#include <SSLIOP_Invocation_Interceptor.h>
Inheritance diagram for TAO::SSLIOP::Server_Invocation_Interceptor:
Public Member Functions | |
| Server_Invocation_Interceptor (PortableInterceptor::ORBInitInfo_ptr info,::Security::QOP default_qop, size_t tss_slot) | |
| Constructor. | |
PortableInterceptor::ServerRequestInterceptor Methods | |
Methods required by the PortableInterceptor::ServerRequestInterceptor interface. | |
| virtual char * | name (void) |
| virtual void | destroy (void) |
| virtual void | receive_request_service_contexts (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | receive_request (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_reply (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_exception (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_other (PortableInterceptor::ServerRequestInfo_ptr ri) |
Protected Member Functions | |
| ~Server_Invocation_Interceptor (void) | |
| Destructor. | |
Private Member Functions | |
Copying and Assignment | |
Protected to prevent copying through the copy constructor and the assignment operator. | |
| Server_Invocation_Interceptor (const Server_Invocation_Interceptor &) | |
| void | operator= (const Server_Invocation_Interceptor &) |
Private Attributes | |
| ::SSLIOP::Current_var | ssliop_current_ |
| Reference to the current SSLIOP execution context. | |
| PortableServer::Current_var | poa_current_ |
| Reference to the POA current. | |
| ::Security::QOP | qop_ |
| The default quality-of-protection settings in use. | |
| SecurityLevel2::SecurityManager_var | sec2manager_ |
| SecurityLevel2 security manager reference. | |
| SecurityLevel2::Current_var | sec2_current_ |
This server request interceptor rejects insecure request invocations if the effective target object policy requires secure invocations.
Definition at line 55 of file SSLIOP_Invocation_Interceptor.h.
|
||||||||||||||||
|
Constructor.
Definition at line 23 of file SSLIOP_Invocation_Interceptor.cpp. References ACE_DEBUG, CORBA::is_nil(), LM_DEBUG, TAO_debug_level, and TAO::SSLIOP::Current::tss_slot().
00028 : qop_ (default_qop) 00029 { 00030 /* 00031 * Cache references to the "Current" objects that we'll need during 00032 * during invocations. 00033 */ 00034 00035 CORBA::Object_var obj = 00036 info->resolve_initial_references ("SSLIOPCurrent"); 00037 00038 this->ssliop_current_ = ::SSLIOP::Current::_narrow (obj.in ()); 00039 00040 if (!CORBA::is_nil (this->ssliop_current_.in ())) 00041 { 00042 TAO::SSLIOP::Current *tao_current = 00043 dynamic_cast<TAO::SSLIOP::Current *> (this->ssliop_current_.in ()); 00044 00045 if (tao_current != 0) 00046 { 00047 if (TAO_debug_level > 3) 00048 ACE_DEBUG ((LM_DEBUG, "TAO (%P|%t) SSLIOP_Invocation_Interceptor::CTOR--setting up SSLIOP Current with slot %d\n", tss_slot)); 00049 tao_current->tss_slot (tss_slot); 00050 } 00051 else 00052 throw CORBA::INTERNAL (); 00053 } 00054 00055 obj = info->resolve_initial_references ("SecurityLevel2:SecurityManager"); 00056 this->sec2manager_ = SecurityLevel2::SecurityManager::_narrow (obj.in ()); 00057 00058 if (! CORBA::is_nil (this->sec2manager_.in ())) 00059 { 00060 // set the slot id? things seem to work without doing this 00061 } 00062 00063 #if 0 00064 // Don't need this now that we're not using access_allowed(), but 00065 // I'm leaving the code here just in case it would become convenient 00066 // for some other use. 00067 obj = info->resolve_initial_references ("POACurrent"); 00068 this->poa_current_ = PortableServer::Current::_narrow (obj.in ()); 00069 #endif 00070 } |
|
|
Destructor. Protected destructor to force deallocation by the reference counting mechanism. Definition at line 72 of file SSLIOP_Invocation_Interceptor.cpp.
00074 {
00075 }
|
|
|
|
|
|
Definition at line 84 of file SSLIOP_Invocation_Interceptor.cpp.
00085 {
00086 }
|
|
|
Definition at line 78 of file SSLIOP_Invocation_Interceptor.cpp. References CORBA::string_dup().
00079 {
00080 return CORBA::string_dup ("TAO::SSLIOP::Server_Invocation_Interceptor");
00081 }
|
|
|
|
|
|
Definition at line 96 of file SSLIOP_Invocation_Interceptor.cpp. References ACE_DEBUG, LM_DEBUG, sec2_current_, sec2manager_, ssliop_current_, and TAO_debug_level.
00098 {
00099 SecurityLevel2::AccessDecision_var ad_tmp =
00100 this->sec2manager_->access_decision ();
00101 TAO::SL2::AccessDecision_var ad =
00102 TAO::SL2::AccessDecision::_narrow (ad_tmp.in ());
00103
00104 CORBA::Boolean const no_ssl =
00105 this->ssliop_current_->no_context ();
00106
00107 if (TAO_debug_level >= 3)
00108 ACE_DEBUG ((LM_DEBUG, "SSLIOP (%P|%t) Interceptor (context), ssl=%d\n", !(no_ssl)));
00109
00110 // if
00111 // (1) no SSL session state is available (which means that the
00112 // invocation is received across a non-SSL transport)
00113 // AND
00114 // (2) the required Quality of Protection is something other
00115 // than SecQOPNoProtection (set via -SSLNoProtection)
00116 if (no_ssl && this->qop_ != ::Security::SecQOPNoProtection)
00117 {
00118 /*
00119 * Set up all the arguments needed by the call
00120 * to AccessDecision::access_allowed()
00121 */
00122
00123 /* Get the credentials from SSLIOP */
00124 SecurityLevel2::CredentialsList cred_list; // initial empty?
00125 #if 0
00126 try {
00127 SecurityLevel2::ReceivedCredentials_var rcvd_creds =
00128 this->sec2_current_->received_credentials ();
00129 // this gets the credentials received from the other side. We
00130 // should be able to put this into a CredentialsList with no
00131 // problem.
00132 //
00133 // Do I really need to implement a sec2_current, or can I hack
00134 // the conversion at this level? I probably ought to do it as
00135 // a real sec2_current with the conversion from sec3->sec2
00136 // happening at a lower level.
00137
00138 cred_list.length(1);
00139 cred_list[0] = rcvd_creds.in ();
00140 /*
00141 So, in looking for how we can do this, I find that the
00142 SL3_SecurityCurrent::client_credentials() delegates to SL3_SecurityCurrent_Impl::client_credentials(), which is pure virtual.
00143 */
00144 }
00145 catch (...) {
00146 }
00147 #endif
00148
00149 /* Gather the elements that uniquely identify the target object */
00150 CORBA::ORBid_var orb_id = ri->orb_id ();
00151 CORBA::OctetSeq_var adapter_id = ri->adapter_id ();
00152 CORBA::OctetSeq_var object_id = ri->object_id ();
00153
00154 CORBA::String_var operation_name = ri->operation ();
00155
00156 CORBA::Boolean it_should_happen = false;
00157 it_should_happen = ad->access_allowed_ex (orb_id.in (),
00158 adapter_id.in (),
00159 object_id.in (),
00160 cred_list,
00161 operation_name.in());
00162 if (TAO_debug_level >= 3)
00163 ACE_DEBUG ((LM_DEBUG,
00164 "TAO (%P|%t) SL2::access_allowed_ex returned %s\n",
00165 it_should_happen ? "true" : "false"));
00166
00167 if (! it_should_happen)
00168 throw CORBA::NO_PERMISSION ();
00169 }
00170 }
|
|
|
Definition at line 89 of file SSLIOP_Invocation_Interceptor.cpp.
00091 {
00092 }
|
|
|
Definition at line 179 of file SSLIOP_Invocation_Interceptor.cpp.
00181 {
00182 }
|
|
|
Definition at line 185 of file SSLIOP_Invocation_Interceptor.cpp.
00187 {
00188 }
|
|
|
Definition at line 173 of file SSLIOP_Invocation_Interceptor.cpp.
00175 {
00176 }
|
|
|
Reference to the POA current.
Definition at line 127 of file SSLIOP_Invocation_Interceptor.h. |
|
|
The default quality-of-protection settings in use.
Definition at line 130 of file SSLIOP_Invocation_Interceptor.h. |
|
|
Definition at line 134 of file SSLIOP_Invocation_Interceptor.h. Referenced by receive_request(). |
|
|
SecurityLevel2 security manager reference.
Definition at line 133 of file SSLIOP_Invocation_Interceptor.h. Referenced by receive_request(). |
|
|
Reference to the current SSLIOP execution context.
Definition at line 124 of file SSLIOP_Invocation_Interceptor.h. Referenced by receive_request(). |
1.3.6