InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.6: Introduction to SAS programming >
5.7.6.2: Extracting credentials from a thread
You can use a credential associated with the thread of execution
to examine and manipulate the identity of the principal that
issued the request, the identity of the server, or the identity used for
any outgoing requests.
Retrieving a credential from a thread of execution requires two
general steps:
- Obtain a reference to the security Current object.
- Extract the desired credential.
The technique for extracting the desired credential varies with
the credential. Any thread of execution in a client or a server
can be associated with one of the following credentials:
- Received credential
-
The received credential identifies the principal for whom a request
is being performed. In the server, the received credential is the credential
that arrived with the currently executing request. In the client, the
received credential is the same as the client's own credential; there is
no incoming request carrying an external credential with it.
- Invocation credential
-
The invocation credential is the credential that accompanies
any requests made from this thread of execution. In the server, when
delegation is enabled, the invocation credential is automatically
set to the received credential. Otherwise, the invocation credential
is the server's own credential.
- OWN credential
-
The OWN credential is one that a user may set anytime for
their own purposes. The OWN credential may be a holding place
for the user credential, which can be used to set the
invocation credential when needed. This is a thread-based credential.
When extracting a credential from the thread of execution,
you must decide which credential you want. Additionally, the
security run time must be installed, and the ORB must be initialized.
Extracting the received credential
To extract the received credential from a thread of execution, use the following
steps:
- Obtain a reference to the security Current object.
- Call the SecurityCurrent.received_credentials method.
This method returns an list of Credentials; the
received credential is in the first position.
- Obtain the received credential from the first
position in the list.
...
// Get a reference to the security Current object.
...
// Obtain the received credentials.
org.omg.SecurityLevel2.Credentials[] recvdCreds = securityCurrent.received_credentials();
// Retrieve the received credential from the first position.
org.omg.SecurityLevel2.Credentials recvdCred = recvdCreds[0];
...
Extracting the invocation credential
To extract the invocation credential from a thread of execution,
use the following steps:
- Obtain a reference to the security Current object.
- To retrieve the invocation credential, call the
Current.get_credentials method with the attribute
org.omg.Security.CredentialType.SecInvocationCredentials
as the argument. This method returns a Credentials object.
The only difference between extracting invocation credentials and
extracting own credentials is the value of the argument passed to
the get_credentials method.
...
// Get a reference to the security Current object.
...
// Obtain the invocation credentials.
try
{
org.omg.SecurityLevel2.Credentials invCred =
securityCurrent.get_credentials(org.omg.Security.CredentialType.SecInvocationCredentials);
}
catch (Security::InvalidCredentialType e)
{
e.printStackTrace();
}
...
Extracting the own credential
To extract the own credential from a thread of execution, use the following
steps:
- Obtain a reference to the security Current object.
- To retrieve the own credential, call the
Current.get_credentials method with the attribute
org.omg.Security.CredentialType.SecOwnCredentials
as the argument. This method returns a Credentials object.
The only difference between extracting invocation credentials and
extracting own credentials is the value of the argument passed to
the get_credentials method.
...
// Get a reference to the security Current object.
...
// Obtain the own credentials.
try
{
org.omg.SecurityLevel2.Credentials ownCred =
securityCurrent.get_credentials(org.omg.Security.CredentialType.SecOwnCredentials);
}
catch (Security::InvalidCredentialType e)
{
e.printStackTrace();
}
...
|
|