This topic includes the following sections:
|Notes:||This chapter describes how to use authentication. For a complete description of all the security features available in the CORBA security environment and instructions for implementing the features, see Using Security in CORBA Applications in the BEA Tuxedo online documentation.|
|Note:||The BEA Tuxedo CORBA Java client and BEA Tuxedo CORBA Java client ORB were deprecated in Tuxedo 8.1 and are no longer supported. All BEA Tuxedo CORBA Java client and BEA Tuxedo CORBA Java client ORB text references, associated code samples, should only be used to help implement/run third party Java ORB libraries, and for programmer reference only.|
|Note:||Technical support for third party CORBA Java ORBs should be provided by their respective vendors. BEA Tuxedo does not provide any technical support or documentation for third party CORBA Java ORBs.|
The CORBA environment in the BEA Tuxedo product offers a security model based on the CORBA Services Security Service. The BEA Tuxedo CORBA security model implements the authentication portion of the CORBA Services Security Service.
In the CORBA environment security information is defined on a domain basis. The security level for the domain is defined in the configuration file. Client applications use the SecurityCurrent object to provide the necessary authentication information to log on to the BEA Tuxedo domain.
The following levels of authentication are provided:
In addition to the
TOBJ_SYSAUTH information, the client application must provide application-specific information. If the default BEA Tuxedo CORBA authentication service is used in the application configuration, the client application must provide a user password; otherwise, the client application provides authentication data that is interpreted by the custom authentication service in the application.
|Note:||If a client application is not authenticated and the security level is
In the BEA Tuxedo CORBA security environment, only the PrincipalAuthenticator and Credentials properties on the SecurityCurrent object are supported. For a description of the
SecurityLevel2::Current interfaces, see the CORBA Programming Reference in the BEA Tuxedo online documentation.
Figure 4-1 illustrates how CORBA security works in a BEA Tuxedo domain.
The steps are as follows:
Tobj::PrincipalAuthenticator::get_auth_type()method to get the authentication level for the BEA Tuxedo domain.
Tobj::PrincipalAuthenticator::logon()method to log on to the BEA Tuxedo domain with the proper authentication information.
|Note:||BEA Tuxedo CORBA also supports the use of the CORBA Interoperable Naming Service (INS) to obtain an initial object reference for the Security Service. For information on the INS bootstrapping mechanism, see the CORBA Programming Reference.|
The Security sample application demonstrates how to use password authentication. The Security sample application requires that each student using the application has an ID and a password. The Security sample application works in the following manner:
logon()operation. This operation invokes operations on the PrincipalAuthenticator object, which is obtained as part of the process of logging on to access the domain.
get_student_details()operation on the
Registrarobject to return information about a student. After the user is authenticated, logon is complete and the
get_student_details()operation accesses the student information in the database to obtain the student information needed by the client logon operation.
|Note:||Certificate authentication is illustrated in the Secure Simpapp sample application.|
Figure 4-2 illustrates the Security sample application.
The source files for the Security sample application are located in the
\samples\corba\university directory in the BEA Tuxedo software. For information about building and running the Security sample application, see Using Security in CORBA Applications in the BEA Tuxedo online documentation.
Table 4-1 lists the development steps for writing a BEA Tuxedo CORBA application that employs authentication security.
The security level for a BEA Tuxedo domain is defined by setting the
SECURITY parameter in the
RESOURCES section of the configuration file to the desired security level. Table 4-2 lists the options for the
In the Security sample application, the
SECURITY parameter is set to
APP_PW for application-level security. For information about adding security to a BEA Tuxedo CORBA application, see Using Security in CORBA Applications in the BEA Tuxedo online documentation.
Write client application code that does the following:
get_auth_type()operation of the PrincipalAuthenticator object to return the type of authentication expected by the BEA Tuxedo domain.
Listing 4-1 include the portions of the CORBA C++ client applications in the Security sample application that illustrate the development steps for security.
CORBA::Object_var var_security_current_oref =
SecurityLevel2::Current_var var_security_current_ref =
//Get the PrincipalAuthenticator
SecurityLevel2::PrincipalAuthenticator_var var_principal_authenticator_oref =
//Narrow the PrincipalAuthenticator
Tobj::PrincipalAuthenticator_var var_bea_principal_authenticator =
//Determine the security level
Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type();
Security::AuthenticationStatus status = var_bea_principalauthenticator->logon(