[omniORB] Single Login to server program

Muro, Sam research at businesstz.com
Wed Aug 4 11:14:56 BST 2010 

Thomas Lockhart wrote:
>            > This is exactly want i want to implement. When the client
> object is
>  > invoked, It returns a security key which will be needed for any
>  > subsequent operations until its life time expires. I am not very
>  > experienced in this but what i need is ability to remember that key,
>  > access it priori to invoking login() method. For example, one can
>  > store the security key into a file, and access it using md5checksum
>  > to guarantee that no one has changed its content. The question is how
>  > to do this
>  > Kindly assist if you can paste some code snippets of what you think
>  > will work
>
>  Well, the interfaces could look something like this:
>
>  interface SecureServer {
>    void DoSomething(in long key);
>    void DoSomethingElse(in long key);
>    oneway void logout(key);
>  };
>
>  interface SecureLogin {
>    void login(in string user, in string pw, out SecureServer server, out
> long key);
>  };
>
>  From the client, you would find your secure login server (possibly using
> the Naming Service), then invoke the following sequence:
>
>    sl->login(user, pw, ss, key);
>    ss->DoSomething(key);
>    ss->DoSomethingElse(key);
>    ss->logout(key);
>
This is ok. But now suppose you do not want to logoff so that the next run
make use of the secure key to make a connection to the server, how do we
store this key for future use?

// debug(--retrieve the saved key from--)

if (!key){
    s1->login(user, pw, ss, key);

};
try {
    ss->DoSomething(key);
    ss->DoSomethingElse(key);
    ss->logout(key);
}
catch (login_exceptions){
   debug(....);
   ss->login(user, pw, ss, key)
   debug(--save the key for future use--) //HOW
}

>  In the server, the login method would create a temporary server object
> implementing the SecureServer interface and return a handle and a key.
> Subsequent calls to that new server object (or an object from a pool)
> would include that key for validation. The call to logout would destroy
> the object or the key and validated connection.
>
>  If you have a good book on C++ CORBA ("Advanced CORBA Programming with
> C++" by Henning and Vinoski is the best for any language imo) then
> looking for examples which return iterators will illustrate these
> temporary server-side objects.
>
>  My use of the word "secure" is just for illustration; others may point
> out possible weaknesses in this approach.
>
>  hth
>
>                                      - Tom
>
>

More information about the omniORB-list mailing list