BEA Logo BEA BEA Tuxedo Release [Release Number]

  BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT

 

   BEA Tuxedo Doc Home   |   Using Security in CORBA Applications   |   Previous Topic   |   Next Topic   |   Contents   |   Index

Using Security in CORBA Applications

 

This document provides an introduction to concepts associated with the BEA Tuxedo® security features, a description of how to secure your CORBA applications using the security features, and a guide to the use of the application programming interfaces (APIs) in the CORBA Security Service.

 

Security Concepts

 

Overview of the CORBA Security Features

The CORBA Security Features

The CORBA Security Environment

Single Sign-on in the CORBA Security Environment

BEA Tuxedo Security SPIs

 

Introduction to the SSL Technology

The SSL Protocol

Digital Certificates

Certificate Authority

Certificate Repositories

A Public Key Infrastructure

PKCS-5 and PKCS-8 Compliance

Supported Public Key Algorithms

Supported Symmetric Key Algorithms

Supported Message Digest Algorithms

Supported Cipher Suites

Standards for Digital Certificates

 

Fundamentals of CORBA Security

Link-Level Encryption

How LLE Works

Encryption Key Size Negotiation

WSL/WSH Connection Timeout During Initialization

Development Process

Password Authentication

How Password Authentication Works

Development Process for Password Authentication

The SSL Protocol

How the SSL Protocol Works

Requirements for Using the SSL Protocol

Development Process for the SSL Protocol

Certificate Authentication

How Certificate Authentication Works

Development Process for Certificate Authentication

Using an Authentication Plug-in

Authorization

Auditing

Single Sign-on

PKI Plug-ins

Commonly Asked Questions About the CORBA Security Features

Do I Have to Change the Security in an Existing CORBA Application?

Can I Use the SSL Protocol in an Existing CORBA Application?

When Should I Use Certificate Authentication?

 

Security Adminstration

 

Managing Public Key Security

Requirements for Using Public Key Security

Who Needs Digital Certificates and Private/Private Key Pairs?

Requesting a Digital Certificate

Publishing Certificates in the LDAP Directory Service

Editing the LDAP Search Filter File

Storing the Private Keys in a Common Location

Defining the Trusted Certificate Authorities

Creating a Peer Rules File

 

Configuring Link-Level Encryption

Understanding min and max Values

Verifying the Installed Version of LLE

Configuring LLE on CORBA Application Links

 

Configuring the SSL Protocol

Setting Parameters for the SSL Protocol

Defining a Port for SSL Network Connections

Enabling Host Matching

Setting the Encryption Strength

Setting the Interval for Session Renegotiation

Defining Security Parameters for the IIOP Listener/Handler

Example of Setting Parameters on the ISL System Process

Example of Setting Command-line Options on the CORBA C++ ORB

 

Configuring Authentication

Configuring the Authentication Server

Defining Authorized Users

Defining a Security Level

Configuring Application Password Security

Configuring Password Authentication

Sample UBBCONFIG File for Password Authentication

Configuring Certificate Authentication

Sample UBBCONFIG File for Certificate Authentication

Configuring Access Control

Configuring Optional ACL Security

Configuring Mandatory ACL Security

Setting ACL Policy Between CORBA Applications

Configuring Security to Interoperate with Older WebLogic Enterprise Client Applications

 

Configuring Single Sign-on

Single Sign-on with Password Authentication

Single Sign-on with Password Authentication and the SSL Protocol

Single Sign-on with the SSL Protocol and Certificate Authentication

 

Configuring Security Plug-ins

Registering the Security Plug-ins (SPIs)

 

Security Programming

 

Writing a CORBA Application That Implements Security

Using the Bootstrapping Mechanism

Using the Host and Port Address Format

Using the corbaloc URL Address Format

Using the corbalocs URL Address Format

Using Password Authentication

The Security Sample Application

Writing the Client Application

Using Certificate Authentication

The Secure Simpapp Sample Application

Writing the CORBA Client Application

Using the Interoperable Naming Service Mechanism

Using the Invocations_Options_Required() Method

 

Building and Running the CORBA Sample Applications

Building and Running the Security Sample Application

Building and Running the Secure Simpapp Sample Application

Step 1: Copy the Files for the Secure Simpapp Sample Application into a Work Directory

Step 2: Change the Protection Attribute on the Files for the Secure Simpapp Sample Application

Step 3: Verify the Settings of the Environment Variables

Step 4: Execute the runme Command

Using the Secure Simpapp Sample Application

 

Troubleshooting

Using ULOGS and ORB Tracing

CORBA::ORB_init Problems

Password Authentication Problems

Certificate Authentication Problems

Tobj::Bootstrap::
resolve_initial_references Problems

IIOP Listener/Handler Startup Problems

Configuration Problems

Problems with Using Callbacks Objects with the SSL Protocol

Troubleshooting Tips for Digital Certificates

 

Security Reference

 

CORBA Security APIs

The CORBA Security Model

Authentication of Principals

Controlling Access to Objects

Administrative Control

Functional Components of the CORBA Security Environment

The Principal Authenticator Object

Using the Principal Authenticator Object with Certificate Authentication

BEA Tuxedo Extensions to the Principal Authenticator Object

The Credentials Object

The SecurityCurrent Object

 

Security Modules

CORBA Module

TimeBase Module

Security Module

Security Level 1 Module

Security Level 2 Module

Tobj Module

 

C++ Security Reference

SecurityLevel1::Current::get_attributes

SecurityLevel2::PrincipalAuthenticator::authenticate

SecurityLevel2::Current::set_credentials

SecurityLevel2::Current::get_credentials

SecurityLevel2::Current::principal_authenticator

SecurityLevel2::Credentials

SecurityLevel2::Credentials::get_attributes

SecurityLevel2::Credentials::invocation_options_supported

SecurityLevel2::Credentials::invocation_options_required

SecurityLevel2::Credentials::is_valid

SecurityLevel2::PrincipalAuthenticator

SecurityLevel2::PrincipalAuthenticator::continue_authentication

Tobj::PrincipalAuthenticator::get_auth_type

Tobj::PrincipalAuthenticator::logon

Tobj::PrincipalAuthenticator::logoff

Tobj::PrincipalAuthenticator::build_auth_data

 

Java Security Reference

 

Automation Security Reference

Method Descriptions

DISecurityLevel2_Current

DISecurityLevel2_Current.get_attributes

DISecurityLevel2_Current.set_credentials

DISecurityLevel2_Current.get_credentials

DISecurityLevel2_Current.principal_authenticator

DITobj_PrincipalAuthenticator

DITobj_PrincipalAuthenticator.authenticate

DITobj_PrincipalAuthenticator.build_auth_data

DITobj_PrincipalAuthenticator.continue_authentication

DITobj_PrincipalAuthenticator.get_auth_type

DITobj_PrincipalAuthenticator.logon

DITobj_PrincipalAuthenticator.logoff

DISecurityLevel2_Credentials

DISecurityLevel2_Credentials.get_attributes

DISecurityLevel2_Credentials.is_valid

Programming Example

 

back to top   next page