securitylevel3.idl

MICO2.3.13 corba 环境平台

        readonly attribute SL3CM::FeatureDirective    use_client_auth;
        readonly attribute SL3CM::FeatureDirective    use_target_auth;
        readonly attribute SL3CM::FeatureDirective    use_confidentiality;
        readonly attribute SL3CM::FeatureDirective    use_integrity;
    };

    /**
     * The ContextEstablishmentPolicyType constant is 
     * holds value used to denote the ContextEstablishmentPolicy.
     */
    const CORBA::PolicyType ContextEstablishmentPolicyType = ADIRON_VMCID | 1001;
    
    
    /**
     * The ObjectCredentialsPolicy object is placed on the policy list
     * of a POA to indicate the own credentials
     * that govern the accepting contexts for objects underneath
     * that POA. The credentials listed here, only if they have Accepting
     * capability, are used to created security components in the 
     * IOR of the object's reference when created.
     */

    local interface ObjectCredentialsPolicy : CORBA::Policy {
        readonly attribute OwnCredentialsList   creds_list;
    };

    /**
     * The ObjectCredentialsPolicyType constant is 
     * holds value used to denote the ObjectCredentialsPolicy.
     */
    const CORBA::PolicyType ObjectCredentialsPolicyType = ADIRON_VMCID | 1002;

    //--------------------------------------------------------------------
    // Security Level 3 Credentials Acquisition Mechanism
    // 
    //--------------------------------------------------------------------

    /**
     * The CredentialsAcquirer object is created by the Credentials
     * Curator based on the selected method and initial acquisition
     * arguments. When this acquisition is complete and successful,
     * the created credentials are placed on the Credentials
     * curator's own_credentials list. Once get_credentials is called,
     * this object is destroyed.
     */
    local interface CredentialsAcquirer {
        
        /**
         * The acquisition_method attribute contains the acquisition method
         * identifier naming the method by which these credentials
         * are being acquired.
         */

	// begin of ObjectSecurity removal

//          readonly attribute SL3CM::AcquisitionMethod acquisition_method;

	// end of ObjectSecurity removal
        
        /**
         * This call is used to retrieve the acquired OwnCredentials
         * and place the credentials on the curator's own
         * credentials list.
         *
         * @param on_list  True if these credentials go on the default
         *                 list of credentials.
         */
        OwnCredentials get_credentials(
            in boolean on_list
        );
        
        /**
         * This operation is used to destroy the object before
         * get_credentials is called.
         */
        void destroy();
    };
    
    /**
     * The CredentialsCurator object is a single object per an ORB
     * instance's Security Service. It has the ability to create
     * CredentialsAcquirers and keeps a list of active credentials.
     * <pre>
     * CredentialsCurator cur = ....
     *          resolve_initial_references("SL3:CredentialsCurator");
     * Any arg = ... build up acquisition 
     *              argument with SL3CSI::CSIArgBuilder
     * CredentialsAcquirer aqr =
     *          cur.acquire_credentials("SL3CSIAQArgs",arg);
     * OwnCredentials own = aqr.get_credentials(false);
     * </pre>
     */
    local interface CredentialsCurator {

        /**
         * The supported_methods attribute contains a list of 
         * acquisition methods that are supported. Method identifiers
         * are defined in modules that signify their support.
         *
         * @see "SL3AQArgs"
         * @see "SL3CSI"
         * @see "SL3TLS"
         * @see "SL3TCPIP"
         * @see "SL3KRB5"
         */

	// begin of ObjectSecurity removal
//          readonly attribute SL3CM::AcquisitionMethodList
//                                                          supported_methods;

	// end of ObjectSecurity removal
        
        /**
         * This operation is used to create a CredentialsAcquirer for
         * a particular acquisition method. It takes an initial set
         * of arguments, so the possibility that the credentials
         * may be immediately available from a call to get_credentials
         * on the created Credentials Acquirer.
         * <p>
         * The acquisition_arguments is a CORBA any that is constructed
         * according to the method used. Please see the ArgumentFactory
         * from the SL3AQArgs module for a local object that helps 
         * immensely with the construction of this complex argument.
         * Extensions of that object are defined in their own
         * separate modules that pertain to the particular acquisition
         * mechanism, such as the SL3CSI, SL3TLS, SL3TCPIP modules.
         *
         * <h4>Parameters</h4>
         * <dl>
         * <dt>acquisition_method
         * <dd>The identifier of the desired acquisition method.
         *       A CORBA BAD_PARAM exception will be raised if the
         *       named method is not supported.
         * <dt>acquisition_arguments
         * <dd>The argument of the desired acquisition method.
         *       This CORBA any type is constructed according to 
         *       the particular mechanism.
         * </dl>
         * @see "SL3AQArgs"
         * @see "SL3CSI"
         * @see "SL3TLS"
         * @see "SL3TCPIP"
         */

	// begin of ObjectSecurity change

        CredentialsAcquirer acquire_credentials(
            in SL3AQArgs::Argument acquisition_arguments
        );

	// end of ObjectSecurity change

        /**
         * The Curator's Default Own Credentials list.
         */
        readonly attribute OwnCredentialsList default_creds_list;
        
        /**
         * The Curator's ids of the credentials on the default list.
         */

	// begin of ObjectSecurity removal

//          readonly attribute SL3CM::CredentialsIdList  default_creds_ids;

	// end of ObjectSecurity removal

        /**
         * This operation retrieves Own Credentials by identifier.
         * It is not required that the identifier name a credentials
         * on the default_credentials_list.  The Curator keeps track 
         * of all OwnCredentials it creates, until they are explicitly
         * released.
         */
        OwnCredentials get_own_credentials(
            in SL3CM::CredentialsId credentials_id
        );
        
        /**
         * This operation releases credentials from the default_creds_list,
         * if there, and also disables the credentials from further use,
         * provided that all their pending work is done.
         */
        void release_own_credentials (
            in SL3CM::CredentialsId  credentials_id
        );
            
    };
    
    //--------------------------------------------------------------------
    // Security Service ORB Objects
    //     Retrieved from the ORB by "resolve_initial_references".
    // 
    //--------------------------------------------------------------------

    /**
     * The SecurityManager object represents the Security Level 3
     * Security Service. There is one object of this type per ORB
     * instance. It is resolved by a call to
     * <p>
     * ORB::resolve_initial_references("SecurityLevel3::SecurityManager");
     */
    local interface SecurityManager {

        /**
         * The credentials_curator attribute contains the reference
         * to the SecurityLevel3 Credentials Curator. There is only
         * one instance per ORB.
         */
        readonly attribute CredentialsCurator credentials_curator;
        
        /**
         * The get_target_credentials operation retrieves the
         * TargetCredentials that represents a CSIv2 security association
         * with a Target. This operation causes communication with
         * the target in order to establish a security context.
         */
        TargetCredentials get_target_credentials(
            in  Object          the_object
        );
        
        /**
         * The create_context_estab_policy operation is a policy factory
         * operation that creates the Security Level 3 
         * ContextEstablishmentPolicy object. This policy is placed on 
         * the policy override lists of object references to direct
         * the security characteristics when communicating through
         * that object reference.
         * <p>
         * If this policy is not put on an object reference, and the
         * <a href="TransportSecurity.ObjectCredentialsPolicy.html">
         * TransportSecurity::ObjectCredentialsPolicy</a>
         * is also not on the object references policy list,
         * then the default credentials lists from the
         * <a href="SecurityLevel3.CredentialsCurator.html">
         * SecurityLevel3::CredentialsCurator</a>
         * and
         * <a href="TransportSecurity::CredentialsCurator.html">
         * TransportSecurity::CredentialsCurator</a>
         * are used. 
         */
        ContextEstablishmentPolicy create_context_estab_policy(
            in SL3CM::CredsDirective     creds_directive,
            in OwnCredentialsList creds_list,
            in SL3CM::FeatureDirective   use_client_auth,
            in SL3CM::FeatureDirective   use_target_auth,
            in SL3CM::FeatureDirective   use_confidentiality,
            in SL3CM::FeatureDirective   use_integrity
        );

        /**
         * The create_object_creds_policy is a policy factory operation
         * that creates the ObjectCredentialsPolicy object. This policy
         * is solely for use with policies place on POAs with "POA.create_POA".
         * It restricts the POAs use of credentials. If this policy is
         * not put on a POA, and the
         * <a href="TransportSecurity.ObjectCredentialsPolicy.html">
         * TransportSecurity::ObjectCredentialsPolicy</a>
         * is also not on the  POA policy list, then the default
         * credentials lists from the
         * <a href="SecurityLevel3.CredentialsCurator.html">
         * SecurityLevel3::CredentialsCurator</a>
         * and
         * <a href="TransportSecurity::CredentialsCurator.html">
         * TransportSecurity::CredentialsCurator</a>
         * are used. 
         */

        ObjectCredentialsPolicy create_object_creds_policy(
            in OwnCredentialsList   creds_list
        );
    };
    
    /**
     * The Security Current object references thread specific
     * data pertaining to the security service. It is used
     * to retrieve the client's credentials during an invocation
     * on the server side.
     * <p>
     * There is only one instance of this object per ORB instance.
     * It is retrieved by
     * <pre>
     * ORB.resolve_initial_references("SecurityLevel3::SecurityCurrent");
     * </pre>
     */
    local interface SecurityCurrent {

        /**
         * From inside the execution of a target object implementation the
         * client_credentials attribute contains the representation of 
         * the remote client's credentials. This object represents the
         * security context with the remote CSIv2 client.
         * <p>
         * If the client is not CSIv2 based, there are no CSIv2 Client
         * Credentials, and this operation returns null. In this case, 
         * the user should try the
         * <a href="TransportSecurity.SecurityCurrent.html>
         * TransportSecurity::SecurityCurrent</a>,
         * as the request may have come over a secure or 
         * insecure transport, such as IIOP or TLS, without a CSIv2
         * Service Context.
         */
        readonly attribute ClientCredentials client_credentials;
        
        /**
         * The request_is_local attribute is true if the current thread
         * of execution is servicing a request on a collocated object. 
         * The value of this attribute is false if there is no remote
         * request, i.e. if this attribute is queried from a pure 
         * client thread.
         * <p>
         * If this attribute is true, the client_credentials attribute
         * returns the credentials of the remote client no matter how
         * deep the collocated call stack, unless of course, this request
         * is not CSIv2 based, in which case it returns null.
         */

	// begin of ObjectSecurity removal

//          readonly attribute boolean request_is_local;

	// end of ObjectSecurity removal
    };

};
#endif // _SECURITY_LEVEL3_IDL_