Chapter 2 Securing Component Access


Intercomponent authentication

This section describes various security features available to components, including:

Accessing SSL information

Clients can connect to a secure IIOP port using an SSL client certificate. You can issue intercomponent calls to the built-in CtsSecurity/SessionInfo component to retrieve the client certificate data, including:

This component implements CtsSecurity::SessionInfo IDL interface. HTML documentation is available for the interface in the html/ir subdirectory of your EAServer installation. You can view it by loading the main EAServer HTML page, then clicking the "Interface Repository" link.

Note   The CtsSecurity::UserCredentials interface is deprecated The CtsSecurity::UserCredentials interface, which is implemented by the CtsSecurity/UserCredentials component, has been replaced by the CtsSecurity::SessionInfo interface, which provides additional functionality such as certificate parsing. EAServer supports the CtsSecurity::UserCredentials interface for backward compatibility. Use the CtsSecurity::SessionInfo interface if you are developing new components.

Non-EJB components

For non-EJB CORBA components, the following mechanisms are used for authentication within a server and for standalone clients:

  1. Embed the user name and password in the URL when creating a component instance. For example:

    Module::Interface_var compInstance = Module::Interface::narrow( "iiop[s]://user:password:host:port/EAServerPackage/EAServerComponent");
    
  2. Use the lookup method on SessionManager::Factory. You cannot embed a user name/password in the URL.

    See the SessionManager IDL documentation for more information and these chapters:

C++ components

C++ components (and PowerBuilder NVOs) can make intercomponent calls across different servers using SSL in much the same way as any other C++ client. However, be aware of these considerations:

See the EAServer Programmer's Guide for information about developing C++ components and clients

Your EAServer installation includes a sample C++ component that demonstrates how to call the CtsSecurity/UserCredentials component methods. See the following file in your EAServer installation for more information:

sample/SecurityDemo/readme.txt

 


Copyright © 2002 Sybase, Inc. All rights reserved.