[omniORB] more ILU -> omniORB questions
Carlos
carlos at canama.net
Tue Sep 30 10:12:40 BST 2003
Geoff Gerrietts wrote:
> I'm sure everyone is quite sick of hearing about my challenges, but
Of course :-)
> I'd like to throw one more out there and get some feedback on how
> things might work best.
>
> ILU provided a crude authentication scheme in the form of "passports".
> We exploited this feature to put a Sun RPC Authentication token that
> carried the current user's name down into the service. We could then
> use this information in log messages, etcetera.
>
> It seems to me that CORBA and omniORB lack such a facility, being more
> focused on quality service of remote objects and less on the server
> features. If I'm wrong I would love to know, but let's assume I'm
> right.
>
> It occurs to me that the only way to build this back in, is to
> explicitly pass the information as part of a method's argument list. I
> think this is one more thing that I need to build into my wrapper
> classes; then the IDL will look a little funny but otherwise it should
> work out fine. Does anyone have a better idea?
>
In our app we do this:
interface User {
Level level_;
...
};
this interface is used in factories to create remote objects that are
used by the user:
interface A {
void afunction() raises LevelIncorrect;
void another_function() raises LevelIncorrect;
...
};
interface B {...};
interface App {
A A_factory(in User);
B B_factory(in User);
...
};
The disadvantage of this is that one instance of object A or B is only
used by the user that created it. We used this solution for objects that
change their persistent state, so we know which user changed the
persistent state of object and we implement security at server side, for
example one user can to do afunction() but not another_function().
I expect that this help you.
Carlos.
> Thanks,
> --G.
>
More information about the omniORB-list
mailing list