Getting Started with Oracle Tuxedo CORBA Applications

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Using Security

This topic includes the following sections:

Notes: This chapter describes how to use authentication. For a complete description of all the security features available in the CORBA security environment and instructions for implementing the features, see Using Security in CORBA Applications in the Oracle Tuxedo online documentation.
Note: The Oracle Tuxedo CORBA Java client and Oracle Tuxedo CORBA Java client ORB were deprecated in Tuxedo 8.1 and are no longer supported. All Oracle Tuxedo CORBA Java client and Oracle Tuxedo CORBA Java client ORB text references, associated code samples, should only be used to help implement/run third party Java ORB libraries, and for programmer reference only.
Note: Technical support for third party CORBA Java ORBs should be provided by their respective vendors. Oracle Tuxedo does not provide any technical support or documentation for third party CORBA Java ORBs.

 


Overview of the Security Service

The CORBA environment in the Oracle Tuxedo product offers a security model based on the CORBA Services Security Service. The Oracle Tuxedo CORBA security model implements the authentication portion of the CORBA Services Security Service.

In the CORBA environment security information is defined on a domain basis. The security level for the domain is defined in the configuration file. Client applications use the SecurityCurrent object to provide the necessary authentication information to log on to the Oracle Tuxedo domain.

The following levels of authentication are provided:

Note: If a client application is not authenticated and the security level is TOBJ_NOAUTH, the IIOP Listener/Handler of the Oracle Tuxedo domain registers the client application with the username and client application name sent to the IIOP Listener/Handler.

In the Oracle Tuxedo CORBA security environment, only the PrincipalAuthenticator and Credentials properties on the SecurityCurrent object are supported. For a description of the SecurityLevel1::Current and SecurityLevel2::Current interfaces, see the CORBA Programming Reference in the Oracle Tuxedo online documentation.

 


How Security Works

Figure 4-1 illustrates how CORBA security works in a Oracle Tuxedo domain.

Figure 4-1 How CORBA Security Works on Oracle Tuxedo Domain

How CORBA Security Works on Oracle Tuxedo Domain

The steps are as follows:

  1. The client application uses the Bootstrap object to return an object reference to the SecurityCurrent object for the Oracle Tuxedo domain.
  2. The client application obtains the PrincipalAuthenticator.
  3. The client application uses the Tobj::PrincipalAuthenticator::get_auth_type() method to get the authentication level for the Oracle Tuxedo domain.
  4. The proper authentication level is returned to the client application.
  5. The client application uses the Tobj::PrincipalAuthenticator::logon() method to log on to the Oracle Tuxedo domain with the proper authentication information.
Note: Oracle Tuxedo CORBA also supports the use of the CORBA Interoperable Naming Service (INS) to obtain an initial object reference for the Security Service. For information on the INS bootstrapping mechanism, see the CORBA Programming Reference.

 


The Security Sample Application

The Security sample application demonstrates how to use password authentication. The Security sample application requires that each student using the application has an ID and a password. The Security sample application works in the following manner:

Note: Certificate authentication is illustrated in the Secure Simpapp sample application.

Figure 4-2 illustrates the Security sample application.

Figure 4-2 Security Sample Application

Security Sample Application

The source files for the Security sample application are located in the \samples\corba\university directory in the Oracle Tuxedo software. For information about building and running the Security sample application, see Using Security in CORBA Applications in the Oracle Tuxedo online documentation.

 


Development Steps

Table 4-1 lists the development steps for writing a Oracle Tuxedo CORBA application that employs authentication security.

Table 4-1 Development Steps for Oracle Tuxedo CORBA Applications That Have Security
Step
Description
1
Define the security level in the configuration file.
2
Write the CORBA client application.

Step 1: Define the Security Level in the Configuration File

The security level for a Oracle Tuxedo domain is defined by setting the SECURITY parameter in the RESOURCES section of the configuration file to the desired security level. Table 4-2 lists the options for the SECURITY parameter.

Table 4-2 Options for the SECURITY Parameter
Option
Definition
NONE
No security is implemented in the domain. This option is the default. This option maps to the TOBJ_NOAUTH level of authentication.
APP_PW
Requires that client applications provide an application password during initialization. The tmloadcf command prompts for an application password. This option maps to the TOBJ_SYSAUTH level of authentication.
USER_AUTH
Requires an application password and performs a per-user authentication during the initialization of the client application. This option maps to the TOBJ_APPAUTH level of authentication.

In the Security sample application, the SECURITY parameter is set to APP_PW for application-level security. For information about adding security to a Oracle Tuxedo CORBA application, see Using Security in CORBA Applications in the Oracle Tuxedo online documentation.

Step 2: Write the CORBA Client Application

Write client application code that does the following:

  1. Uses the Bootstrap object to obtain a reference to the SecurityCurrent object for the specific Oracle Tuxedo domain.
  2. Gets the PrincipalAuthenticator object from the SecurityCurrent object.
  3. Uses the get_auth_type() operation of the PrincipalAuthenticator object to return the type of authentication expected by the Oracle Tuxedo domain.

Listing 4-1 include the portions of the CORBA C++ client applications in the Security sample application that illustrate the development steps for security.

Listing 4-1 Example of Security in a CORBA C++ Client Application
CORBA::Object_var var_security_current_oref =   
bootstrap.resolve_initial_references(“SecurityCurrent”);
SecurityLevel2::Current_var var_security_current_ref =
SecurityLevel2::Current::_narrow(var_security_current_oref.in());
//Get the PrincipalAuthenticator
SecurityLevel2::PrincipalAuthenticator_var var_principal_authenticator_oref =
var_security_current_ref->principal_authenticator();
//Narrow the PrincipalAuthenticator
Tobj::PrincipalAuthenticator_var var_bea_principal_authenticator =
Tobj::PrincipalAuthenticator::_narrow (
var_principal_authenticator_oref.in());
//Determine the security level
Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type();
Security::AuthenticationStatus status = var_bea_principalauthenticator->logon(
user_name,
client_name,
system_password,
user_password,
0);

  Back to Top       Previous  Next