|
|
This topic describes how to use security in CORBA C++, CORBA Java, and ActiveX client applications for the BEA WLE software.
For an example of how security is implemented in working client applications, see the description of the Security sample application in the Guide to the University Sample Applications.
For an overview of the SecurityCurrent object, see Chapter 1, "Client Application Development Concepts."
CORBA C++, CORBA Java, and ActiveX client applications use security to authenticate themselves to the WLE domain. Authentication is the process of verifying the identity of a client application. By entering the correct logon information, the client application authenticates itself to the WLE domain. The WLE software uses authentication as defined in the CORBAservices Security Service and provides extensions for ease of use.
A client application must provide security information according to the security level defined in the desired WLE domain. This information is defined by the WLE system administrator in the
UBBCONFIG file for the WLE domain. When creating client applications, you must work with the WLE system administrator to obtain the correct security information (such as the user name and user password) for the WLE domain you want to access from the client application.
The steps for adding security to a client application are as follows:
Overview of WLE Security
Summary of the Development Process for Security
Step |
Description |
---|---|
Get the PrincipalAuthenticator object from the SecurityCurrent object.
|
|
Log on to the WLE domain using the required security information.
|
|
The following sections describe these steps and use portions of the client applications in the Security sample application to illustrate the steps. For information about the Security sample application, see the Guide to the University Sample Applications. The Security sample application is located in the following directory on the WLE software kit:
drive:\M3dir\samples\corba\university\security
Use the Bootstrap object to obtain an object reference to the SecurityCurrent object for the specified WLE domain. The SecurityCurrent object is a SecurityLevel2::Current
object as defined by the CORBAservices Security Service. For a complete description of the SecurityCurrent object, see Using Security.
The following C++ , Java, and Visual Basic examples illustrate how the Bootstrap object is used to return the SecurityCurrent object:
C++
CORBA::Object_var var_security_current_oref = Java
org.omg.CORBA.Object SecurityCurrentObj = Visual Basic
Set objSecurityCurrent = objBootstrap.CreateObject("Tobj.SecurityCurrent") The SecurityCurrent object returns a reference to the PrincipalAuthenticator for the WLE domain. The PrincipalAuthenticator is used to get the authentication level required for an WLE domain.
The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for an WLE domain:
C++
//Get the PrincipalAuthenticator Java
//Get the PrincipalAuthenticator Visual Basic
Set objPrincAuth = objSecurityCurrent.principal_authenticator Use the Tobj::PrincipalAuthenticator::get_auth_type()
method to get the level of authentication required by the WLE domain.
For a complete description of the Tobj::PrincipalAuthenticator
methods, see the C++ Programming Reference available from the WLE online information set.
The following C++, Java, and Visual Basic examples illustrate how to obtain the PrincipalAuthenticator for an WLE domain:
C++
//Determine the security level Java
//Determine the security level Visual Basic
AuthorityType = objPrinAuth.get_auth_type Use the Tobj::PrincipalAuthenticator::logon()
method to log your client application into the desired WLE domain. The method requires the following arguments:
Step 1: Using the Bootstrap Object to Obtain the SecurityCurrent Object
bootstrap.resolve_initial_references("SecurityCurrent");
SecurityLevel2::Current_var var_security_current_ref =
SecurityLevel2::Current::_narrow(var_security_current_oref.in());
gBootstrapObjRef.resolve_initial_references("SecurityCurrent");
org.omg.SecurityLevel2.Current secCur =
org.omg.SecurityLevel2.CurrentHelper.narrow(secCurObj);Step 2: Getting the PrincipalAuthenticator Object from the SecurityCurrent Object
SecurityLevel2::PrincipalAuthenticator_var var_principal_authenticator_oref =
var_security_current_oref->principal_authenticator();
//Narrow the PrincipalAuthenticator
Tobj::PrincipalAuthenticator_var var_bea_principal_authenticator =
Tobj::PrincipalAuthenticator::_narrow
var_principal_authenticator_oref.in());
org.omg.SecurityLevel2.PrincipalAuthenticator authlevel2 =
secCur.principal_authenticator();
//Narrow the PrincipalAuthenticator
com.beasys.Tobj.PrincipalAuthenticatorObjRef gPrinAuthObjRef =
(com.beasys.Tobj.PrincipalAuthenticator)
org.omg.SecurityLevel2.PrincipalAuthenticatorHelper.narrow(authlevel2);Step 3: Obtaining the Authentication Level
Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type();
com.beasys.Tobj.Authtype authType = gPrinAuthObjRef.get_auth_type();Step 4: Logging on to the WLE Domain with Proper Authentication
The WLE user name. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. The system designer decides this name at design time.
The WLE client application name. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. This information may be supplied for the TOBJ_NOAUTH authentication level; however, it is not required. Obtain this information from the system administrator.
The WLE password. This information is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels. Obtain this information from the system administrator.
The user password for the WLE authentication service. This information is required for the TOBJ_APPAUTH authentication level.
Application-specific data for authentication. This information is required when the WLE domain the client application is accessing is not using the authentication service provided with the WLE software.
The user_password
and user_data
arguments are mutually exclusive, depending on the authentication service used in the configuration of the WLE software. If you are using an authentication service other than an authentication service provided by the WLE software, provide the information required for logon in the user_data
argument. The Tobj::PrincipalAuthenticator::logon()
method raises a CORBA::BAD_PARAM
exception if both user_password
and user_data
are set.
If an WLE domain has a TOBJ_NOAUTH authentication level, the client application is not required to supply a user_name
or client_name
when logging on to the WLE domain. If the client application does not logon with a user_name
and client_name
, the IIOP Listener/Handler of the WLE domain registers the client application with the user_name
and the client_name
set for the IIOP Listener/Handler in the UBBCONFIG
file. However, the client application can log on with any user_name
and client_name
.
The logon()
method returns one of the following:
The following C++, Java, and Visual Basic examples illustrate how to use the Tobj::PrincipalAuthenticator::logon()
method:
C++
Tobj::AuthType auth_type = var_bea_principal_authenticator->get_auth_type(); Java
org.omg.Security.AuthenticationStatus status = gPrinAuthObjRef.logon Visual Basic
If AuthorityType = TOBJ_APPAUTH Then logonStatus = oPrincAuth.Logon( The client application must log off the current WLE domain before it can log on as another user in the same WLE domain. Use the Tobj::PrincipalAuthenticator::logoff()
method to discard the WLE current authentication context and credentials. This method does not close the network connections to the WLE domain. After logging off the WLE domain, calls using the existing authentication fail if the authentication type is not TP_NOAUTH.
Security::AuthenticationStatus status = var_bea_principalauthenticator->logon(
user_name,
client_name,
system_password,
user_password,
0);
(gUserName, ClientName, gSystemPassword, gUserPassword,0);
UserName,_
ClientName,_
SystemPassword,_
UserPassword,_
UserData)
End IfStep 5: Logging off the WLE Domain
|
Copyright © 1999 BEA Systems, Inc. All rights reserved.
|