[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security extension: code snippet, rfc
Hi Marcel!
Enclosed the answer to your request for code snippets. But first I have
to say, a login via xmlBlaster security extension is not worthwhile. Instead
I suggest to delegate this job to an auth-server like Kerberos or a2Blaster.
E.g. Kerberos returns a "Service Ticket" in order to access a service (in
this case the xmlBlaster). Whenever you publish a message, the ticket must
be attached. Thus the xmlBlaster doesn't need to handle the login procedure.
Even if you say, a client should have a connection to the xmBlaster and
nothing else, it's no problem. It is conceivable to give e.g. the a2Blaster
a new connection handler, to enable it to communicate via xmlBlaster. In
this case a xmlBlaster plugin must garentee an unrestricted access (publishing
and subscribing) on a specified key. A login wouldn't be anything else than
publishing a message via xmlBlaster to the a2Blaster, which answeres with
a SessionId or a Ticket. The client needs to attach this information while
publishing a message respectively registering for a key.
This way, it's much simpler to write a plugin which is usable on server
and client side.
Nevertheless, a plugin that handles the login is also possible.
The following example shows how to use a plugin which implements the user/passwd-login-approach.
Is's a modified version of the ClientRaw demo. The modified parts are marked
with "old" and "new".
----------------------------------------->8----------------------------------
package javaclients.corba;
// ...
// import ...
// ...
public class ClientRaw
{
private org.omg.CORBA.ORB orb = null;
private Server xmlBlaster = null;
private static String ME = "ClientRaw";
public ClientRaw(String args[])
{
orb = org.omg.CORBA.ORB.init(args,null);
try {
AuthServer authServer;
ME = Args.getArg(args, "-name", ME);
String loginName = ME;
String fileName = Args.getArg(args, "-iorFile", (String)null);
// a file with the IOR string
String authServerIOR = Args.getArg(args, "-ior", (String)null);
// the IOR string
if (fileName != null) authServerIOR = FileUtil.readAsciiFile(fileName);
if (authServerIOR != null) {
authServer = AuthServerHelper.narrow(orb.string_to_object(authServerIOR));
}
else {
// asking Name Service CORBA compliant:
NamingContext nc = NamingContextHelper.narrow(orb.resolve_initial_references("NameService"));
NameComponent [] name = new NameComponent[1];
name[0] = new NameComponent();
name[0].id = "xmlBlaster-Authenticate";
name[0].kind = "MOM";
if (nc == null) {
Log.plain(ME, "\nSorry, please pass the server IOR string
to the client, e.g.:\n"
+ "Start the server:\n"
+ " jaco org.xmlBlaster.Main -iorFile /tmp/NS_Ref\n"
+ "Start this client:\n"
+ " jaco javaclients.corba.ClientRaw -iorFile
/tmp/NS_Ref\n");
usage();
Log.panic(ME, "Read xmlBlaster/INSTALL for help");
}
authServer = AuthServerHelper.narrow(nc.resolve(name));
}
StopWatch stop = new StopWatch();
//---------- Building a Callback server ----------------------
// Getting the default POA implementation "RootPOA"
org.omg.PortableServer.POA rootPOA =
org.omg.PortableServer.POAHelper.narrow(orb.resolve_initial_references("RootPOA"));
// Intialize my Callback interface:
BlasterCallbackPOATie callbackTie = new BlasterCallbackPOATie(new
RawCallback(ME));
BlasterCallback callback = BlasterCallbackHelper.narrow(rootPOA.servant_to_reference(
callbackTie ));
rootPOA.the_POAManager().activate();
//----------- Login to the server -----------------------
try {
String passwd = "some";
// old [
// ]
// new [
String pluginInfo = getPluginInfo();
// now, we should check, if the user/passwd-plugin is used for authentication
...
// ]
// Create a XML based qos (quality of service) which hold the
IOR (the CORBA
// address of our callback server)
// old [
// String qos = "<qos><callback type='IOR'>";
// qos += orb.object_to_string(callback);
// qos += "</callback></qos>";
// ]
// new [
String qos = "<qos>"
qos += "<callback type='IOR'>" + orb.object_to_string(callback)
+ "</callback>";
qos += "<SecurityPlugin type=\"passwd\" version="1.0">";
qos += "<!CDATA[";
qos += "<username>" + loginname + "</username>";
qos += "<passwd>" + passwd + "</passwd>";
qos += "]!>";
qos += "</SecurityPlugin>";
qos += "</qos>";
// ]
// The xmlBlaster server takes this IOR string and uses it to
connect
// to our client-side callback interface to deliver updates
back
// old [
// xmlBlaster = authServer.login(loginName, passwd, qos);
// ]
// new [
String result = authServer.init(qos);
String InitReturnQoS iRetQoS = new InitReturnQoS(result); // xml-to-object
(like ClientQoS.java)
xmlBlaster=iRetQoS.getServer();
// ]
Log.info(ME, "Login done");
} catch(org.xmlBlaster.protocol.corba.serverIdl.XmlBlasterException
e) {
Log.warn(ME, "XmlBlasterException: " + e.reason);
}
//----------- Subscribe to messages with XPATH -------
{
Log.trace(ME, "Subscribing using XPath syntax ...");
String xmlKey = "<?xml version='1.0' encoding='ISO-8859-1' ?>\n"
+
"<key oid='' queryType='XPATH'>\n" +
"/xmlBlaster/key/AGENT" +
"</key>";
stop.restart();
try {
xmlBlaster.subscribe(xmlKey, "<qos></qos>");
} catch(org.xmlBlaster.protocol.corba.serverIdl.XmlBlasterException
e) {
Log.warn(ME, "XmlBlasterException: " + e.reason);
}
Log.info(ME, "Subscribe done, there should be no Callback" +
stop.nice());
}
delay(2000); // Wait some time ...
//----------- Construct a message and publish it ---------
{
String xmlKey = "<?xml version='1.0' encoding='ISO-8859-1' ?>\n"
+
"<key oid='' contentMime='text/xml'>\n" +
" <AGENT id='192.168.124.10' subId='1' type='generic'>"
+
" <DRIVER id='FileProof' pollingFreq='10'>"
+
" </DRIVER>"+
" </AGENT>" +
"</key>";
String content = "Yeahh, i'm the new content";
MessageUnit msgUnit = new MessageUnit(xmlKey, content.getBytes(),
"<qos></qos>");
Log.info(ME, "Publishing ...");
stop.restart();
try {
String publishOid = xmlBlaster.publish(msgUnit);
Log.trace(ME, "Returned oid=" + publishOid);
} catch(org.xmlBlaster.protocol.corba.serverIdl.XmlBlasterException
e) {
Log.warn(ME, "XmlBlasterException: " + e.reason);
}
Log.info(ME, "Publishing done, there should be a callback now"
+ stop.nice());
}
delay(1000); // Wait some time ...
// orb.run(); // Usually your client won't exit after this, uncomment
the run() method
ask("logout()");
//----------- Logout --------------------------------------
Log.info(ME, "Logout ...");
try {
// old [
//authServer.logout(xmlBlaster);
// ]
// new [
String disconnectQoS = "<qos><session>"+iRetQoS.getSessionId()+"</session></qos>";
// ]
authServer.disconnect(disconnectQos);
} catch(org.xmlBlaster.protocol.corba.serverIdl.XmlBlasterException
e) {
Log.warn(ME, "XmlBlasterException: " + e.reason);
}
//----------- Shutdown my callback server -----------------
try {
rootPOA.deactivate_object(rootPOA.reference_to_id(callback));
} catch(Exception e) { Log.warn(ME, "POA deactivate callback failed");
}
//----------- Stop the POA --------------------------------
try {
rootPOA.the_POAManager().deactivate(false, true);
} catch(Exception e) { Log.warn(ME, "POA deactivate failed"); }
//----------- Shutdown the ORB ----------------------------
orb.shutdown(true);
}
catch (Exception e) {
Log.panic(ME, e.toString());
e.printStackTrace();
}
}
// ...
} // ClientRaw
----------------------------------8<-------------------------------------------
The IDL again ... I posted the wrong version, sorry!
----------------------------------------->8----------------------------------
module serverIdl
{
// ...
module authenticateIdl
{
interface AuthServer
{
// DEPRECATED
serverIdl::Server login(in string loginName, in string passwd,
in serverIdl::XmlType qosClient)
raises (serverIdl::XmlBlasterException);
/**
* The successor of login
* at param qos The well known qos with additional information like:
* username, passwords, tickets, keys, certificates...
* ...
*/
serverIdl:XmlType init(in serverIdl::XmlType qos)
raises (serverIdl::XmlBlasterException);
// DEPRECATED
void logout(in serverIdl::Server xmlBlaster)
raises (serverIdl::XmlBlasterException);
/**
* The successor of login
* at param qos Security information which show the clients
* identity, because the client
* doesn't want to be disconnected by anyone else.
*/
void disconnect(in serverIdl::XmlType qos)
raises (serverIdl::XmlBlasterException);
/**
* NEW
* Returns information about the used plugin and its requirements
* (password, certificates ...)
* Example:
* <plugin type="KERBEROS" version="4"></plugin>
* or
* <plugin type="PUBKEY"><KEY type="IDEA" length="1024"/></plugin>
*/
serverIdl::XmlType getPluginInfo();
};
};
----------------------------------8<-------------------------------------------
Cheers,
Wolfgang
________________________________________
www.epost.de - kostenlose eMail mit der Deutschen Post.