Package org.wildfly.iiop.openjdk.csiv2

Class ElytronSASClientInterceptor

  • All Implemented Interfaces:
    Serializable, org.omg.CORBA.Object, org.omg.CORBA.portable.IDLEntity, org.omg.PortableInterceptor.ClientRequestInterceptor, org.omg.PortableInterceptor.ClientRequestInterceptorOperations, org.omg.PortableInterceptor.Interceptor, org.omg.PortableInterceptor.InterceptorOperations
    public class ElytronSASClientInterceptor
extends org.omg.CORBA.LocalObject
implements org.omg.PortableInterceptor.ClientRequestInterceptor
    This implementation of org.omg.PortableInterceptor.ClientRequestInterceptor inserts the security attribute service (SAS) context into outgoing IIOP requests and handles the SAS messages received from the target security service in the SAS context of incoming IIOP replies.

    When creating the SAS context, this implementation looks for an Elytron AuthenticationConfiguration that matches the target URI (in the form iiop://hostname:port) and then uses the configuration to obtain the security info (like username and password) that is inserted into the security tokens that are set in the SAS context.

    The type of security tokens that are constructed depends on the target security requirements:

    • If the target supports identity propagation, the identity obtained from the Elytron configuration that matches the target URI to build the IdentityToken that is inserted into the SAS context. This usually means using a configuration backed by a security domain so that the current authenticated identity in that domain is used to build the identity token.
    • If in addition to the identity token the target requires username/password authentication, it means the target expects this runtime (server) to identify itself using its own username and credentials. Once this runtime has been authenticated, the identity contained in the identity token is used as a run-as identity.

      In terms of configuration, it must match the target URI and it is usually a config that defines this server's auth-name and associated credential via credential-reference.

    • If the target doesn't support identity propagation but supports username/password authentication, the identity and credentials obtained from the Elytron configuration that matches the target URI to build the InitialContextToken. Again, this usually means using a configuration backed by a security domain so that the current authenticated identity in that domain and its associated credentials are used to build the initial context token.
    See Also:
    Serialized Form

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()  
      String name()  
      void receive_exception​(org.omg.PortableInterceptor.ClientRequestInfo ri)  
      void receive_other​(org.omg.PortableInterceptor.ClientRequestInfo ri)  
      void receive_reply​(org.omg.PortableInterceptor.ClientRequestInfo ri)  
      void send_poll​(org.omg.PortableInterceptor.ClientRequestInfo ri)  
      void send_request​(org.omg.PortableInterceptor.ClientRequestInfo ri)  
      static void setAuthenticationContextName​(String authenticationContextName)  

      • Methods inherited from class org.omg.CORBA.LocalObject

        _create_request, _create_request, _duplicate, _get_domain_managers, _get_interface, _get_interface_def, _get_policy, _hash, _invoke, _is_a, _is_equivalent, _is_local, _non_existent, _orb, _release, _releaseReply, _request, _request, _servant_postinvoke, _servant_preinvoke, _set_policy_override, validate_connection

      • Methods inherited from interface org.omg.CORBA.Object

        _create_request, _create_request, _duplicate, _get_domain_managers, _get_interface_def, _get_policy, _hash, _is_a, _is_equivalent, _non_existent, _release, _request, _set_policy_override

    • Constructor Detail

      • ElytronSASClientInterceptor

        public ElytronSASClientInterceptor​(org.omg.IOP.Codec codec)

    • Method Detail

      • setAuthenticationContextName

        public static void setAuthenticationContextName​(String authenticationContextName)

      • send_request

        public void send_request​(org.omg.PortableInterceptor.ClientRequestInfo ri)
                  throws org.omg.PortableInterceptor.ForwardRequest
        Specified by:
        send_request in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
        Throws:
        org.omg.PortableInterceptor.ForwardRequest

      • send_poll

        public void send_poll​(org.omg.PortableInterceptor.ClientRequestInfo ri)
        Specified by:
        send_poll in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations

      • receive_reply

        public void receive_reply​(org.omg.PortableInterceptor.ClientRequestInfo ri)
        Specified by:
        receive_reply in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations

      • receive_exception

        public void receive_exception​(org.omg.PortableInterceptor.ClientRequestInfo ri)
                       throws org.omg.PortableInterceptor.ForwardRequest
        Specified by:
        receive_exception in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
        Throws:
        org.omg.PortableInterceptor.ForwardRequest

      • receive_other

        public void receive_other​(org.omg.PortableInterceptor.ClientRequestInfo ri)
                   throws org.omg.PortableInterceptor.ForwardRequest
        Specified by:
        receive_other in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
        Throws:
        org.omg.PortableInterceptor.ForwardRequest

      • name

        public String name()
        Specified by:
        name in interface org.omg.PortableInterceptor.InterceptorOperations

      • destroy

        public void destroy()
        Specified by:
        destroy in interface org.omg.PortableInterceptor.InterceptorOperations