[omniORB] Access control
Bruno Dorel
bd.ais40@wanadoo.fr
Fri Dec 13 07:29:02 2002
Duncan Grisby wrote:
> On Tuesday 10 December, Gustavo Niemeyer wrote:
>
> > Interceptors are only able to do the basic authentication (accept/deny),
> > right? How do you limit the functionality allowed for different clients?
>
> The normal approach is to use an interceptor to put something into
> per-thread storage, and then access it from the application code.
>
> Cheers,
>
> Duncan.
>
> --
> -- Duncan Grisby --
> -- duncan@grisby.org --
> -- http://www.grisby.org --
> _______________________________________________
> omniORB-list mailing list
> omniORB-list@omniorb-support.com
> http://www.omniorb-support.com/mailman/listinfo/omniorb-list
Did you implement interceptors and ServiceContext in Omniorb ?
An other way to deal with access control is to implement a client request
interceptor which join a "Ticket"
in a Service-Context on the server side an interceptor read the "Ticket"
and bind a "Security Server"
to check the rigths of this client . Up to you to implement the Security
Server (Tickets delivery for clients,
right Checker for tickets and cipher keys generation if you encrypt yours data
in messages)
By ticket I mean any data structure including the client name, role ,random
session number ...... etc
Hope this can help
Regards
B. DOREL