Problem:
- Product Name: BES VisiBroker Edition
- Product Version: 6.5
- Product Component: Security
- Platform/OS Version: Solaris
In a 3-tier application using SSL, when a client invokes a method in a mid-tier server which, in the context of this request invokes an end-tier server, then a CORBA::NO_PERMISSION error is thrown.
Resolution:
As per Security Guide, chapter "Making Secure Connections", subheading "Steps to Secure Client and Server", "Step 4: Set up Identity Assertion", when a client invokes a method in a mid-tier server which, in the context of this request, invokes an end-tier server, then the identity of the client is internally asserted by the mid-tier server by default.
Hence, it is necessary to have the property of vbroker.security.assertion.trust.all=true to be set at the end-tier. If rolemap has been set, the user can set vbroker.security.assertions.trust.<n> to configure who are allow to assert an identity.
If the mid-tier spawned its own thread for the end-tier, then this exception is not thrown. This is because in VisiSecure implementation, the propagation of the Caller identity relies on information placed on each invocation thread. In other words, the implicit assertion as the caller by the mid-tier relies on thread local information. Therefore, when a thread is spawned by implementation code, the previous information about the client identity (which is the original caller) is lost. Also, no implicit assertion will take place. As all other requirements is fulfilled, there is no exception thrown.
It is recommended for user NOT to spawn their own threads in the mid of an invocation, when security is enabled. Particularly, when user uses security to trace caller"s information, use of GSSUP authentication, authorization and others.
#VisiBroker
#Security
