Skip to main content

How to create a client that does object-level authentication using FIREWALL_SECURITY_POLICY of QoS?

  • February 16, 2013
  • 0 replies
  • 0 views
D

Problem:

  • Product Name: VisiBroker for Java
  • Product Version: 5.2
  • Product Component: Security
  • Platform/OS Version: All
  • JDK/Compiler Version: 1.3.1 and 1.4

Can a client do object-level authentication? In another word, can the client talk IIOP with a non-secured server, and also talk IIOP-SSL with another secured server?

Resolution:

The answer is Yes, a Visibroker for Java client can use FIREWALL_SECURITY_POLICY override to create the effect at object-level of this property. Here are the code sample and the procedure.

1. Create this client, it will talk IIOP with AccountManager object, and IIOP-SSL with Account object:

public class PartialSecureClient {
 
public static void main(String[] args) {
 try {
 // Initialize the ORB.
 org.omg.CORBA.ORB orb = org.omg.CORBA.ORB.init(args,null);
 // Get the manager Id
 byte[] managerId = "BankManager".getBytes();
 // Locate an account manager. Give the full POA name and the servant ID.
 Bank.AccountManager manager =
 Bank.AccountManagerHelper.bind(orb, "/bank_agent_poa", managerId);
 
// use args[0] as the account name, or a default.
 String name = args.length > 0 ? args[0] : "Jack B. Quick";
 
// Request the account manager to open a named account.
 Bank.Account account = manager.open(name);
 System.out.println("AccountManager"s open() call is successful.");
 
// Set the policies for account
 org.omg.CORBA.Policy [] policies = new org.omg.CORBA.Policy [1];
 org.omg.CORBA.Any value = orb.create_any ();
 value.insert_short (com.inprise.vbroker.QoSExt.SECURE.value);
 policies [0] = orb.create_policy (com.inprise.vbroker.QoSExt.FIREWALL_SECURITY_POLICY.value, value);
 
org.omg.CORBA.Object secObject2 = account._set_policy_override (
 policies, org.omg.CORBA.SetOverrideType.SET_OVERRIDE);
 
// Get the balance of the account.
 Bank.Account secAccount = Bank.AccountHelper.narrow (secObject2);
 float balance = secAccount.balance();
 // Print out the balance.
 System.out.println
 ("The balance in "   name   ""s account is $"   balance);
 } catch (Exception e) {
 e.printStackTrace ();
 }
 }
}


2. If the client requires the server to have certificates, it will also need this ORB property:

vbroker.security.peerAuthenticationMode=REQUIRE

This property will only affect IIOP-SSL connection, not a plain IIOP connection.

 


#VisiBroker
#Security

Recent badge winners

Explore all badges
Terms & ConditionsAccessibility statement