Package com.sun.enterprise.iiop.security
Class SecurityMechanismSelector
- java.lang.Object
-
- com.sun.enterprise.iiop.security.SecurityMechanismSelector
-
- All Implemented Interfaces:
org.glassfish.hk2.api.PostConstruct
@Service @Singleton public final class SecurityMechanismSelector extends Object implements org.glassfish.hk2.api.PostConstruct
This class is responsible for making various decisions for selecting security information to be sent in the IIOP message based on target configuration and client policies. Note: This class can be called concurrently by multiple client threads. However, none of its methods need to be synchronized because the methods either do not modify state or are idempotent.- Author:
- Nithya Subramanian
-
-
Field Summary
Fields Modifier and Type Field Description static String
CLIENT_CONNECTION_CONTEXT
-
Constructor Summary
Constructors Constructor Description SecurityMechanismSelector()
Read the client and server preferences from the config files.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description SecurityContext
evaluateTrust(SecurityContext securityContext, byte[] objectId, Socket socket)
Called by the target to interpret client credentials after validation.ConnectionContext
getClientConnectionContext()
CSIV2TaggedComponentInfo
getCtc()
org.omg.CORBA.ORB
getOrb()
SecurityContext
getSecurityContextForAppClient(ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism)
Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an appclient or standalone client.SecurityContext
getSecurityContextForWebOrEJB(ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism)
Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an web component or EJB invoking another EJB.static String
getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] list, String name)
String
getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.spi.ior.IOR ior)
com.sun.corba.ee.spi.transport.SocketInfo
getSSLPort(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx)
This method determines if SSL should be used to connect to the target based on client and target policies.List<com.sun.corba.ee.spi.transport.SocketInfo>
getSSLPorts(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx)
boolean
isIdentityTypeSupported(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec sas)
boolean
isSslRequired()
void
postConstruct()
SecurityContext
selectSecurityContext(com.sun.corba.ee.spi.ior.IOR ior)
Select the security context to be used by the CSIV2 layer based on whether the current component is an application client or a web/EJB component.com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech
selectSecurityMechanism(com.sun.corba.ee.spi.ior.IOR ior)
void
setClientConnectionContext(ConnectionContext scc)
void
setOrb(org.omg.CORBA.ORB val)
static boolean
traceIORs()
-
-
-
Field Detail
-
CLIENT_CONNECTION_CONTEXT
public static final String CLIENT_CONNECTION_CONTEXT
- See Also:
- Constant Field Values
-
-
Method Detail
-
postConstruct
public void postConstruct()
- Specified by:
postConstruct
in interfaceorg.glassfish.hk2.api.PostConstruct
-
getClientConnectionContext
public ConnectionContext getClientConnectionContext()
-
setClientConnectionContext
public void setClientConnectionContext(ConnectionContext scc)
-
getSSLPort
public com.sun.corba.ee.spi.transport.SocketInfo getSSLPort(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx)
This method determines if SSL should be used to connect to the target based on client and target policies. It will return null if SSL should not be used or an SocketInfo containing the SSL port if SSL should be used.
-
getOrb
public org.omg.CORBA.ORB getOrb()
-
setOrb
public void setOrb(org.omg.CORBA.ORB val)
-
getCtc
public CSIV2TaggedComponentInfo getCtc()
-
getSSLPorts
public List<com.sun.corba.ee.spi.transport.SocketInfo> getSSLPorts(com.sun.corba.ee.spi.ior.IOR ior, ConnectionContext ctx)
-
selectSecurityContext
public SecurityContext selectSecurityContext(com.sun.corba.ee.spi.ior.IOR ior) throws InvalidIdentityTokenException, InvalidMechanismException, SecurityMechanismException
Select the security context to be used by the CSIV2 layer based on whether the current component is an application client or a web/EJB component.
-
getSecurityContextForAppClient
public SecurityContext getSecurityContextForAppClient(ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism) throws InvalidMechanismException, InvalidIdentityTokenException, SecurityMechanismException
Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an appclient or standalone client.- Returns:
- the security context.
- Throws:
InvalidMechanismException
InvalidIdentityTokenException
SecurityMechanismException
-
getSecurityContextForWebOrEJB
public SecurityContext getSecurityContextForWebOrEJB(ComponentInvocation ci, boolean sslUsed, boolean clientAuthOccurred, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech mechanism) throws InvalidMechanismException, InvalidIdentityTokenException, SecurityMechanismException
Create the security context to be used by the CSIV2 layer to marshal in the service context of the IIOP message from an web component or EJB invoking another EJB.- Returns:
- the security context.
- Throws:
InvalidMechanismException
InvalidIdentityTokenException
SecurityMechanismException
-
isIdentityTypeSupported
public boolean isIdentityTypeSupported(com.sun.corba.ee.org.omg.CSIIOP.SAS_ContextSec sas)
-
selectSecurityMechanism
public com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech selectSecurityMechanism(com.sun.corba.ee.spi.ior.IOR ior) throws SecurityMechanismException
- Throws:
SecurityMechanismException
-
evaluateTrust
public SecurityContext evaluateTrust(SecurityContext securityContext, byte[] objectId, Socket socket) throws SecurityMechanismException
Called by the target to interpret client credentials after validation.- Throws:
SecurityMechanismException
-
isSslRequired
public boolean isSslRequired()
-
traceIORs
public static boolean traceIORs()
-
getSecurityMechanismString
public String getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.spi.ior.IOR ior)
-
getSecurityMechanismString
public static String getSecurityMechanismString(CSIV2TaggedComponentInfo tCI, com.sun.corba.ee.org.omg.CSIIOP.CompoundSecMech[] list, String name)
-
-