e-docs > Tuxedo > CORBA ActiveX Online Help > Using Security |
CORBA ActiveX Online Help |
Using Security
This Help topic describes how to use security in ActiveX client applications for the BEA Tuxedo software.
For an overview of the SecurityCurrent object, see Chapter 1, "Overview."
Overview of BEA Tuxedo Security
ActiveX client applications use security to authenticate themselves to the BEA Tuxedo domain. Authentication is the process of verifying the identity of a client application. By entering the correct logon information, the client application authenticates itself to the BEA Tuxedo domain. The BEA Tuxedo software uses authentication as defined in the CORBAservices Security Service and provides extensions for ease of use.
A client application must provide security information according to the security level defined in the desired BEA Tuxedo domain. This information is defined by the BEA Tuxedo system administrator in the UBBCONFIG file for the BEA Tuxedo domain. When creating client applications, you must work with the BEA Tuxedo system administrator to obtain the correct security information (such as the username and user password) for the BEA Tuxedo domain you want to access from the client application.
Summary of the Development Process for Security
The steps for adding security to a client application are as follows:
The following sections describe these steps and use portions of the client applications in the Security University sample application to illustrate the steps.
Step 1: Using the Bootstrap Object to Obtain the SecurityCurrent Object
Use the Bootstrap object to obtain an object reference to the SecurityCurrent object for the specified BEA Tuxedo domain. The SecurityCurrent object is a SecurityLevel2::Current object as defined by the CORBAservices Security Service.
The following Visual Basic example illustrates how the Bootstrap object is used to return the SecurityCurrent object:
Set objSecurityCurrent =
objBootstrap.CreateObject("Tobj.SecurityCurrent")
Step 2: Getting the PrincipalAuthenticator Object from the SecurityCurrent Object
The SecurityCurrent object returns a reference to the PrincipalAuthenticator for the BEA Tuxedo domain. The PrincipalAuthenticator is used to get the authentication level required for a BEA Tuxedo domain.
The following Visual Basic example illustrates how to obtain the PrincipalAuthenticator for a BEA Tuxedo domain:
Set objPrincAuth = objSecurityCurrent.principal_authenticator
Step 3: Obtaining the Authentication Level
Use the Tobj::PrincipalAuthenticator::get_auth_type() method to get the level of authentication required by the BEA Tuxedo domain.
The following Visual Basic example illustrates how to obtain the PrincipalAuthenticator for a BEA Tuxedo domain:
AuthorityType = objPrinAuth.get_auth_type
Step 4: Logging On to the BEA Tuxedo Domain with Proper Authentication
Use the Tobj::PrincipalAuthenticator::logon() method to log your client application into the desired BEA Tuxedo domain. The method requires the following arguments:
The BEA Tuxedo username. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. The system designer decides this name at design time.
The BEA Tuxedo client application name. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. Obtain this information from the system administrator.
The BEA Tuxedo password. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. Obtain this information from the system administrator.
The user password for the BEA Tuxedo authentication service. This information is required for the TOBJ_APPAUTH authentication level.
Application-specific data for authentication. This information is required when the BEA Tuxedo domain the client application is accessing is not using the authentication service provided with the BEA Tuxedo software.
The user_password and user_data arguments are mutually exclusive, depending on the authentication service used in the configuration of the BEA Tuxedo software. If you are using an authentication service other than an authentication service provided by the BEA Tuxedo software, provide the information required for logon in the user_data argument. The Tobj::PrincipalAuthenticator::logon() method raises a CORBA::BAD_PARAM exception if both user_password and user_data are set.
If a BEA Tuxedo domain has a TOBJ_NOAUTH authentication level, the client application is not required to supply a user_name or client_name when logging on to the BEA Tuxedo domain. If the client application does not log on with a user_name and client_name, the IIOP Server Listener/Handler (ISL/ISH) of the BEA Tuxedo domain registers the client application with the user_name and the client_name set for the ISL/ISH in the UBBCONFIG file. However, the client application can log on with any user_name and client_name.
The logon() method returns one of the following:
The following Visual Basic example illustrates how to use the Tobj::PrincipalAuthenticator::logon() method:
If AuthorityType = TOBJ_APPAUTH Then logonStatus =
oPrincAuth.Logon(
UserName,ClientName,SystemPassword,_
UserPassword,UserData)
End If
Step 5: Logging Off the BEA Tuxedo Domain
The client application must log off the current BEA Tuxedo domain before it can log on as another user in the same BEA Tuxedo domain. Use the Tobj::PrincipalAuthenticator::logoff() method to discard the BEA Tuxedo current authentication context and credentials. This method does not close the network connections to the BEA Tuxedo domain. After logging off the BEA Tuxedo domain, calls using the existing authentication fail if the authentication type is not TP_NOAUTH.