Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 

org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor Class Reference

List of all members.

Public Member Functions

 Csiv2ClientInterceptor (Codec codec, Logger logger, Logger loggerDetails)
void receive_exception (ClientRequestInfo ri) throws ForwardRequest
void receive_other (ClientRequestInfo ri) throws ForwardRequest
void receive_reply (ClientRequestInfo ri)
void send_poll (ClientRequestInfo ri)
void send_request (ClientRequestInfo ri) throws ForwardRequest
void destroy ()
String name ()

Detailed Description

SAS context interceptor on client side.
See also:
Csiv2 spec : A client security service (CSS) is the security service associated with the ORB that is used by the client to invoke the target object.

client state machine (fig 16-3)

Common Secure Interoperability V2 Specification (July 23,2001)

Author:
Florent Benoit

Definition at line 71 of file Csiv2ClientInterceptor.java.

Constructor & Destructor Documentation

org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.Csiv2ClientInterceptor Codec  codec,
Logger  logger,
Logger  loggerDetails
 

Constructor

Parameters:
codec used for encoding any objects
logger used for logging useful information
loggerDetails for all information (useless for most time :)

Definition at line 99 of file Csiv2ClientInterceptor.java.

Member Function Documentation

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.destroy  ) 
 

Provides an opportunity to destroy this interceptor.

Definition at line 404 of file Csiv2ClientInterceptor.java.

String org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.name  ) 
 

Returns the name of the interceptor.

Returns:
the name of the interceptor.

Definition at line 413 of file Csiv2ClientInterceptor.java.

Referenced by org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.send_request().

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.receive_exception ClientRequestInfo  ri  )  throws ForwardRequest
 

Indicates to the interceptor that an exception occurred. Allows an Interceptor to query the exception's information before it is thrown to the client.

Parameters:
ri Information about the current request being intercepted.
Exceptions:
ForwardRequest If thrown, indicates to the ORB that a retry of the request should occur with the new object given in the exception.

Definition at line 114 of file Csiv2ClientInterceptor.java.

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.receive_other ClientRequestInfo  ri  )  throws ForwardRequest
 

Allows an Interceptor to query the information available when a request results in something other than a normal reply or an exception.

Parameters:
ri Information about the current request being intercepted.
Exceptions:
ForwardRequest If thrown, indicates to the ORB that a retry of the request should occur with the new object given in the exception.

Definition at line 127 of file Csiv2ClientInterceptor.java.

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.receive_reply ClientRequestInfo  ri  ) 
 

Allows an Interceptor to query the information on a reply after it is returned from the server and before control is returned to the client.

Parameters:
ri Information about the current request being intercepted.

Definition at line 138 of file Csiv2ClientInterceptor.java.

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.send_poll ClientRequestInfo  ri  ) 
 

Allows an Interceptor to query information during a Time-Independent Invocation (TII) polling get reply sequence.

Parameters:
ri Information about the current request being intercepted.

Definition at line 147 of file Csiv2ClientInterceptor.java.

void org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.send_request ClientRequestInfo  ri  )  throws ForwardRequest
 

Need to send an establish context as described in the CSS state machine Compliance with level 0, so stateless context

See also:
fig 16-3 of spec. [109]

Now, build the EstablishContext message with stateless mode [17] EstablishContextMessage format Interoperability EstablishContext

An EstablishContext message is sent by a CSS to establish a SAS context with a TSS. The SAS context and the context identifier allocated by the CSS to refer to it are scoped to the transport layer connection or association over which the CSS and TSS are communicating. When an association is dismantled, all SAS contexts scoped to the connection shall be invalidated and may be discarded. The EstablishContext message contains the following fields:

  • client_context_id The CSS allocated identifier for the security attribute service context. A stateless CSS shall set the client_context_id to 0, indicating to the TSS that it is stateless. A stateful CSS may allocate a nonzero client_context_id.
  • authorization_token May be used by a CSS to push privilege information to a TSS. A CSS may use this token to send proxy privileges to a TSS as a means to enable the target to issue calls as the client.
  • identity_token Carries a representation of the invocation identity for the call (that is, the identity under which the call is to be authorized). The identity_token carries a representation of the invocation identity in one of the following forms:
    1. A typed mechanism-specific representation of a principal name
    2. A chain of identity certificates representing the subject and a chain of verifying authorities
    3. A distinguished name
    4. The anonymous principal identity (a type, not a name)
    An identity_token is used to assert a caller identity when that identity differs from the identity proven by authentication in the authentication layer(s). If the caller identity is intended to be the same as that established in the authentication layer(s), then it does not need to be asserted in an identity_token.
  • client_authentication_token Carries a mechanism-specific GSS initial context token that authenticates the client to the TSS. It contains a mechanism type identifier and the mechanism-specific evidence (that is, the authenticator) required by the TSS to authenticate the client. When an initial context token contains private credentials, such as a password, this message may be safely sent only after a confidential connection with a trusted TSS has been established. The determination of when it is safe to send a client authentication token in an EstablishContext message shall be considered in the context of the CORBA location-binding paradigm for persistent objects (where an invocation may be location forwarded by a location daemon to the target object).

And then, this message should be added. see 16.2.1 The Security Attribute Service Context Element [10] This specification defines a new GIOP service context element type, the security attribute service (SAS) element.
[11] The SAS context element may be used to associate any or all of the following contexts with GIOP request and reply messages: " Identity context, to be accepted based on trust " Authorization context, including authorization-based delegation context " Client authentication context
[12] A new context_id has been defined for the SAS element. const ServiceId SecurityAttributeService = 15

Definition at line 156 of file Csiv2ClientInterceptor.java.

References org.objectweb.jonas.security.iiop.Csiv2ClientInterceptor.name().

Here is the call graph for this function:

The documentation for this class was generated from the following file:
Generated on Tue Feb 15 15:07:40 2005 for JOnAS by  doxygen 1.3.9.1