C++ Security Reference

 

This topic contains the C++ method descriptions for CORBA security.

SecurityLevel1::Current::get_attributes

Synopsis

Returns attributes for the Current interface.

OMG IDL Definition

Security::AttributeList get_attributes(
	in Security::AttributeTypeList   attributes
       );
};

Argument

attributes

The set of security attributes (privilege attribute types) whose values are desired. If this list is empty, all attributes are returned.

Description

This method gets privilege (and other) attributes from the principal's credentials for the Current interface.

Return Values

The following table describes valid return values.

Return Value	Meaning
Security::Public	Empty (Public is returned when no authentication was performed).
Security::AccessId	Null terminated ASCII string containing the BEA Tuxedo username.
Security::PrimaryGroupId	Null terminated ASCII string containing the BEA Tuxedo name of the principal.

 

Note: The defining_authority field is always empty. Depending on the security level defined in the UBBCONFIG file not all the values for the get_attribute method may be available. Two additional values, Group Id and Role, are available with the security level is set to ACL or MANDATORY_ACL in the UBBCONFIG file.

Note: This information is taken from CORBAservices: Common Object Services Specification, pp. 15-103, 104. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

SecurityLevel2::PrincipalAuthenticator::authenticate

Synopsis

Authenticates the principal and optionally obtains credentials for the principal.

OMG IDL Definition

Security::AuthenticationStatus 
     authenticate(
       in   Security::AuthenticationMethod  method,
       in   Security::SecurityName          security_name,
       in   Security::Opaque                auth_data,
       in   Security::AttributeList         privileges,
       out  Credentials                     creds,
       out  Security::Opaque                continuation_data,
       out  Security::Opaque                auth_specific_data );

Arguments

method

The security mechanism to be used. Valid values are Tobj::TuxedoSecurity and Tobj::CertificateBased.

security_name

The principal's identification information (for example, logon information). The value must be a pointer to a NULL-terminated string containing the username of the principal. The string is limited to 30 characters, excluding the NULL character.

When using certificate authentication, this name is used to look up a certificate in the LDAP-enabled directory service. It is also used as the basis for the name of the file in which the private key is stored. For example:

milozzi@company.com is the e-mail address used to look up a certificate in the LDAP-enabled directory service and milozzi_company.pem is the name of the private key file.

auth_data

The principals' authentication, such as their password or private key. If the Tobj:TuxedoSecurity security mechanism is specified, the value of this argument is dependent on the configured level of authentication. If the Tobj::CertificateBased argument is specified, the value of this argument is the pass phrase used to decrypt the private key of the principal.

privileges

The privilege attributes requested.

creds

The object reference of the newly created Credentials object.The object reference is not fully initialized; therefore, the object reference cannot be used until the return value of the SecurityLevel2::Current::authenticate method is SecAuthSuccess.

continuation_data

If the return value of the SecurityLevel2::Current::authenticate method is SecAuthContinue, this argument contains the challenge information for the authentication to continue. The value returned will always be empty.

auth_specific_data

Information specific to the authentication service being used. The value returned will always be empty.

Description

The SecurityLevel2::Current::authenticate method is used by the client application to authenticate the principal and optionally request privilege attributes that the principal requires during its session with the BEA Tuxedo domain.

If the Tobj::TuxedoSecurity security mechanism is to be specified, the same functionality can be obtained by calling the Tobj::PrincipalAuthenticator::logon operation, which provides the same functionality but is specifically tailored for use with the ATMI authentication security mechanism.

Return Values

The following table describes the valid return values.

Return Value	Meaning
SecAuthSuccess	The object reference of the newly created Credentials object returned as the value of the creds argument is initialized and ready to use.
SecAuthFailure	The authentication process was inconsistent or an error occurred during the process. Therefore, the creds argument does not contain an object reference to a Credentials object. If the Tobj::TuxedoSecurity security mechanism is used, this return value indicates that authentication failed or that the client application was already authenticated and did not call either the Tobj::PrincipalAuthenticator::logoff or the Tobj_Bootstrap::destroy_current operation.
SecAuthContinue	Indicates that the authentication procedure uses a challenge/response mechanism. The creds argument contains the object reference of a partially initialized Credentials object. The continuation_data indicates the details of the challenge.
SecAuthExpired	Indicates that the authentication data contained some information, the validity of which had expired; therefore, the creds argument does not contain an object reference to a Credentials object. If the Tobj::TuxedoSecurity security mechanism is used, this return value is never returned.
CORBA::BAD_PARAM	The CORBA::BAD_PARAM exception occurs if: Values for the security_name, auth_data, or privileges arguments are not specified. The length of an input argument exceeds the maximum length of the argument. The value of the method argument is Tobj::TuxedoSecurity and the content of the auth_data argument contains a username or a clientname as an empty or a NULL string.

 

SecurityLevel2::Current::set_credentials

Synopsis

Sets credentials type.

OMG IDL Definition

void set_credentials(
             in Security::CredentialType   cred_type,
             in Credentials                creds
);

Arguments

cred_type

The type of credentials to be set; that is, invocation, own, or non-repudiation.

creds

The object reference to the Credentials object, which is to become the default.

Description

This method can be used only to set SecInvocationCredentials; otherwise, -set_credentials raises CORBA::BAD_PARAM. The credentials must have been obtained from a previous call to SecurityLevel2::Current::get_credentials or SecurityLevel2::PrincipalAuthenticator::authenticate.

Return Values

None.

Note: This information is taken from CORBAservices: Common Object Services Specification, p. 15-104. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

SecurityLevel2::Current::get_credentials

Synopsis

Gets credentials type.

OMG IDL Definition

Credentials get_credentials(
       in Security::CredentialType   cred_type
);

Argument

cred_type

The type of credentials to get.

Description

This call can be used only to get SecInvocationCredentials; otherwise, get_credentials raises CORBA::BAD_PARAM. If no credentials are available, get_credentials raises CORBA::BAD_INV_ORDER.

Return Values

Returns the active credentials in the client application only.

Note: This information is taken from CORBAservices: Common Object Services Specification, p. 15-105. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

SecurityLevel2::Current::principal_authenticator

Synopsis

Returns the PrincipalAuthenticator.

OMG IDL Definition

readonly attribute PrincipalAuthenticator
                    principal_authenticator;

Description

The PrincipalAuthenticator returned by the principal_authenticator attribute is of actual type Tobj::PrincipalAuthenticator. Therefore, it can be used both as a Tobj::PrincipalAuthenticator and as a SecurityLevel2::PrincipalAuthenticator.

Note: This method raises CORBA::BAD_INV_ORDER if it is called on an invalid SecurityCurrent object.

Return Values

Returns the PrincipalAuthenticator.

SecurityLevel2::Credentials

Synopsis

Represents a particular principal's credential information that is specific to a process. A Credentials object that supports the SecurityLevel2::Credentials interface is a locality-constrained object. Any attempt to pass a reference to the object outside its locality, or any attempt to externalize the object using the CORBA::ORB::object_to_string() operation, results in a CORBA::Marshall exception.

OMG IDL Definition

#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL

#include <SecurityLevel1.idl>

#pragma prefix "omg.org"

module SecurityLevel2 
  {
  interface Credentials
    {
    attribute Security::AssociationOptions 
                            invocation_options_supported;
    attribute Security::AssociationOptions 
                            invocation_options_required;
Security::AttributeList 
    get_attributes(
      in   Security::AttributeTypeList     attributes );

    boolean 
    is_valid(
      out  Security::UtcT                  expiry_time );

};
  };
#endif /* _SECURITY_LEVEL_2_IDL */

C++ Declaration

class SecurityLevel2
  {
  public:
    class	Credentials;
    typedef	Credentials *	Credentials_ptr;

  class  Credentials : public virtual CORBA::Object
    {
    public:
      static Credentials_ptr _duplicate(Credentials_ptr obj);
      static Credentials_ptr _narrow(CORBA::Object_ptr obj);
      static Credentials_ptr _nil();

      virtual Security::AssociationOptions
         invocation_options_supported() = 0;
      virtual void
         invocation_options_supported(
            const Security::AssociationOptions  options ) = 0;
      virtual Security::AssociationOptions
         invocation_options_required() = 0;
      virtual void
         invocation_options_required(
            const Security::AssociationOptions  options ) = 0;

      virtual Security::AttributeList * 
        get_attributes(
          const Security::AttributeTypeList & attributes) = 0;

      virtual CORBA::Boolean 
        is_valid( Security::UtcT_out expiry_time) = 0;

    protected:
      Credentials(CORBA::Object_ptr obj = 0);
      virtual ~Credentials() { }

    private:
      Credentials( const Credentials&) { }
      void operator=(const Credentials&) { }
    };  // class Credentials
  };  // class SecurityLevel2

SecurityLevel2::Credentials::get_attributes

Synopsis

Gets the attribute list attached to the credentials.

OMG IDL Definition

Security::AttributeList get_attributes(
      in AttributeTypeList   attributes
);

Argument

attributes

The set of security attributes (privilege attribute types) whose values are desired. If this list is empty, all attributes are returned.

Description

This method returns the attribute list attached to the credentials of the principal. In the list of attribute types, you are required to include only the type value(s) for the attributes you want returned in the AttributeList. Attributes are not currently returned based on attribute family or identities. In most cases, this is the same result you would get if you called SecurityLevel1::Current::get_attributes(), since there is only one valid set of credentials in the principal at any instance in time. The results could be different if the credentials are not currently in use.

Return Values

Returns attribute list.

Note: This is information taken from CORBAservices: Common Object Services Specification, p. 15-97. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

SecurityLevel2::Credentials::invocation_options_supported

Synopsis

Indicates the maximum number of security options that can be used when establishing an SSL connection to make an invocation on an object in the BEA Tuxedo domain.

OMG IDL Definition

attribute Security::AssociationOptions
                            invocation_options_supported;

Argument

None.

Description

This method should be used in conjunction with the SecurityLevel2::Credentials::invocation_options_required method.

The following security options can be specified:

Security Option	Description
NoProtection	The SSL protocol does not provide message protection.
Integrity	The SSL protocol provides an integrity check of messages. Digital signatures are used to protect the integrity of messages.
Confidentiality	The SSL connection protects the confidentiality of messages. Crytography is used to protect the confidentiality of messages.
DetectReplay	The SSL protocol provides replay detection. Replay occurs when a message is sent repeatedly with no detection.
DetectMisordering	The SSL protocol provides sequence error detection for requests and request fragments.
EstablishTrustInTarget	Indicates that the target of a request authenticates itself to the initiating principal.
NoDelegation	Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions. However, the principal's privileges are not delegated so the intermediate object cannot use the privileges when invoking the next object in the chain.
SimpleDelegation	Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions, and delegates the privileges to the intermediate object. The target object receives only the privileges of the client application and does not know the identity of the intermediate object. When this invocation option is used without restrictions on the target object, the behavior is known as impersonation.
CompositeDelegation	Indicates that the principal permits the intermediate object to use its credentials and delegate them. The privileges of both the principal and the intermediate object can be checked.

 

Return Values

The list of defined security options.

If the Tobj::TuxedoSecurity security mechanism is used to create the security association, only the NoProtection, EstablishTrustInClient, and SimpleDelegation security options are returned. The EstablishTrustInClient security option appears only if the security level of the CORBA application is defined to require passwords to access the BEA Tuxedo domain.

Note: A CORBA::NO_PERMISSION exception is returned if the security options specified are not supported by the security mechanism defined for the CORBA application. This exception can also occur if the security options specified have less capabilities than the security options specified by the SecurityLevel2::Credentials::invocation_options_required method.

The invocation_options_supported attribute has set() and get() methods. You cannot use the set() method when using the Tobj::TuxedoSecurity security mechanism to get a Credentials object. If you do use the set() method with the Tobj::TuxedoSecurity security mechanism, a CORBA::NO_PERMISSION exception is returned.

SecurityLevel2::Credentials::invocation_options_required

Synopsis

Specifies the minimum number of security options to be used when establishing an SSL connection to make an invocation on a target object in the BEA Tuxedo domain.

OMG IDL Definition

attribute Security::AssociationOptions
                            invocation_options_required;

Argument

None.

Description

Use this method to specify that communication between principals and the BEA Tuxedo domain should be protected. After using this method, a Credentials object makes an invocation on a target object using the SSL protocol with the defined level of security options. This method should be used in conjunction with the SecurityLevel2::Credentials::invocation_options_supported method.

The following security options can be specified:

Security Option	Description
NoProtection	The SSL protocol does not provide message protection.
Integrity	The SSL protocol provides an integrity check of messages. Digital signatures are used to protect the integrity of messages.
Confidentiality	The SSL connection protects the confidentiality of messages. Crytography is used to protect the confidentiality of messages.
DetectReplay	The SSL protocol provides replay detection. Replay occurs when a message is sent repeatedly with no detection.
DetectMisordering	The SSL protocol provides sequence error detection for requests and request fragments.
EstablishTrustInTarget	Indicates that the target of a request authenticates itself to the initiating principal.
NoDelegation	Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions. However, the principal's privileges are not delegated so the intermediate object cannot use the privileges when invoking the next object in the chain.
SimpleDelegation	Indicates that the principal permits an intermediate object to use its privileges for the purpose of access control decisions, and delegates the privileges to the intermediate object. The target object receives only the privileges of the client application and does not know the identity of the intermediate object. When this invocation option is used without restrictions on the target object, the behavior is known as impersonation.
CompositeDelegation	Indicates that the principal permits the intermediate object to use its credentials and delegate them. The privileges of both the principal and the intermediate object can be checked.

 

Return Values

The list of defined security options.

If the Tobj::TuxedoSecurity security mechanism is used to create the security association, only the NoProtection, EstablishTrustInClient, and SimpleDelegation security options are returned. The EstablishTrustInClient security option appears only if the security level of the CORBA application is defined to require passwords to access the BEA Tuxedo domain.

Note: A CORBA::NO_PERMISSION exception is returned if the security options specified are not supported by the security mechanism defined for the CORBA application. This exception can also occur if the security options specified have more capabilities than the security options specified by the SecurityLevel2::Credentials::invocation_options_supported method.

The invocation_options_required attribute has set() and get() methods. You cannot use the set() method when using the Tobj::TuxedoSecurity security mechanism to get a Credentials object. If you do use the set() method with the Tobj::TuxedoSecurity security mechanism, a CORBA::NO_PERMISSION exception is returned.

SecurityLevel2::Credentials::is_valid

Synopsis

Checks status of credentials.

OMG IDL Definition

boolean is_valid(
     out Security::UtcT      expiry_time
);

Description

This method returns TRUE if the credentials used are active at the time; that is, you did not call Tobj::PrincipalAuthenticator::logoff or Tobj_Bootstrap::destroy_current. If this method is called after Tobj::PrincipalAuthenticator::logoff(), FALSE is returned. If this method is called after Tobj_Bootstrap::destroy_current(), the CORBA::BAD_INV_ORDER exception is raised.

Return Values

The expiration date returned contains the maximum unsigned long long value in C++ and maximum long in Java. Until the unsigned long long datatype is adopted, the ulonglong datatype is substituted. The ulonglong datatype is defined as follows:

// interim definition of type ulonglong pending the
// adoption of the type extension by all client ORBs.
struct ulonglong {
unsigned long low;
unsigned long high;
};

Note: This information is taken from CORBAservices: Common Object Services Specification, p. 15-97. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

SecurityLevel2::PrincipalAuthenticator

Synopsis

Allows a principal to be authenticated. A Principal Authenticator object that supports the SecurityLevel2::PrincipalAuthenticator interface is a locality-constrained object. Any attempt to pass a reference to the object outside its locality, or any attempt to externalize the object using the CORBA::ORB::object_to_string() operation, results in a CORBA::Marshall exception.

OMG IDL Definition

#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL

#include <SecurityLevel1.idl>

#pragma prefix "omg.org"

module SecurityLevel2 
  {
  interface PrincipalAuthenticator 
    {    // Locality Constrained
    Security::AuthenticationStatus authenticate (
        in   Security::AuthenticationMethod method,
        in   Security::SecurityName         security_name,
        in   Security::Opaque               auth_data,
        in   Security::AttributeList        privileges,
        out  Credentials                    creds,
        out  Security::Opaque               continuation_data,
        out  Security::Opaque               auth_specific_data
    );

    Security::AuthenticationStatus continue_authentication (
        in   Security::Opaque               response_data,
        in   Credentials                    creds,
        out  Security::Opaque               continuation_data,
        out  Security::Opaque               auth_specific_data
    );
    };
  };
#endif // SECURITY_LEVEL_2_IDL

#pragma prefix "beasys.com"
module Tobj
  {
  const Security::AuthenticationMethod
     TuxedoSecurity = 0x54555800;
     CertificateBased = 0x43455254;
  };

C++ Declaration

class SecurityLevel2
  {
  public:
    class	PrincipalAuthenticator;
    typedef	PrincipalAuthenticator * PrincipalAuthenticator_ptr;

  class PrincipalAuthenticator : public virtual CORBA::Object
    {
    public:
      static PrincipalAuthenticator_ptr 
        _duplicate(PrincipalAuthenticator_ptr obj);
      static PrincipalAuthenticator_ptr 
        _narrow(CORBA::Object_ptr obj);
      static PrincipalAuthenticator_ptr _nil();

      virtual Security::AuthenticationStatus 
          authenticate (
            Security::AuthenticationMethod method,
            const char * security_name,
            const Security::Opaque & auth_data,
            const Security::AttributeList & privileges,
            Credentials_out creds,
            Security::Opaque_out continuation_data,
            Security::Opaque_out auth_specific_data) = 0;

      virtual Security::AuthenticationStatus 
          continue_authentication (
                     const Security::Opaque & response_data,
                    Credentials_ptr & creds,
                    Security::Opaque_out continuation_data,
                    Security::Opaque_out auth_specific_data) = 0;

    protected:
      PrincipalAuthenticator(CORBA::Object_ptr obj = 0);
      virtual ~PrincipalAuthenticator() { }

    private:
      PrincipalAuthenticator( const PrincipalAuthenticator&) { }
      void operator=(const PrincipalAuthenticator&) { }
    };  // class PrincipalAuthenticator
  };

SecurityLevel2::PrincipalAuthenticator::continue_authentication

Synopsis

Always fails.

OMG IDL Definition

Security::AuthenticationStatus continue_authentication(
       in  Security::Opaque              response_data,
       in  Credentials                      creds,
       out  Security::Opaque             continuation_data,
       out  Security::Opaque             auth_specific_data
);

Description

Because the BEA Tuxedo software does authentication in one step, this method always fails and returns Security::AuthenticationStatus::SecAuthFailure.

Return Values

Always returns Security::AuthenticationStatus::SecAuthFailure.

Note: This information is taken from CORBAservices: Common Object Services Specification, pp. 15-92, 93. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.

Tobj::PrincipalAuthenticator::get_auth_type

Synopsis

Gets the type of authentication expected by the BEA Tuxedo domain.

OMG IDL Definition

AuthType get_auth_type();

Description

This method returns the type of authentication expected by the BEA Tuxedo domain.

Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.

Return Values

A reference to the Tobj_AuthType enumeration. Returns the type of authentication required to access the BEA Tuxedo domain. The following table describes the valid return values.

Return Value	Meaning
TOBJ_NOAUTH	No authentication is needed; however, the client application can still authenticate itself by specifying a username and a client application name. No password is required. To specify this level of security, specify the NONE value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file.
TOBJ_SYSAUTH	The client application must authenticate itself to the BEA Tuxedo domain, and must specify a username, a name, and a password for the client application. To specify this level of security, specify the APP_PW value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file.
TOBJ_APPAUTH	The client application must provide proof material that authenticates the client application to the BEA Tuxedo domain.The proof material may be a password or a digital certificate. To specify this level of security, specify the USER_AUTH value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file.

 

Tobj::PrincipalAuthenticator::logon

Synopsis

Authenticates the principal.

OMG IDL Definition

Security::AuthenticationStatus logon(
       in string          user_name,
       in string          client_name,
       in string          system_password,
       in string          user_password,
       in UserAuthData    user_data
);

Arguments

user_name

The BEA Tuxedo username. The authentication level is TOBJ_NOAUTH. If user_name is NULL or empty, or exceeds 30 characters, logon raises CORBA::BAD_PARAM.

client_name

The BEA Tuxedo name of the client application. The authentication level is TOBJ_NOAUTH. If the client_name is NULL or empty, or exceeds 30 characters, logon raises the CORBA::BAD_PARAM exception.

system_password

The CORBA client application password. The authentication level is TOBJ_SYSAUTH. If the client name is NULL or empty, or exceeds 30 characters, logon raises the CORBA::BAD_PARAM exception.

Note: The system_password must not exceed 30 characters.

user_password

The user password (needed for use by the default BEA Tuxedo authentication service). The authentication level is TOBJ_APPAUTH. The password must not exceed 30 characters.

user_data

Data that is specific to the client application (needed for use by a custom BEA Tuxedo authentication service). The authentication level is TOBJ_APPAUTH.

Note: TOBJ_SYSAUTH includes the requirements of TOBJ_NOAUTH, plus a client application password. TOBJ_APPAUTH includes the requirements of TOBJ_SYSAUTH, plus additional information, such as a user password or user data.

Note: The user_password and user_data arguments are mutually exclusive, depending on the requirements of the authentication service used in the configuration of the BEA Tuxedo domain. The BEA Tuxedo default authentication service expects a user password. A customized authentication service may require user data. The logon call raises the CORBA::BAD_PARAM exception if both user_password and user_data are specified.

Description

This method authenticates the principal via the IIOP Listener/Handler so that the principal can access a BEA Tuxedo domain. This method is functionally equivalent to SecurityLevel2::PrincipalAuthenticator::authenticate, but the arguments are oriented to ATMI authentication.

Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.

Return Values

The following table describes the valid return values.

Return Value	Meaning
Security::AuthenticationStatus:: SecAuthSuccess	The authentication succeeded.
Security::AuthenticationStatus:: SecAuthFailure	The authentication failed, or the client application was already authenticated and did not call one of the following methods: Tobj::PrincipalAuthenticator:logoff Tobj_Bootstrap::destroy_current

 

Tobj::PrincipalAuthenticator::logoff

Synopsis

Discards the security context associated with the principal.

OMG IDL Definition

void logoff();

Description

This call discards the security context, but does not close the network connections to the BEA Tuxedo domain. Logoff also invalidates the current credentials. After logging off, invocations using existing object references fail if the authentication type is not TOBJ_NOAUTH.

If the principal is currently authenticated to a BEA Tuxedo domain, calling Tobj_Bootstrap::destroy_current() calls logoff implicitly.

Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.

Return Values

None.

Tobj::PrincipalAuthenticator::build_auth_data

Synopsis

Creates authentication data and attributes for use by SecurityLevel2::PrincipalAuthenticator::authenticate.

OMG IDL Definition

void build_auth_data(
       in string                     user_name,
       in  string                     client_name,
       in string                     system_password,
       in string                     user_password,
       in UserAuthData               user_data,
       out Security::Opaque          auth_data,
       out Security::AttributeList   privileges
);

Arguments

user_name

The BEA Tuxedo username.

client_name

The CORBA client name.

system_password

The CORBA client application password.

user_password

The user password (default BEA Tuxedo authentication service).

user_data

Client application-specific data (custom BEA Tuxedo authentication service).

auth_data

For use by authenticate.

privileges

For use by authenticate.

Note: If user_name, client_name, or system_password is NULL or empty, or exceeds 30 characters, the subsequent authenticate method invocation raises the CORBA::BAD_PARAM exception.

Note: The user_password and user_data parameters are mutually exclusive, depending on the requirements of the authentication service used in the configuration of the BEA Tuxedo domain. The BEA Tuxedo default authentication service expects a user password. A customized authentication service may require user data. If both user_password and user_data are specified, the subsequent authentication call raises the CORBA::BAD_PARAM exception.

Description

This method is a helper function that creates authentication data and attributes to be used by SecurityLevel2::PrincipalAuthenticator::authenticate.

Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.

Return Values

None.