com.sun.enterprise.iiop.security

Class SecurityMechanismSelector

java.lang.Object

com.sun.enterprise.iiop.security.SecurityMechanismSelector

All Implemented Interfaces:

org.glassfish.hk2.api.PostConstruct

@Service
@Singleton
public final class SecurityMechanismSelector
extends Object
implements org.glassfish.hk2.api.PostConstruct

This class is responsible for making various decisions for selecting security information to be sent in the IIOP message based on target configuration and client policies. Note: This class can be called concurrently by multiple client threads. However, none of its methods need to be synchronized because the methods either do not modify state or are idempotent.

Author:

Nithya Subramanian

Field Summary

Fields

Modifier and Type	Field and Description
static String	CLIENT_CONNECTION_CONTEXT

Constructor Summary

Constructors

Constructor and Description
SecurityMechanismSelector() Read the client and server preferences from the config files.

Method Summary

Methods

Modifier and Type	Method and Description
com.sun.enterprise.common.iiop.security.SecurityContext	evaluateTrust(com.sun.enterprise.common.iiop.security.SecurityContext ctx, byte[] object_id, Socket socket) Called by the target to interpret client credentials after validation.
ConnectionContext	getClientConnectionContext()
CSIV2TaggedComponentInfo	getCtc()
ORB	getOrb()
com.sun.enterprise.common.iiop.security.SecurityContext	getSecurityContextForAppClient(org.glassfish.api.invocation.ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism) Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an appclient or standalone client.
com.sun.enterprise.common.iiop.security.SecurityContext	getSecurityContextForWebOrEJB(org.glassfish.api.invocation.ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism) Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an web component or EJB invoking another EJB.
static String	getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] list, String name)
String	getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.spi.ior.IOR ior)
com.sun.corba.ee.spi.transport.SocketInfo	getSSLPort(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx) This method determines if SSL should be used to connect to the target based on client and target policies.
List<com.sun.corba.ee.spi.transport.SocketInfo>	getSSLPorts(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx)
boolean	isIdentityTypeSupported(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec sas)
boolean	isSslRequired()
void	postConstruct()
com.sun.enterprise.common.iiop.security.SecurityContext	selectSecurityContext(com.sun.corba.ee.spi.ior.IOR ior) Select the security context to be used by the CSIV2 layer based on whether the current component is an application client or a web/EJB component.
com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech	selectSecurityMechanism(com.sun.corba.ee.spi.ior.IOR ior)
void	setClientConnectionContext(ConnectionContext scc)
void	setOrb(ORB val)
static boolean	traceIORs()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENT_CONNECTION_CONTEXT

public static final String CLIENT_CONNECTION_CONTEXT

See Also:

Constant Field Values

Constructor Detail

SecurityMechanismSelector

public SecurityMechanismSelector()

Read the client and server preferences from the config files.

Method Detail

postConstruct

public void postConstruct()

Specified by:

postConstruct in interface org.glassfish.hk2.api.PostConstruct

getClientConnectionContext

public ConnectionContext getClientConnectionContext()

setClientConnectionContext

public void setClientConnectionContext(ConnectionContext scc)

getSSLPort

public com.sun.corba.ee.spi.transport.SocketInfo getSSLPort(com.sun.corba.ee.spi.ior.IOR ior,
                                                   ConnectionContext ctx)

This method determines if SSL should be used to connect to the target based on client and target policies. It will return null if SSL should not be used or an SocketInfo containing the SSL port if SSL should be used.

getOrb

public ORB getOrb()

setOrb

public void setOrb(ORB val)

getCtc

public CSIV2TaggedComponentInfo getCtc()

getSSLPorts

public List<com.sun.corba.ee.spi.transport.SocketInfo> getSSLPorts(com.sun.corba.ee.spi.ior.IOR ior,
                                                          ConnectionContext ctx)

selectSecurityContext

public com.sun.enterprise.common.iiop.security.SecurityContext selectSecurityContext(com.sun.corba.ee.spi.ior.IOR ior)
                                                                              throws InvalidIdentityTokenException,
                                                                                     InvalidMechanismException,
                                                                                     SecurityMechanismException

Select the security context to be used by the CSIV2 layer based on whether the current component is an application client or a web/EJB component.

Throws:

InvalidIdentityTokenException

InvalidMechanismException

SecurityMechanismException

getSecurityContextForAppClient

public com.sun.enterprise.common.iiop.security.SecurityContext getSecurityContextForAppClient(org.glassfish.api.invocation.ComponentInvocation ci,
                                                                                     boolean sslUsed,
                                                                                     boolean clientAuthOccurred,
                                                                                     com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism)
                                                                                       throws InvalidMechanismException,
                                                                                              InvalidIdentityTokenException,
                                                                                              SecurityMechanismException

Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an appclient or standalone client.

Returns:

the security context.

Throws:

InvalidMechanismException

InvalidIdentityTokenException

SecurityMechanismException

getSecurityContextForWebOrEJB

public com.sun.enterprise.common.iiop.security.SecurityContext getSecurityContextForWebOrEJB(org.glassfish.api.invocation.ComponentInvocation ci,
                                                                                    boolean sslUsed,
                                                                                    boolean clientAuthOccurred,
                                                                                    com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism)
                                                                                      throws InvalidMechanismException,
                                                                                             InvalidIdentityTokenException,
                                                                                             SecurityMechanismException

Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an web component or EJB invoking another EJB.

Returns:

the security context.

Throws:

InvalidMechanismException

InvalidIdentityTokenException

SecurityMechanismException

isIdentityTypeSupported

public boolean isIdentityTypeSupported(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec sas)

selectSecurityMechanism

public com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech selectSecurityMechanism(com.sun.corba.ee.spi.ior.IOR ior)
                                                                        throws SecurityMechanismException

Throws:

SecurityMechanismException

evaluateTrust

public com.sun.enterprise.common.iiop.security.SecurityContext evaluateTrust(com.sun.enterprise.common.iiop.security.SecurityContext ctx,
                                                                    byte[] object_id,
                                                                    Socket socket)
                                                                      throws SecurityMechanismException

Called by the target to interpret client credentials after validation.

Throws:

SecurityMechanismException

isSslRequired

public boolean isSslRequired()

traceIORs

public static boolean traceIORs()

getSecurityMechanismString

public String getSecurityMechanismString(CSIV2TaggedComponentInfo tCI,
                                com.sun.corba.ee.spi.ior.IOR ior)

getSecurityMechanismString

public static String getSecurityMechanismString(CSIV2TaggedComponentInfo tCI,
                                com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] list,
                                String name)