Note:
|
The defining_authority field is always empty. Depending on the security level defined in the UBBCONFIG file not all the values for the get_attribute method may be available. Two additional values, Group Id and Role, are available with the security level is set to ACL or MANDATORY_ACL in the UBBCONFIG file.
|
Note:
|
This information is taken from CORBAservices: Common Object Services Specification, pp. 15-103, 104. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
Security::AuthenticationStatus
authenticate(
in Security::AuthenticationMethod
method,
in Security::SecurityName
security_name,
in Security::Opaque
auth_data,
in Security::AttributeList
privileges,
out Credentials
creds,
out Security::Opaque
continuation_data,
out Security::Opaque
auth_specific_data );
milozzi@company.com is the e-mail address used to look up a certificate in the LDAP-enabled directory service and
milozzi_company.pem is the name of the private key file.
If the return value of the SecurityLevel2::Current::authenticate method is
SecAuthContinue, this argument contains the challenge information for the authentication to continue. The value returned will always be empty.
The SecurityLevel2::Current::authenticate method is used by the client application to authenticate the principal and optionally request privilege attributes that the principal requires during its session with the Oracle Tuxedo domain.
If the Tobj::TuxedoSecurity security mechanism is to be specified, the same functionality can be obtained by calling the
Tobj::PrincipalAuthenticator::logon operation, which provides the same functionality but is specifically tailored for use with the ATMI authentication security mechanism.
|
|
|
|
|
If the Tobj::TuxedoSecurity security mechanism is used, this return value indicates that authentication failed or that the client application was already authenticated and did not call either the Tobj::PrincipalAuthenticator::logoff or the Tobj_Bootstrap::destroy_current operation.
|
|
Indicates that the authentication procedure uses a challenge/response mechanism. The creds argument contains the object reference of a partially initialized Credentials object. The continuation_data indicates the details of the challenge.
|
|
If the Tobj::TuxedoSecurity security mechanism is used, this return value is never returned.
|
|
The CORBA::BAD_PARAM exception occurs if:
•
|
Values for the security_name, auth_data, or privileges arguments are not specified.
|
•
|
The value of the method argument is Tobj::TuxedoSecurity and the content of the auth_data argument contains a username or a clientname as an empty or a NULL string.
|
|
This method can be used only to set SecInvocationCredentials; otherwise,
set_credentials raises
CORBA::BAD_PARAM. The credentials must have been obtained from a previous call to
SecurityLevel2::Current::get_credentials or
SecurityLevel2::PrincipalAuthenticator::authenticate.
Note:
|
This information is taken from CORBAservices: Common Object Services Specification, p. 15-104. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
This call can be used only to get SecInvocationCredentials; otherwise,
get_credentials raises
CORBA::BAD_PARAM. If no credentials are available,
get_credentials raises
CORBA::BAD_INV_ORDER.
Note:
|
This information is taken from CORBAservices: Common Object Services Specification, p. 15-105. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
The PrincipalAuthenticator returned by the
principal_authenticator attribute is of actual type
Tobj::PrincipalAuthenticator. Therefore, it can be used both as a
Tobj::PrincipalAuthenticator and as a
SecurityLevel2::PrincipalAuthenticator.
Note:
|
This method raises CORBA::BAD_INV_ORDER if it is called on an invalid SecurityCurrent object.
|
#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL
#include <SecurityLevel1.idl>
#pragma prefix “omg.org”
module SecurityLevel2
{
interface Credentials
{
attribute Security::AssociationOptions
invocation_options_supported;
attribute Security::AssociationOptions
invocation_options_required;
Security::AttributeList
get_attributes(
in Security::AttributeTypeList attributes );
boolean
is_valid(
out Security::UtcT expiry_time );
};
};
#endif /* _SECURITY_LEVEL_2_IDL */
class SecurityLevel2
{
public:
class Credentials;
typedef Credentials * Credentials_ptr;
class Credentials : public virtual CORBA::Object
{
public:
static Credentials_ptr _duplicate(Credentials_ptr obj);
static Credentials_ptr _narrow(CORBA::Object_ptr obj);
static Credentials_ptr _nil();
virtual Security::AssociationOptions
invocation_options_supported() = 0;
virtual void
invocation_options_supported(
const Security::AssociationOptions options ) = 0;
virtual Security::AssociationOptions
invocation_options_required() = 0;
virtual void
invocation_options_required(
const Security::AssociationOptions options ) = 0;
virtual Security::AttributeList *
get_attributes(
const Security::AttributeTypeList & attributes) = 0;
virtual CORBA::Boolean
is_valid( Security::UtcT_out expiry_time) = 0;
protected:
Credentials(CORBA::Object_ptr obj = 0);
virtual ~Credentials() { }
private:
Credentials( const Credentials&) { }
void operator=(const Credentials&) { }
}; // class Credentials
}; // class SecurityLevel2
Note:
|
This is information taken from CORBAservices: Common Object Services Specification, p. 15-97. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
If the Tobj::TuxedoSecurity security mechanism is used to create the security association, only the
NoProtection,
EstablishTrustInClient, and
SimpleDelegation security options are returned. The
EstablishTrustInClient security option appears only if the security level of the CORBA application is defined to require passwords to access the Oracle Tuxedo domain.
Note:
|
A CORBA::NO_PERMISSION exception is returned if the security options specified are not supported by the security mechanism defined for the CORBA application. This exception can also occur if the security options specified have less capabilities than the security options specified by the SecurityLevel2::Credentials::invocation_options_required method.
|
The invocation_options_supported attribute has
set() and
get() methods. You cannot use the
set() method when using the
Tobj::TuxedoSecurity security mechanism to get a Credentials object. If you do use the
set() method with the
Tobj::TuxedoSecurity security mechanism, a
CORBA::NO_PERMISSION exception is returned.
If the Tobj::TuxedoSecurity security mechanism is used to create the security association, only the
NoProtection,
EstablishTrustInClient, and
SimpleDelegation security options are returned. The
EstablishTrustInClient security option appears only if the security level of the CORBA application is defined to require passwords to access the Oracle Tuxedo domain.
Note:
|
A CORBA::NO_PERMISSION exception is returned if the security options specified are not supported by the security mechanism defined for the CORBA application. This exception can also occur if the security options specified have more capabilities than the security options specified by the SecurityLevel2::Credentials::invocation_options_supported method.
|
The invocation_options_required attribute has
set() and
get() methods. You cannot use the
set() method when using the
Tobj::TuxedoSecurity security mechanism to get a Credentials object. If you do use the
set() method with the
Tobj::TuxedoSecurity security mechanism, a
CORBA::NO_PERMISSION exception is returned.
This method returns TRUE if the credentials used are active at the time; that is, you did not call
Tobj::PrincipalAuthenticator::logoff or
Tobj_Bootstrap::destroy_current. If this method is called after
Tobj::PrincipalAuthenticator::logoff(),
FALSE is returned. If this method is called after
Tobj_Bootstrap::destroy_current(), the
CORBA::BAD_INV_ORDER exception is raised.
The expiration date returned contains the maximum unsigned long long value in C++. Until the
unsigned long long datatype is adopted, the
ulonglong datatype is substituted. The
ulonglong datatype is defined as follows:
Note:
|
This information is taken from CORBAservices: Common Object Services Specification, p. 15-97. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
#ifndef _SECURITY_LEVEL_2_IDL
#define _SECURITY_LEVEL_2_IDL
#include <SecurityLevel1.idl>
#pragma prefix “omg.org”
module SecurityLevel2
{
interface PrincipalAuthenticator
{ // Locality Constrained
Security::AuthenticationStatus authenticate (
in Security::AuthenticationMethod method,
in Security::SecurityName security_name,
in Security::Opaque auth_data,
in Security::AttributeList privileges,
out Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
Security::AuthenticationStatus continue_authentication (
in Security::Opaque response_data,
in Credentials creds,
out Security::Opaque continuation_data,
out Security::Opaque auth_specific_data
);
};
};
#endif // SECURITY_LEVEL_2_IDL
#pragma prefix "beasys.com"
module Tobj
{
const Security::AuthenticationMethod
TuxedoSecurity = 0x54555800;
CertificateBased = 0x43455254;
};
class SecurityLevel2
{
public:
class PrincipalAuthenticator;
typedef PrincipalAuthenticator * PrincipalAuthenticator_ptr;
class PrincipalAuthenticator : public virtual CORBA::Object
{
public:
static PrincipalAuthenticator_ptr
_duplicate(PrincipalAuthenticator_ptr obj);
static PrincipalAuthenticator_ptr
_narrow(CORBA::Object_ptr obj);
static PrincipalAuthenticator_ptr _nil();
virtual Security::AuthenticationStatus
authenticate (
Security::AuthenticationMethod method,
const char * security_name,
const Security::Opaque & auth_data,
const Security::AttributeList & privileges,
Credentials_out creds,
Security::Opaque_out continuation_data,
Security::Opaque_out auth_specific_data) = 0;
virtual Security::AuthenticationStatus
continue_authentication (
const Security::Opaque & response_data,
Credentials_ptr & creds,
Security::Opaque_out continuation_data,
Security::Opaque_out auth_specific_data) = 0;
protected:
PrincipalAuthenticator(CORBA::Object_ptr obj = 0);
virtual ~PrincipalAuthenticator() { }
private:
PrincipalAuthenticator( const PrincipalAuthenticator&) { }
void operator=(const PrincipalAuthenticator&) { }
}; // class PrincipalAuthenticator
};
Note:
|
This information is taken from CORBAservices: Common Object Services Specification, pp. 15-92, 93. Revised Edition: March 31, 1995. Updated: November 1997. Used with permission by OMG.
|
Note:
|
This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.
|
A reference to the Tobj_AuthType enumeration. Returns the type of authentication required to access the Oracle Tuxedo domain. The following table describes the valid return values.
Note:
|
The system_password must not exceed 30 characters.
|
Note:
|
TOBJ_SYSAUTH includes the requirements of TOBJ_NOAUTH, plus a client application password. TOBJ_APPAUTH includes the requirements of TOBJ_SYSAUTH, plus additional information, such as a user password or user data.
|
Note:
|
The user_password and user_data arguments are mutually exclusive, depending on the requirements of the authentication service used in the configuration of the Oracle Tuxedo domain. The Oracle Tuxedo default authentication service expects a user password. A customized authentication service may require user data. The logon call raises the CORBA::BAD_PARAM exception if both user_password and user_data are specified.
|
Note:
|
This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.
|
Note:
|
This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.
|
Note:
|
If user_name, client_name, or system_password is NULL or empty, or exceeds 30 characters, the subsequent authenticate method invocation raises the CORBA::BAD_PARAM exception.
|
Note:
|
The user_password and user_data parameters are mutually exclusive, depending on the requirements of the authentication service used in the configuration of the Oracle Tuxedo domain. The Oracle Tuxedo default authentication service expects a user password. A customized authentication service may require user data. If both user_password and user_data are specified, the subsequent authentication call raises the CORBA::BAD_PARAM exception.
|
Note:
|
This method raises CORBA::BAD_INV_ORDER if it is called with an invalid SecurityCurrent object.
|