need to open the encrypted wallet(ewallet.der) provided in this directory 
using the wallet manager tool provided by Oracle. The password is welcome12. 
Copy the cleartext into TNS_ADMIN directory and restart the database and 

The encrypted wallet(ewallet.der) is only valid for Solaris platforms. For 
other platforms, you should generate the wallet using Oracle's owm tool.
And if you generate the wallet, be sure to change the trust point provided
in the client file too.

The parameter SSL_CLIENT_AUTHENTICATION  in $TNSADMIN/sqlnet.ora should be set 
to false before restarting the database and listeners.

You may also generate a wallet using Oracle tool owmgui. The cleartext
wallet that you will be using should be binary compatible with the machine
you are using to run this sample.

There is also a hard coded trustpoint within This trust point 
matches with the one in the server's wallet. You may replace with your trust 
point if needed. But this trust point should be matching with the one in 
the server's wallet.

This example runs with JDK1.1 libraries. If you are using JDK 1.2 libraries,
then you should comment out JDK1.1 code and uncomment JDK1.2 code.

Source files


The CORBA IDL for the example.  Defines a single interface Hello with a single
method helloWorld(). The interface is defined in the Module named 'hello',
which determines the name of the directory in which the idl2java compiler
places the generated files.

The helloWorld() method returns a CORBA wstring, which maps to a Java String

module hello
  interface Hello
    wstring helloWorld()

You invoke the client program from a command prompt, and pass it four
arguments, the

   - service URL (service ID, hostname, port, and SID if port is a listener)
   - name of the published bean to lookup and instantiate
   - username
   - password

For example:
% java -classpath LIBs Client sess_iiop://localhost:2222 

where LIBs is the classpath that must include

#If using Java 2, use instead of

(Note: for NT users, the environment variables would be %ORACLE_HOME% and

The client code performs the following steps:

   - gets the arguments passed on the command line
   - puts the authentication type and values into env context
   - creates a new JNDI Context (InitialContext())
   - looks up the published CORBA server object to find and activate it
   - invokes the helloWorld() method on the hello object and prints the results

The printed output is:

Hello client, your javavm version is 8.1.5.


Implements the IDL-specified Hello interface. The interface has one
method, helloWorld(), that returns a String to the caller.

helloWorld() invokes System.getProperty("oracle.server.version") to get the
version number of the Java VM.

This object performs no database access.

Compiling and Running the Example


Enter the command 'make all' or simply 'make' in the shell to compile,
load, and deploy the objects, and run the client program.  Other
targets are 'run' and 'clean'.

Make sure that a shell environment variable ORACLE_HOME is set to
point to the home location of the Oracle installation. This is
operating system dependent, so see the Installation documentation that
came with your system for the location. Also, review the README file
for the Oracle database, and the README file for the CORBA/EJB server
(the Oracle8i ORB), for additional up-to-date information.

Windows NT

On Windows NT, run the batch file makeit.bat from a DOS command prompt
to compile, load, and deploy the objects. Run the batch file runit.bat
to run the client program, and see the results.

Make sure that the environment variables %ORACLE_HOME%, %CLASSPATH%,
and %SERVICE% are set appropriately for the DOS command window. You
can set these as either user or system environment variables from the
Control Panel. Double click on System in the Control Panel then on
the Environment tab to set these variables. Start a new DOS window
after setting environment variable values.

See the Installation documentation that came with your Oracle8i system
for the values of these variables. Also, review the README file for
the Oracle database, and the README file for the CORBA/EJB server (the
Oracle8i ORB), for additional up-to-date information.

You can also set an environment variable %JAVA_HOME% to point to the
root of your Java JDK. For example, SET JAVA_HOME=C:\JDK1.1.6.


module hello {
  interface Hello {
    wstring helloWorld ();

import hello.Hello;

import javax.naming.Context;
import javax.naming.InitialContext;
import java.util.Hashtable;
import oracle.aurora.ssl.*;
import oracle.aurora.jndi.sess_iiop.ServiceCtx;
import oracle.aurora.jndi.sess_iiop.SessionCtx;
import oracle.aurora.AuroraServices.LoginServer;
//import*;  // Needs JDK 1.2; won't compile in JDK 1.1
import*;  // for JDK 1.1

public class Client
   private static String trustedCert =  

 static boolean verifyPeerCert(org.omg.CORBA.Object obj) throws Exception
   org.omg.CORBA.ORB orb = oracle.aurora.jndi.orb_dep.Orb.init();

   // Get the SSL current 
   AuroraCurrent current = AuroraCurrentHelper.narrow
   // Check the cipher
   System.out.println("Negotiated Cipher:  " + 
   // Check the protocol version
   System.out.println("Protocol Version:   " + 
   // Check the peer's certificate
   System.out.println("The account obj's certificate chain : "); 
   byte [] [] certChain = current.getPeerDERCertChain(obj);
   System.out.println("length : " + certChain.length);
   System.out.println("Certificates: ");

   // JDB 1.2 way
   CertificateFactory cf = CertificateFactory.getInstance("X.509");	
   for(int i = 0; i < certChain.length; i++) {
     ByteArrayInputStream bais = new ByteArrayInputStream(certChain[i]);
     Certificate  xcert = cf.generateCertificate(bais); 
     if(xcert instanceof X509Certificate) 
       X509Certificate x509Cert = (X509Certificate)xcert;
       String globalUser = x509Cert.getSubjectDN().getName();
       System.out.println("DN out of the cert : " + globalUser); 

     // JDK 1.1 way

     for(int i = 0; i < certChain.length; i++) { cert =[i]);
     String globalUser = cert.getSubjectDN().getName();
     System.out.println("DN out of the cert : " + globalUser); 

   return true;

  public static void main (String[] args) throws Exception {
    if (args.length != 2) {
      System.out.println("usage: Client serviceURL objectName");
    String serviceURL = args [0];
    String objectName = args [1];

    Hashtable env = new Hashtable();
    env.put(Context.URL_PKG_PREFIXES, "oracle.aurora.jndi");
    env.put(Context.SECURITY_AUTHENTICATION, ServiceCtx.SSL_LOGIN);
    env.put(Context.SECURITY_PRINCIPAL, "scott");
    env.put(Context.SECURITY_CREDENTIALS, "tiger");
    // setup the trust point
    env.put(ServiceCtx.SECURITY_TRUSTED_CERT, trustedCert);

    Context ic = new InitialContext(env);

    // Make an SSL connection to the server first. If the connection
    // succeeds, then inspect the  server's certificate, since we haven't
    // specified a trust point.
    // Get a SessionCtx that represents a database instance
    ServiceCtx service = (ServiceCtx)ic.lookup (serviceURL);
    SessionCtx session1 = (SessionCtx)service.createSubcontext (":session1");
    // Lookup login object for the purpose of getting hold of some corba 
    // object needed for verifyPeerCert(). We should provide an extension
    // to just getting the NS object, for this purpose.
    LoginServer obj = (LoginServer) session1.activate("/etc/login");

      throw new org.omg.CORBA.COMM_FAILURE("Verification of Peer cert failed");

    // Now that we trust the server, let's go ahead and do our business.
    Hello hello = (Hello) session1.activate(objectName);


package helloServer;

import hello.*;

public class HelloImpl extends _HelloImplBase {
  public String helloWorld() {
    String v = System.getProperty("oracle.server.version");
    return "Hello client, your javavm version is " + v + ".";

Go to previous page
Go to beginning of chapter
Go to next page
Copyright © 1996-2000, Oracle Corporation.

All Rights Reserved.


Solution Area