BEA Logo BEA WebLogic Enterprise Release 5.0

  Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy

 

   WLE Doc Home   |   CORBA Programming & Related Topics   |   Previous   |   Next   |   Contents   |   Index

Using Security

This topic describes how to use security in CORBA C++, CORBA Java, and ActiveX client applications for the BEA WLE software.

For an example of how security is implemented in working client applications, see the description of the Security sample application in the Guide to the University Sample Applications.

For an overview of the SecurityCurrent object, see Chapter 1, "Client Application Development Concepts."

Overview of WLE Security

CORBA C++, CORBA Java, and ActiveX client applications use security to authenticate themselves to the WLE domain. Authentication is the process of verifying the identity of a client application. By entering the correct logon information, the client application authenticates itself to the WLE domain. The WLE software uses authentication as defined in the CORBAservices Security Service and provides extensions for ease of use.

A client application must provide security information according to the security level defined in the desired WLE domain. This information is defined by the WLE system administrator in the UBBCONFIG file for the WLE domain. When creating client applications, you must work with the WLE system administrator to obtain the correct security information (such as the user name and user password) for the WLE domain you want to access from the client application.

Summary of the Development Process for Security

The steps for adding security to a client application are as follows:

Step

Description

1

Use the Bootstrap object to obtain a reference to the SecurityCurrent object in the specified WLE domain.

2

Get the PrincipalAuthenticator object from the SecurityCurrent object.

3

Use the get_auth_type operation of the PrincipalAuthenticator object to return the type of authentication expected by the WLE domain.

4

Log on to the WLE domain using the required security information.

5

Log off the WLE domain.

The following sections describe these steps and use portions of the client applications in the Security sample application to illustrate the steps. For information about the Security sample application, see the Guide to the University Sample Applications. The Security sample application is located in the following directory on the WLE software kit:

drive:\M3dir\samples\corba\university\security

Step 1: Using the Bootstrap Object to Obtain the SecurityCurrent Object

Use the Bootstrap object to obtain an object reference to the SecurityCurrent object for the specified WLE domain. The SecurityCurrent object is a SecurityLevel2::Current object as defined by the CORBAservices Security Service. For a complete description of the SecurityCurrent object, see Using Security.

The following C++ , Java, and Visual Basic examples illustrate how the Bootstrap object is used to return the SecurityCurrent object:

C++

CORBA::Object_var var_security_current_oref =
bootstrap.resolve_initial_references("SecurityCurrent");
SecurityLevel2::Current_var var_security_current_ref =
SecurityLevel2::Current::_narrow(var_security_current_oref.in());

Java

org.omg.CORBA.Object SecurityCurrentObj =
gBootstrapObjRef.resolve_initial_references("SecurityCurrent");
org.omg.SecurityLevel2.Current secCur =
org.omg.SecurityLevel2.CurrentHelper.narrow(secCurObj);

Visual Basic

Set objSecurityCurrent = objBootstrap.CreateObject("Tobj.SecurityCurrent")

Step 2: Getting the PrincipalAuthenticator Object from the SecurityCurrent Object

The SecurityCurrent object returns a reference to the PrincipalAuthenticator for the WLE domain. The PrincipalAuthenticator is used to get the authentication level required for an WLE domain.

The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for an WLE domain:

C++

//Get the PrincipalAuthenticator
SecurityLevel2::PrincipalAuthenticator_var var_principal_authenticator_oref =
var_security_current_oref->principal_authenticator();
//Narrow the PrincipalAuthenticator
Tobj::PrincipalAuthenticator_var var_bea_principal_authenticator =
Tobj::PrincipalAuthenticator::_narrow
var_principal_authenticator_oref.in());

Java

//Get the PrincipalAuthenticator
org.omg.SecurityLevel2.PrincipalAuthenticator authlevel2 =
secCur.principal_authenticator();
//Narrow the PrincipalAuthenticator
com.beasys.Tobj.PrincipalAuthenticatorObjRef gPrinAuthObjRef =
(com.beasys.Tobj.PrincipalAuthenticator)
org.omg.SecurityLevel2.PrincipalAuthenticatorHelper.narrow(authlevel2);

Visual Basic

Set objPrincAuth = objSecurityCurrent.principal_authenticator

Step 3: Obtaining the Authentication Level

Use the Tobj::PrincipalAuthenticator::get_auth_type() method to get the level of authentication required by the WLE domain.

For a complete description of the Tobj::PrincipalAuthenticator methods, see the C++ Programming Reference available from the WLE online information set.

The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for an WLE domain:

C++

//Determine the security level
Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type();

Java

//Determine the security level
com.beasys.Tobj.Authtype authType = gPrinAuthObjRef.get_auth_type();

Visual Basic

AuthorityType = objPrinAuth.get_auth_type

Step 4: Logging on to the WLE Domain with Proper Authentication

Use the Tobj::PrincipalAuthenticator::logon() method to log your client application into the desired WLE domain. The method requires the following arguments:

The user_password and user_data arguments are mutually exclusive, depending on the authentication service used in the configuration of the WLE software. If you are using an authentication service other than an authentication service provided by the WLE software, provide the information required for logon in the user_data argument. The Tobj::PrincipalAuthenticator::logon() method raises a CORBA::BAD_PARAM exception if both user_password and user_data are set.

If an WLE domain has a TOBJ_NOAUTH authentication level, the client application is not required to supply a user_name or client_name when logging on to the WLE domain. If the client application does not logon with a user_name and client_name , the IIOP Listener/Handler of the WLE domain registers the client application with the user_name and the client_name set for the IIOP Listener/Handler in the UBBCONFIG file. However, the client application can log on with any user_name and client_name .

The logon() method returns one of the following:

The following C++, Java, and Visual Basic examples illustrate how to use the Tobj::PrincipalAuthenticator::logon() method:

C++

Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type();
Security::AuthenticationStatus status = var_bea_principalauthenticator->logon(
user_name,
client_name,
system_password,
user_password,
0);

Java

org.omg.Security.AuthenticationStatus status = gPrinAuthObjRef.logon
(gUserName, ClientName, gSystemPassword, gUserPassword,0);

Visual Basic

If AuthorityType = TOBJ_APPAUTH Then logonStatus = oPrincAuth.Logon(
UserName,_
ClientName,_
SystemPassword,_
UserPassword,_
UserData)
End If

Step 5: Logging off the WLE Domain

The client application must log off the current WLE domain before it can log on as another user in the same WLE domain. Use the Tobj::PrincipalAuthenticator::logoff() method to discard the WLE current authentication context and credentials. This method does not close the network connections to the WLE domain. After logging off the WLE domain, calls using the existing authentication fail if the authentication type is not TP_NOAUTH.