Using Security in CORBA Applications
Authenticates the principal and optionally obtains credentials for the principal.
Security::AuthenticationStatus
authenticate(
in Security::AuthenticationMethodmethod
,
in Security::SecurityNamesecurity_name
,
in Security::Opaqueauth_data
,
in Security::AttributeListprivileges
,
out Credentialscreds
,
out Security::Opaquecontinuation_data
,
out Security::Opaqueauth_specific_data
);
The security mechanism to be used. Valid values are Tobj::TuxedoSecurity
and Tobj::CertificateBased
.
The principal's identification information (for example, logon information). The value must be a pointer to a NULL-terminated string containing the username of the principal. The string is limited to 30 characters, excluding the NULL character.
When using certificate authentication, this name is used to look up a certificate in the LDAP-enabled directory service. It is also used as the basis for the name of the file in which the private key is stored. For example:
milozzi@company.com
is the e-mail address used to look up a certificate in the LDAP-enabled directory service and milozzi_company.pem
is the name of the private key file.
The principals' authentication, such as their password or private key. If the Tobj:TuxedoSecurity
security mechanism is specified, the value of this argument is dependent on the configured level of authentication. If the Tobj::CertificateBased
argument is specified, the value of this argument is the pass phrase used to decrypt the private key of the principal.
The object reference of the newly created Credentials object.The object reference is not fully initialized; therefore, the object reference cannot be used until the return value of the SecurityLevel2::Current::authenticate
method is SecAuthSuccess.
If the return value of the SecurityLevel2::Current::authenticate
method is SecAuthContinue
, this argument contains the challenge information for the authentication to continue. The value returned will always be empty.
The SecurityLevel2::Current::authenticate
method is used by the client application to authenticate the principal and optionally request privilege attributes that the principal requires during its session with the BEA Tuxedo domain.
If the Tobj::TuxedoSecurity
security mechanism is to be specified, the same functionality can be obtained by calling the Tobj::PrincipalAuthenticator::logon
operation, which provides the same functionality but is specifically tailored for use with the ATMI authentication security mechanism.
The following table describes the valid return values.