The SecurityCurrent
interface is used to set/get the
identity of the caller. When the authenticated principal is set, and the
target POA object supports authentication, then the ORB automatically
propagates the AuthenticatedPrincipal
from the client to the target object
using the IIOP service context.
The AuthenticatedPrincipal
objects can be associated at two different
levels - thread level, and ORB level. The thread level principal only affects
the invocation made from that thread, while the ORB level principal applies
to all threads that use the ORB. If both, the thread level and ORB level
principals are set, the thread level principal takes precedence.
When an invocation comes into a server, and the invocation contains
a Security Service context, the ORB automatically sets up the principal
in the SecurityCurrent
to the caller principal.
|
|
setORBPrincipal |
Set the default principal. If the principal is already set, then it cannot be changed unless it is unset first. |
getORBPrincipal |
Get the default principal associated with the ORB. Note, that the
returned type is not an AuthenticatedPrincipal and can not be
used to unset the AutheticatedPrincipal by malicious code. |
unsetORBPrincipal |
Unset the default principal associeted with the ORB. The principal currently set in the ORB is passed in as a capability. |
stackThreadPrincipal |
Impersonation support. Change the principal identity for a thread.
You can return back to the original identity by using teh unstackThreadPrincipal
method. |
getThreadPrincipal |
Get the principal associated with the current thread. Note, that the
returned type is not an AuthenticatedPrincipal and can not be used
to unset the AutheticatedPrincipal by malicious code. |
unstackThreadPrincipal |
Unstack the principal associated with this thread. If oldPrincipal, does not match the stacked principal, exception is thrown. |
getPrincipal |
Get the effective principal of the current thread. It returns the top most stacked thread level principal, if it exists; otherwise, it returns the ORB level principal. |
getInetAddress |
Get the IP address of the remote client. It returns null if
the client is local. For nested invocations done on behalf of the same remote invocations, the getInetAddress continues to return a non-null
value. |
getPort |
Get the port of the remote client. It returns 0 if the client is local.
For nested invocations done on behalf of the same remote invocations, the
getPort continues to return a valid value. |
getLocalAddress |
Get the local IP address on which this invocation was received.
It returns null if the client is local. For nested invocations done on
behalf of the same remote invocations, the getLocalAddress continues
to return a non-null value. |
getLocalPort |
Get the local IP port on which this invocation was received.
It returns null if the client is local. For nested invocations done on
behalf of the same remote invocations, the getLocalPort continues
to return a valid value. |
getNegotiatedCipherSuite |
Get the negotiated CipherSuite. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only. |
getCertificateChain |
Get the peers Certificate chain. On the client side, this method takes an object reference as a parameter. IIOP/SSL Only. |
Using the stackThreadPrincipal
and unstackThreadPrinciapl
APIs, the server thread can run as a different identity. You can use this
to make certain objects always run as a fixed identity or run each object
method as a different Identity.
Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.