[omniORB] omniORB Authentication Methods
Stephan February
stephan.february at gmail.com
Mon Oct 16 07:02:32 BST 2006
On 10/12/06, Duncan Grisby <duncan at grisby.org> wrote:
>
> On Wednesday 11 October, "Stephan February" wrote:
>
> - Enforcing a single access point (based on a paper titled
> "Architectural
> > Patterns for Enabling Application Security")
> > I am thinking that using Custom Servant Managers allows one to
> achieve
> > this.
>
> I'm not sure what that means. Can you explain?
The Single Access Point design pattern is explained in this paper:
http://st-www.cs.uiuc.edu/~hanmer/PLoP-97/Proceedings/yoder.pdf<http://st-www.cs.uiuc.edu/%7Ehanmer/PLoP-97/Proceedings/yoder.pdf>
In my implementation I intend to :
a) Create my own POA
b) Create a custom servant manager for POA in (a)
c) Enforce Role Based Access Controls against (oid, operation) tuple in
the preinvoke() method
of the servant manager. i.e. Refuse to return a servant object for
which a user does not
have appropriate privileges.
Do you forsee any problems with this approach (other then that all my
servants *must* be registered with my "secured" POA).
Regards
Stephan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.omniorb-support.com/pipermail/omniorb-list/attachments/20061016/9212fbf1/attachment.htm
More information about the omniORB-list
mailing list