#include <SSLIOP_Invocation_Interceptor.h>
Inheritance diagram for TAO::SSLIOP::Server_Invocation_Interceptor:
Public Member Functions | |
| Server_Invocation_Interceptor (PortableInterceptor::ORBInitInfo_ptr info,::Security::QOP default_qop, size_t tss_slot) | |
| Constructor. | |
PortableInterceptor::ServerRequestInterceptor Methods | |
Methods required by the PortableInterceptor::ServerRequestInterceptor interface. | |
| virtual char * | name (void) |
| virtual void | destroy (void) |
| virtual void | receive_request_service_contexts (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | receive_request (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_reply (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_exception (PortableInterceptor::ServerRequestInfo_ptr ri) |
| virtual void | send_other (PortableInterceptor::ServerRequestInfo_ptr ri) |
Protected Member Functions | |
| ~Server_Invocation_Interceptor (void) | |
| Destructor. | |
Private Member Functions | |
Copying and Assignment | |
Protected to prevent copying through the copy constructor and the assignment operator. | |
| Server_Invocation_Interceptor (const Server_Invocation_Interceptor &) | |
| void | operator= (const Server_Invocation_Interceptor &) |
Private Attributes | |
| ::SSLIOP::Current_var | ssliop_current_ |
| Reference to the current SSLIOP execution context. | |
| PortableServer::Current_var | poa_current_ |
| Reference to the POA current. | |
| ::Security::QOP | qop_ |
| The default quality-of-protection settings in use. | |
| SecurityLevel2::SecurityManager_var | sec2manager_ |
| SecurityLevel2 security manager reference. | |
| SecurityLevel2::Current_var | sec2_current_ |
This server request interceptor rejects insecure request invocations if the effective target object policy requires secure invocations.
Definition at line 55 of file SSLIOP_Invocation_Interceptor.h.
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::Server_Invocation_Interceptor::Server_Invocation_Interceptor | ( | PortableInterceptor::ORBInitInfo_ptr | info, | |
| ::Security::QOP | default_qop, | |||
| size_t | tss_slot | |||
| ) |
Constructor.
| info | reference to the ORBInitInfo object so that the interceptor can get access to initial references, etc. | |
| default_qop | the default Quality of Protection | |
| tss_slot | the TSS slot used by the various security features. |
Definition at line 23 of file SSLIOP_Invocation_Interceptor.cpp.
References ACE_DEBUG, TAO_Pseudo_Var_T< T >::in(), CORBA::is_nil(), LM_DEBUG, TAO_debug_level, and TAO::SSLIOP::Current::tss_slot().
00028 : qop_ (default_qop) 00029 { 00030 /* 00031 * Cache references to the "Current" objects that we'll need during 00032 * during invocations. 00033 */ 00034 00035 CORBA::Object_var obj = 00036 info->resolve_initial_references ("SSLIOPCurrent"); 00037 00038 this->ssliop_current_ = ::SSLIOP::Current::_narrow (obj.in ()); 00039 00040 if (!CORBA::is_nil (this->ssliop_current_.in ())) 00041 { 00042 TAO::SSLIOP::Current *tao_current = 00043 dynamic_cast<TAO::SSLIOP::Current *> (this->ssliop_current_.in ()); 00044 00045 if (tao_current != 0) 00046 { 00047 if (TAO_debug_level > 3) 00048 ACE_DEBUG ((LM_DEBUG, "TAO (%P|%t) SSLIOP_Invocation_Interceptor::CTOR--setting up SSLIOP Current with slot %d\n", tss_slot)); 00049 tao_current->tss_slot (tss_slot); 00050 } 00051 else 00052 throw CORBA::INTERNAL (); 00053 } 00054 00055 obj = info->resolve_initial_references ("SecurityLevel2:SecurityManager"); 00056 this->sec2manager_ = SecurityLevel2::SecurityManager::_narrow (obj.in ()); 00057 00058 if (! CORBA::is_nil (this->sec2manager_.in ())) 00059 { 00060 // set the slot id? things seem to work without doing this 00061 } 00062 00063 #if 0 00064 // Don't need this now that we're not using access_allowed(), but 00065 // I'm leaving the code here just in case it would become convenient 00066 // for some other use. 00067 obj = info->resolve_initial_references ("POACurrent"); 00068 this->poa_current_ = PortableServer::Current::_narrow (obj.in ()); 00069 #endif 00070 }
| TAO::SSLIOP::Server_Invocation_Interceptor::~Server_Invocation_Interceptor | ( | void | ) | [protected] |
Destructor.
Protected destructor to force deallocation by the reference counting mechanism.
Definition at line 72 of file SSLIOP_Invocation_Interceptor.cpp.
| TAO::SSLIOP::Server_Invocation_Interceptor::Server_Invocation_Interceptor | ( | const Server_Invocation_Interceptor & | ) | [private] |
| void TAO::SSLIOP::Server_Invocation_Interceptor::destroy | ( | void | ) | [virtual] |
| char * TAO::SSLIOP::Server_Invocation_Interceptor::name | ( | void | ) | [virtual] |
Definition at line 78 of file SSLIOP_Invocation_Interceptor.cpp.
References CORBA::string_dup().
00079 { 00080 return CORBA::string_dup ("TAO::SSLIOP::Server_Invocation_Interceptor"); 00081 }
| void TAO::SSLIOP::Server_Invocation_Interceptor::operator= | ( | const Server_Invocation_Interceptor & | ) | [private] |
| void TAO::SSLIOP::Server_Invocation_Interceptor::receive_request | ( | PortableInterceptor::ServerRequestInfo_ptr | ri | ) | [virtual] |
Definition at line 96 of file SSLIOP_Invocation_Interceptor.cpp.
References ACE_DEBUG, LM_DEBUG, sec2_current_, sec2manager_, Security::SecQOPNoProtection, ssliop_current_, and TAO_debug_level.
00098 { 00099 SecurityLevel2::AccessDecision_var ad_tmp = 00100 this->sec2manager_->access_decision (); 00101 TAO::SL2::AccessDecision_var ad = 00102 TAO::SL2::AccessDecision::_narrow (ad_tmp.in ()); 00103 00104 CORBA::Boolean const no_ssl = 00105 this->ssliop_current_->no_context (); 00106 00107 if (TAO_debug_level >= 3) 00108 ACE_DEBUG ((LM_DEBUG, "SSLIOP (%P|%t) Interceptor (context), ssl=%d\n", !(no_ssl))); 00109 00110 // if 00111 // (1) no SSL session state is available (which means that the 00112 // invocation is received across a non-SSL transport) 00113 // AND 00114 // (2) the required Quality of Protection is something other 00115 // than SecQOPNoProtection (set via -SSLNoProtection) 00116 if (no_ssl && this->qop_ != ::Security::SecQOPNoProtection) 00117 { 00118 /* 00119 * Set up all the arguments needed by the call 00120 * to AccessDecision::access_allowed() 00121 */ 00122 00123 /* Get the credentials from SSLIOP */ 00124 SecurityLevel2::CredentialsList cred_list; // initial empty? 00125 #if 0 00126 try { 00127 SecurityLevel2::ReceivedCredentials_var rcvd_creds = 00128 this->sec2_current_->received_credentials (); 00129 // this gets the credentials received from the other side. We 00130 // should be able to put this into a CredentialsList with no 00131 // problem. 00132 // 00133 // Do I really need to implement a sec2_current, or can I hack 00134 // the conversion at this level? I probably ought to do it as 00135 // a real sec2_current with the conversion from sec3->sec2 00136 // happening at a lower level. 00137 00138 cred_list.length(1); 00139 cred_list[0] = rcvd_creds.in (); 00140 /* 00141 So, in looking for how we can do this, I find that the 00142 SL3_SecurityCurrent::client_credentials() delegates to SL3_SecurityCurrent_Impl::client_credentials(), which is pure virtual. 00143 */ 00144 } 00145 catch (...) { 00146 } 00147 #endif 00148 00149 /* Gather the elements that uniquely identify the target object */ 00150 CORBA::ORBid_var orb_id = ri->orb_id (); 00151 CORBA::OctetSeq_var adapter_id = ri->adapter_id (); 00152 CORBA::OctetSeq_var object_id = ri->object_id (); 00153 CORBA::String_var operation_name = ri->operation (); 00154 00155 CORBA::Boolean it_should_happen = false; 00156 it_should_happen = ad->access_allowed_ex (orb_id.in (), 00157 adapter_id.in (), 00158 object_id.in (), 00159 cred_list, 00160 operation_name.in()); 00161 if (TAO_debug_level >= 3) 00162 { 00163 ACE_DEBUG ((LM_DEBUG, 00164 "TAO (%P|%t) SL2::access_allowed_ex returned %s\n", 00165 it_should_happen ? "true" : "false")); 00166 } 00167 00168 if (! it_should_happen) 00169 throw CORBA::NO_PERMISSION (); 00170 } 00171 }
| void TAO::SSLIOP::Server_Invocation_Interceptor::receive_request_service_contexts | ( | PortableInterceptor::ServerRequestInfo_ptr | ri | ) | [virtual] |
| void TAO::SSLIOP::Server_Invocation_Interceptor::send_exception | ( | PortableInterceptor::ServerRequestInfo_ptr | ri | ) | [virtual] |
| void TAO::SSLIOP::Server_Invocation_Interceptor::send_other | ( | PortableInterceptor::ServerRequestInfo_ptr | ri | ) | [virtual] |
| void TAO::SSLIOP::Server_Invocation_Interceptor::send_reply | ( | PortableInterceptor::ServerRequestInfo_ptr | ri | ) | [virtual] |
The default quality-of-protection settings in use.
Definition at line 130 of file SSLIOP_Invocation_Interceptor.h.
SecurityLevel2::SecurityManager_var TAO::SSLIOP::Server_Invocation_Interceptor::sec2manager_ [private] |
SecurityLevel2 security manager reference.
Definition at line 133 of file SSLIOP_Invocation_Interceptor.h.
Referenced by receive_request().
Reference to the current SSLIOP execution context.
Definition at line 124 of file SSLIOP_Invocation_Interceptor.h.
Referenced by receive_request().
1.4.7