Package org.wildfly.iiop.openjdk.csiv2

Class ElytronSASClientInterceptor

java.lang.Object
org.omg.CORBA.LocalObject
org.wildfly.iiop.openjdk.csiv2.ElytronSASClientInterceptor
All Implemented Interfaces:
Serializable, org.omg.CORBA.Object, org.omg.CORBA.portable.IDLEntity, org.omg.PortableInterceptor.ClientRequestInterceptor, org.omg.PortableInterceptor.ClientRequestInterceptorOperations, org.omg.PortableInterceptor.Interceptor, org.omg.PortableInterceptor.InterceptorOperations
public class ElytronSASClientInterceptor extends org.omg.CORBA.LocalObject implements org.omg.PortableInterceptor.ClientRequestInterceptor
This implementation of org.omg.PortableInterceptor.ClientRequestInterceptor inserts the security attribute service (SAS) context into outgoing IIOP requests and handles the SAS messages received from the target security service in the SAS context of incoming IIOP replies.

When creating the SAS context, this implementation looks for an Elytron AuthenticationConfiguration that matches the target URI (in the form iiop://hostname:port) and then uses the configuration to obtain the security info (like username and password) that is inserted into the security tokens that are set in the SAS context.

The type of security tokens that are constructed depends on the target security requirements:

  • If the target supports identity propagation, the identity obtained from the Elytron configuration that matches the target URI to build the IdentityToken that is inserted into the SAS context. This usually means using a configuration backed by a security domain so that the current authenticated identity in that domain is used to build the identity token.
  • If in addition to the identity token the target requires username/password authentication, it means the target expects this runtime (server) to identify itself using its own username and credentials. Once this runtime has been authenticated, the identity contained in the identity token is used as a run-as identity.

    In terms of configuration, it must match the target URI and it is usually a config that defines this server's auth-name and associated credential via credential-reference.

  • If the target doesn't support identity propagation but supports username/password authentication, the identity and credentials obtained from the Elytron configuration that matches the target URI to build the InitialContextToken. Again, this usually means using a configuration backed by a security domain so that the current authenticated identity in that domain and its associated credentials are used to build the initial context token.
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    ElytronSASClientInterceptor(org.omg.IOP.Codec codec)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
     
    String
    name()
     
    void
    receive_exception(org.omg.PortableInterceptor.ClientRequestInfo ri)
     
    void
    receive_other(org.omg.PortableInterceptor.ClientRequestInfo ri)
     
    void
    receive_reply(org.omg.PortableInterceptor.ClientRequestInfo ri)
     
    void
    send_poll(org.omg.PortableInterceptor.ClientRequestInfo ri)
     
    void
    send_request(org.omg.PortableInterceptor.ClientRequestInfo ri)
     
    static void
    setAuthenticationContextName(String authenticationContextName)
     

    Methods inherited from class org.omg.CORBA.LocalObject

    _create_request, _create_request, _duplicate, _get_domain_managers, _get_interface, _get_interface_def, _get_policy, _hash, _invoke, _is_a, _is_equivalent, _is_local, _non_existent, _orb, _release, _releaseReply, _request, _request, _servant_postinvoke, _servant_preinvoke, _set_policy_override, validate_connection

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.omg.CORBA.Object

    _create_request, _create_request, _duplicate, _get_domain_managers, _get_interface_def, _get_policy, _hash, _is_a, _is_equivalent, _non_existent, _release, _request, _set_policy_override

  • Constructor Details

    • ElytronSASClientInterceptor

      public ElytronSASClientInterceptor(org.omg.IOP.Codec codec)

  • Method Details

    • setAuthenticationContextName

      public static void setAuthenticationContextName(String authenticationContextName)

    • send_request

      public void send_request(org.omg.PortableInterceptor.ClientRequestInfo ri) throws org.omg.PortableInterceptor.ForwardRequest
      Specified by:
      send_request in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
      Throws:
      org.omg.PortableInterceptor.ForwardRequest

    • send_poll

      public void send_poll(org.omg.PortableInterceptor.ClientRequestInfo ri)
      Specified by:
      send_poll in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations

    • receive_reply

      public void receive_reply(org.omg.PortableInterceptor.ClientRequestInfo ri)
      Specified by:
      receive_reply in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations

    • receive_exception

      public void receive_exception(org.omg.PortableInterceptor.ClientRequestInfo ri) throws org.omg.PortableInterceptor.ForwardRequest
      Specified by:
      receive_exception in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
      Throws:
      org.omg.PortableInterceptor.ForwardRequest

    • receive_other

      public void receive_other(org.omg.PortableInterceptor.ClientRequestInfo ri) throws org.omg.PortableInterceptor.ForwardRequest
      Specified by:
      receive_other in interface org.omg.PortableInterceptor.ClientRequestInterceptorOperations
      Throws:
      org.omg.PortableInterceptor.ForwardRequest

    • name

      public String name()
      Specified by:
      name in interface org.omg.PortableInterceptor.InterceptorOperations

    • destroy

      public void destroy()
      Specified by:
      destroy in interface org.omg.PortableInterceptor.InterceptorOperations