InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.6: Introduction to SAS programming >
5.7.6.2: Extracting credentials from a thread

5.7.6.2: Extracting credentials from a thread

You can use a credential associated with the thread of execution to examine and manipulate the identity of the principal that issued the request, the identity of the server, or the identity used for any outgoing requests.

Retrieving a credential from a thread of execution requires two general steps:

  1. Obtain a reference to the security Current object.
  2. Extract the desired credential.
The technique for extracting the desired credential varies with the credential. Any thread of execution in a client or a server can be associated with one of the following credentials:
Received credential
The received credential identifies the principal for whom a request is being performed. In the server, the received credential is the credential that arrived with the currently executing request. In the client, the received credential is the same as the client's own credential; there is no incoming request carrying an external credential with it.
Invocation credential
The invocation credential is the credential that accompanies any requests made from this thread of execution. In the server, when delegation is enabled, the invocation credential is automatically set to the received credential. Otherwise, the invocation credential is the server's own credential.
OWN credential
The OWN credential is one that a user may set anytime for their own purposes. The OWN credential may be a holding place for the user credential, which can be used to set the invocation credential when needed. This is a thread-based credential.

When extracting a credential from the thread of execution, you must decide which credential you want. Additionally, the security run time must be installed, and the ORB must be initialized.

Extracting the received credential

To extract the received credential from a thread of execution, use the following steps:

  1. Obtain a reference to the security Current object.
  2. Call the SecurityCurrent.received_credentials method. This method returns an list of Credentials; the received credential is in the first position.
  3. Obtain the received credential from the first position in the list.

   ...
// Get a reference to the security Current object.
...

// Obtain the received credentials.
org.omg.SecurityLevel2.Credentials[] recvdCreds = securityCurrent.received_credentials();

// Retrieve the received credential from the first position.
org.omg.SecurityLevel2.Credentials recvdCred = recvdCreds[0];
...

Extracting the invocation credential

To extract the invocation credential from a thread of execution, use the following steps:

  1. Obtain a reference to the security Current object.
  2. To retrieve the invocation credential, call the Current.get_credentials method with the attribute org.omg.Security.CredentialType.SecInvocationCredentials as the argument. This method returns a Credentials object.
The only difference between extracting invocation credentials and extracting own credentials is the value of the argument passed to the get_credentials method.

   ...
// Get a reference to the security Current object.
...
// Obtain the invocation credentials.
try
{
org.omg.SecurityLevel2.Credentials invCred =
securityCurrent.get_credentials(org.omg.Security.CredentialType.SecInvocationCredentials);
}
catch (Security::InvalidCredentialType e)
{
e.printStackTrace();
}
...

Extracting the own credential

To extract the own credential from a thread of execution, use the following steps:

  1. Obtain a reference to the security Current object.
  2. To retrieve the own credential, call the Current.get_credentials method with the attribute org.omg.Security.CredentialType.SecOwnCredentials as the argument. This method returns a Credentials object.
The only difference between extracting invocation credentials and extracting own credentials is the value of the argument passed to the get_credentials method.

   ...
// Get a reference to the security Current object.
...
// Obtain the own credentials.
try
{
org.omg.SecurityLevel2.Credentials ownCred =
securityCurrent.get_credentials(org.omg.Security.CredentialType.SecOwnCredentials);
}
catch (Security::InvalidCredentialType e)
{
e.printStackTrace();
}
...
Go to previous article: SAS Programming/Current Go to next article: SAS Programming/Credentials

 

 
Go to previous article: SAS Programming/Current Go to next article: SAS Programming/Credentials