The DISecurityLevel2_Current object is an Oracle implementation of the CORBA Security model. In this release of the Oracle Tuxedo software, the get_attributes(), set_credentials(), get_credentials(), and Principal_Authenticator() methods are supported.A variant containing an array of DISecurity_SecAttribute objects. The following table describes the valid return values.
This method can be used only to set SecInvocationCredentials; otherwise, set_credentials raises CORBA::BAD_PARAM. The credentials must have been obtained from a previous call to DISecurityLevel2_Current.get_credentials.This call can be used only to get SecInvocationCredentials; otherwise, get_credentials raises CORBA::BAD_PARAM. If no credentials are available, get_credentials raises CORBA::BAD_INV_ORDER.A DISecurityLevel2_Credentials object for the active credentials in the client application only.Returns the PrincipalAuthenticator.The PrincipalAuthenticator returned by the principal_authenticator property is of actual type DITobj_PrincipalAuthenticator. Therefore, it can be used as a DISecurityLevel2_PrincipalAuthenticator.
Note: This method raises CORBA::BAD_INV_ORDER if it is called on an invalid SecurityCurrent object.A DITobj_PrincipalAuthenticator object.The DITobj_PrincipalAuthenticator object is used to log in to and log out of the Oracle Tuxedo domain. In this release of the Oracle Tuxedo software, the authenticate, build_auth_data(), continue_authentication(), get_auth_type(), logon(), and logoff() methods are implemented.HRESULT authenticate(
[in] long method,
[in] BSTR security_name,
[in] VARIANT auth_data,
[in] VARIANT privileges,
[out] DISecurityLevel2_Credentials**
creds,
[out] VARIANT* continuation_data,
[out] VARIANT* auth_specific_data,
[in,out,optional] VARIANT* exceptionInfo,
[out,retval] Security_AuthenticationStatus* returnValue);As returned by DITobj_PrincipalAuthenticator.build_auth_data. If auth_data is invalid, authenticate raises CORBA::BAD_PARAM.As returned by DITobj_PrincipalAuthenticator.build_auth_data. If privileges is invalid, authenticate raises CORBA::BAD_PARAM.A Security_AuthenticationStatus Enum value. The following table describes the valid return values.
The authentication failed, or the client application was already authenticated and did not invoke Tobj::PrincipalAuthenticator:logoff or Tobj_Bootstrap::destroy_current.Creates authentication data and attributes for use by DITobj_PrincipalAuthenticator.authenticate.HRESULT build_auth_data(
[in] BSTR user_name,
[in] BSTR client_name,
[in] BSTR system_password,
[in] BSTR user_password,
[in] VARIANT user_data,
[out] VARIANT* auth_data,
[out] VARIANT* privileges,
[in,out,optional] VARIANT* exceptionInfo);For use by authenticate.For use by authenticate.
Note: If user_name, client_name, or system_password is NULL or empty, or exceeds 30 characters, the subsequent authenticate method invocation raises the CORBA::BAD_PARAM exception.
Note: The user_password and user_data parameters are mutually exclusive, depending on the requirements of the authentication service used in the configuration of the Oracle Tuxedo domain. The default authentication service expects a user password. A customized authentication service may require user data. If both user_password and user_data are specified, the subsequent authentication call raises the CORBA::BAD_PARAM exception.This method is a helper function that creates authentication data and attributes to be used by DITobj_PrincipalAuthenticator.authenticate.
Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.Always returns Security::AuthenticationStatus::SecAuthFailure.Because the Oracle Tuxedo software does authentication in one step, this method always fails and returns Security::AuthenticationStatus::SecAuthFailure.Always returns SecAuthFailure.
Note: This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.A reference to the Tobj_AuthType enumeration. The following table describes the valid return values.
To specify this level of security, specify the NONE value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file. To specify this level of security, specify the APP_PW value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file. To specify this level of security, specify the USER_AUTH value for the SECURITY parameter in the RESOURCES section of the UBBCONFIG file.HRESULT logon(
[in] BSTR user_name,
[in] BSTR client_name,
[in] BSTR system_password,
[in] BSTR user_password,
[in] VARIANT user_data,
[in,out,optional] VARIANT* exceptionInfo,
[out,retval] Security_AuthenticationStatus*
returnValue);For remote CORBA client applications, this method authenticates the client application via the IIOP Listener/Handler so that the remote client application can access an Oracle Tuxedo domain. This method is functionally equivalent to DITobj_PrincipalAuthenticator.authenticate, but the parameters are oriented to security.The Oracle Tuxedo username. This parameter is required for TOBJ_NOAUTH, TOBJ_SYSAUTH, and TOBJ_APPAUTH authentication levels.The name of the CORBA client application. This parameter is required for TOBJ_NOAUTH, TOBJ_SYSAUTH, and TOBJ_APPAUTH authentication levels.A password for the CORBA client application. This parameter is required for TOBJ_SYSAUTH and TOBJ_APPAUTH authentication levels.The user password (default authentication service). This parameter is required for the TOBJ_APPAUTH authentication level.Application-specific data (custom authentication service). This parameter is required for the TOBJ_APPAUTH authentication level.
Note: If user_name, client_name, or system_password is NULL or empty, or exceeds 30 characters, the subsequent authenticate method invocation raises the CORBA::BAD_PARAM exception.
Note:
This call discards the context associated with the CORBA client application, but does not close the network connections to the Oracle Tuxedo domain. Logoff also invalidates the current credentials. After logging off, calls using existing object references fail if the authentication type is not TOBJ_NOAUTH.If the client application is currently authenticated to an Oracle Tuxedo domain, calling Tobj_Bootstrap.destroy_current() calls logoff implicitly.The DISecurityLevel2_Credentials object is an Oracle implementation of the CORBA Security model. In this release of the Oracle Tuxedo software, the get_attributes() and is_valid() methods are supported.This method returns the attribute list attached to the credentials of the client application. In the list of attribute types, you are required to include only the type value(s) for the attributes you want returned in the AttributeList. Attributes are not currently returned based on attribute family or identities. In most cases, this is the same result you would get if you called DISecurityLevel2.Current::get_attributes(), since there is only one valid set of credentials in the client application at any instance in time. The results could be different if the credentials are not currently in use.A variant containing an array of DISecurity_SecAttribute objects.This method returns TRUE if the credentials used are active at the time; that is, you did not call DITobj_PrincipalAuthenticator.logoff or destroy_current. If this method is called after DITobj_PrincipalAuthenticator.logoff(), FALSE is returned. If this method is called after destroy_current(), the CORBA::BAD_INV_ORDER exception is raised.