		BEA WebLogic Enterprise 4.2 Developer Center
		HOME \| SITE MAP \| SEARCH \| CONTACT \| GLOSSARY \| PDF FILES \| WHAT'S NEW
		Developing Applications \| TABLE OF CONTENTS \| PREVIOUS TOPIC \| NEXT TOPIC \| INDEX

Using Security

This chapter describes how to use security in CORBA C++, CORBA Java, and ActiveX client applications for the WLE software.

For an example of how security is implemented in working client applications, see the description of the Security sample application in the Guide to the University Sample Applications.

For an overview of the SecurityCurrent object, see Chapter 1, "Client Application Development Concepts."

Overview of WLE Security

CORBA C++, CORBA Java, and ActiveX client applications use security to authenticate themselves to the WLE domain. Authentication is the process of verifying the identity of a client application. By entering the correct logon information, the client application authenticates itself to the WLE domain. The WLE software uses authentication as defined in the CORBAservices Security Service and provides extensions for ease of use.

A client application must provide security information according to the security level defined in the desired WLE domain. This information is defined by the WLE system administrator in the UBBCONFIG file for the WLE domain. When creating client applications, you must work with the WLE system administrator to obtain the correct security information (such as the user name and user password) for the WLE domain you want to access from the client application.

Summary of the Development Process for Security

The steps for adding security to a client application are as follows:


Step	Description
1	Use the Bootstrap object to obtain a reference to the SecurityCurrent object in the specified WLE domain.
2	Get the PrincipalAuthenticator object from the SecurityCurrent object.
3	Use the `get_auth_type` operation of the PrincipalAuthenticator object to return the type of authentication expected by the WLE domain.
4	Log on to the WLE domain using the required security information.
5	Log off the WLE domain.

The following sections describe these steps and use portions of the client applications in the Security University sample application to illustrate the steps. For information about the Security University sample application, see the Guide to the University Sample Applications. The Security University sample application is located in the following directory on the WLE software kit:

drive:\wledir\samples\corba\university\security

Step 1: Using the Bootstrap Object to Obtain the SecurityCurrent Object

Use the Bootstrap object to obtain an object reference to the SecurityCurrent object for the specified WLE domain. The SecurityCurrent object is a SecurityLevel2::Current object as defined by the CORBAservices Security Service. For a complete description of the SecurityCurrent object, see the C++ Programming Reference available from the Online Documentation CD.

The following C++ , Java, and Visual Basic examples illustrate how the Bootstrap object is used to return the SecurityCurrent object:

C++

CORBA::Object_var var_security_current_oref =   
       bootstrap.resolve_initial_references("SecurityCurrent");
SecurityLevel2::Current_var var_security_current_ref = 
       SecurityLevel2::Current::_narrow(
                              var_security_current_oref.in());

Java

org.omg.CORBA.Object secCurObj = 
      gBootstrapObjRef.resolve_initial_references(
                                    "SecurityCurrent");
org.omg.SecurityLevel2.Current secCur =
      org.omg.SecurityLevel2.CurrentHelper.narrow(secCurObj);

Visual Basic

Set objSecurityCurrent =
      objBootstrap.CreateObject("Tobj.SecurityCurrent")

Step 2: Getting the PrincipalAuthenticator Object from the SecurityCurrent Object

The SecurityCurrent object returns a reference to the PrincipalAuthenticator for the WLE domain. The PrincipalAuthenticator is used to get the authentication level required for a WLE domain.

The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for a WLE domain:

C++

//Get the PrincipalAuthenticator
SecurityLevel2::PrincipalAuthenticator_var var_principal_authenticator_oref =
     var_security_current_oref->principal_authenticator();
//Narrow the PrincipalAuthenticator
Tobj::PrincipalAuthenticator_var var_bea_principal_authenticator =
     Tobj::PrincipalAuthenticator::_narrow( 
                                     var_principal_authenticator_oref.in());

Java

//Get the PrincipalAuthenticator
org.omg.SecurityLevel2.PrincipalAuthenticator authlevel2 =   
     secCur.principal_authenticator();
//Narrow the PrincipalAuthenticator
com.beasys.Tobj.PrincipalAuthenticatorObjRef gPrinAuthObjRef = 
     (com.beasys.Tobj.PrincipalAuthenticator)
org.omg.SecurityLevel2.PrincipalAuthenticatorHelper.narrow(
                                                   authlevel2);

Visual Basic

Set objPrincAuth = objSecurityCurrent.principal_authenticator

Step 3: Obtaining the Authentication Level

Use the Tobj::PrincipalAuthenticator::get_auth_type() method to get the level of authentication required by the WLE domain.

For a complete description of the Tobj::PrincipalAuthenticator methods, see the C++ Programming Reference available from the WLE online information set.

The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for a WLE domain:

C++

//Determine the security level
Tobj::AuthType auth_type =
           var_bea_principal_authenticator->get_auth_type();

Java

//Determine the security level
com.beasys.Tobj.Authtype authType =
           gPrinAuthObjRef.get_auth_type();

Visual Basic

AuthorityType = objPrinAuth.get_auth_type

Step 4: Logging on to the WLE Domain with Proper Authentication

Use the Tobj::PrincipalAuthenticator::logon() method to log your client application into the desired WLE domain. The method requires the following arguments:

user_name

The WLE user name. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. The system designer decides this name at design time.
client_name

The WLE client application name. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. Obtain this information from the system administrator.
system_password

The WLE password. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. Obtain this information from the system administrator.
user_password

The user password for the WLE authentication service. This information is required for the TOBJ_APPAUTH authentication level.
user_data

Application-specific data for authentication. This information is required when the WLE domain being accessed by the client application is not using the authentication service provided with the WLE software.

The user_password and user_data arguments are mutually exclusive, depending on the authentication service used in the configuration of the WLE software. If you are using an authentication service other than an authentication service provided by the WLE software, provide the information required for logon in the user_data argument. The Tobj::PrincipalAuthenticator::logon() method raises a CORBA::BAD_PARAM exception if both user_password and user_data are set.

If a WLE domain has a TOBJ_NOAUTH authentication level, the client application is not required to supply a user_name or client_name when logging on to the WLE domain. If the client application does not logon with a user_name and client_name, the IIOP Server Listener/Handler (ISL/ISH) of the WLE domain registers the client application with the user_name and the client_name set for the ISL/ISH in the UBBCONFIG file. However, the client application can log on with any user_name and client_name.

The logon() method returns one of the following:

Security::AuthenticationStatus::SecAuthSuccess if the authentication succeeded
Security::AuthenticationStatus::SecAuthFailure if the authentication failed or if the client application was already authenticated and did not log off the WLE domain

The following C++, Java, and Visual Basic examples illustrate how to use the Tobj::PrincipalAuthenticator::logon() method:

C++

Security::AuthenticationStatus status =
        var_bea_principalauthenticator->logon(
            user_name, client_name, system_password,
            user_password, 0);

Java

org.omg.Security.AuthenticationStatus status =
       gPrinAuthObjRef.logon
          (gUserName, ClientName, gSystemPassword, gUserPassword,0);

Visual Basic

If AuthorityType = TOBJ_APPAUTH Then logonStatus =
       oPrincAuth.Logon(
           UserName,ClientName,SystemPassword,_
           UserPassword,UserData)
End If

Step 5: Logging off the WLE Domain

The client application must log off the current WLE domain before it can log on as another user in the same WLE domain. Use the Tobj::PrincipalAuthenticator::logoff() method to discard the WLE current authentication context and credentials. This method does not close the network connections to the WLE domain. After logging off the WLE domain, calls using the existing authentication fail if the authentication type is not TP_NOAUTH.

Copyright � 1999 BEA Systems, Inc. All Rights Reserved.
Required browser version: Netscape Communicator version 4.0 or higher, or Microsoft Internet Explorer version 4.0 or higher.
Last update: July 01, 1999.