In this example, we will change the sslHello example in the following ways:
create a persistent object
use confidentiality to protect communication
require the client to authenticate with the server via SSL
The server creates a persistent POA, sslPOA,
with SecurityPolicy specifying CONFIDENTIALITY
quality of protection and requires client authentication.
Note that client authentication using SSL is mandated by specifying
PUBLIC_KEY_REALM as the realm.
package sslHello2;
import util.Util;
import sslHello.SSLUtil;
import sslHello.HelloImpl;
import java.io.File;
import java.io.FileInputStream;
import org.omg.CORBA.Any;
import org.omg.CORBA.ORB;
import org.omg.CORBA.Policy;
import org.omg.PortableServer.POA;
import org.omg.PortableServer.Servant;
import org.omg.PortableServer.LifespanPolicyValue;
import org.omg.PortableServer.IdAssignmentPolicyValue;
import com.sssw.jbroker.api.security.QualityOfProtection;
import com.sssw.jbroker.api.security.CSIv2.ClientAuthInfo;
import com.sssw.jbroker.api.security.CSIv2.SecurityPolicy;
import com.sssw.jbroker.api.security.CSIv2.SecureTransportInfo;
import com.sssw.jbroker.api.security.CSIv2.SecurityPolicyValue;
public class Server
{
public static void main(String[] args)
{
| try {
| |
| | // create the jBroker ORB
| | ORB orb = ORB.init(args, null);
| |
| | // initialize support for SSL
| | SSLUtil.initializeSSL(orb, args[0], null, true);
| |
| | // get the root POA
| | POA rootPOA = (POA) orb.resolve_initial_references("RootPOA");
| |
| | // create the security policy
| | SecureTransportInfo transport = new SecureTransportInfo(
| | QualityOfProtection.CONFIDENTIALITY, null, 0, false,
| | false, true);
| | Any secPolicy = orb.create_any();
| | secPolicy.insert_Value(new SecurityPolicyValue(transport, null,
| | false));
| |
| | // create an SSL POA
| | POA sslPOA = rootPOA.create_POA("sslPOA", rootPOA.
| | the_POAManager(),
| | new Policy[] {
| | | rootPOA.create_lifespan_policy(
| | | LifespanPolicyValue.PERSISTENT),
| | | rootPOA.create_id_assignment_policy(
| | | IdAssignmentPolicyValue.USER_ID),
| | | orb.create_policy(SecurityPolicy.POLICY_TYPE, secPolicy)
| | });
| |
| | // create a servant and activate it
| | Servant hello = new HelloImpl(orb);
| | sslPOA.activate_object_with_id("sslHello".getBytes(), hello);
| |
| | // write out the IOR the first time server starts
| | if (!new File("ior").exists()) {
| | | // create a stringified object reference
| | | String helloIOR = orb.object_to_string(
| | | sslPOA.servant_to_reference(hello));
| | |
| | | // write the stringified object reference
| | | Util.writeIOR(helloIOR, "ior", true);
| | }
| |
| | // activate the SSL POA
| | sslPOA.the_POAManager().activate();
| |
| | // wait for invocations
| | System.out.println("waiting for invocations ...");
| | orb.run();
| |
| } catch (Exception ex) {
| | ex.printStackTrace();
| }
}
}
The The IOR for the secure Hello object contains an SSL component specifying integrity, confidentiality, establish trust in client, and establish trust in target options. The output from parseIOR:
Type Id = IDL:helloWorld/Hello:1.0
Profiles = 1
Internet Inter-ORB Protocol (IIOP) Profile:
version = 1.1
host = godel
port = 2506
obj key =
4A424B52 00030002 00000107 5B545203 JBKR........[TR.
73736C48 656C6C6F sslHello
components = 1
TAG_SSL_SEC_TRANS :
requires: integrity, confidentiality, authenticate target, authenticate client
SSL port: 46039
The client is the same as before except that when it initializes SSL, it
sets the CipherSuites to null. This defaults to the use of the available
confidentiality suites when using SSL.
package sslHello2;
import util.Util;
import org.omg.CORBA.ORB;
import org.omg.CORBA.portable.ObjectImpl;
import java.io.ByteArrayInputStream;
import helloWorld.Hello;
import helloWorld.HelloHelper;
import com.sssw.jbroker.api.security.SecurityCurrent;
import sslHello.SSLUtil;
public class Client
{
public static void main(String[] args)
{
| try {
| |
| | // create the jBroker ORB
| | ORB orb = ORB.init(args, null);
| |
| | // initialize SSL
| | SSLUtil.initializeSSL(orb, args[0], null, false);
| |
| | // read the stringified object reference
| | String helloIOR = Util.readIOR("ior");
| |
| | // narrow the stringified object
| | Hello hello = HelloHelper.narrow(orb.string_to_object(helloIOR));
| |
| | // get the SecurityCurrent
| | SecurityCurrent secCurrent = (SecurityCurrent) orb.
| | resolve_initial_references("SecurityCurrent");
| |
| | // print the negotiated ciphers
| | System.out.println("Negotiated Cipher: " +
| | secCurrent.getNegotiatedCipherSuite((ObjectImpl) hello));
| |
| | // print out the peer certificates (Java 2 only)
| | SSLUtil.printCertChain(secCurrent.getCertificateChain(
| | (ObjectImpl) hello));
| |
| | // invoke method on the object
| | System.out.println(hello.sayHello());
| |
| } catch (Exception ex) {
| | ex.printStackTrace();
| }
}
}
Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.