local interface CredentialsCuratorThe
CredentialsCurator object is a single object per an ORB
instance's Security Service. It has the ability to create
CredentialsAcquirers and keeps a list of active default
credentials. It is resolved by a call to
ORB.resolve_initial_references("SecurityLevel3:CredentialsCurator");
Or it may be retrieved from the SecurityManager's
credentials_curator attribute.
The following pseudo code describes the process of credentials
acquisition using CredentialsCurator.
// Resolve the Credentials Curator
CredentialsCurator curator = ....
resolve_initial_references("SecurityLevel3:CredentialsCurator");
// Build up an acquisition argument (e.g., using SL3CSI::CSIArgBuilder)
Any arg = ...
// Acquire credentials and get a Credentials Acquirer
CredentialsAcquirer acquirer =
curator.acquire_credentials("SL3CSIAQArgs",arg);
// Get credentials and destroy the Credentials Acquirer
OwnCredentials own = acquirer.get_credentials(false);
CredentialsAcquirer for a particular
acquisition method.
readonly attribute CredentialsIdList default_creds_ids;The Curator's ids of the credentials on the default list.
readonly attribute OwnCredentialsList default_creds_list;The Curator's Default Own Credentials list.
readonly attribute AcquisitionMethodList supported_methods;This attribute contains a list of acquisition methods that are supported. Method identifiers are defined in modules that signify their support.
"SL3CSI""SL3TLS""SL3TCPIP""SL3KRB5"CredentialsAcquirer acquire_credentials(in AcquisitionMethod acquisition_method,
in any acquisition_arguments);
This operation starts the process of credentials acquisition and
create a CredentialsAcquirer for a particular
acquisition method. It takes an initial set of arguments for
the acquisition. The content of the arguments are based on the
acquisiton method. Depending on the method, it is possible that
the credentials may be immediately available from a call to
get_credentials on the returned
CredentialsAcquirer.
If the process of credentials acquisition is not completed upon
the return of the acquire_credentials operation,
the returned CredentialsAcquirer object shall have
its current_status at AQST_Continued.
In this case, the get_continuation_data and
continue_acquisition operations shall be used to
complete the credentials acquisition process.
If the process of credentials acquisition fails, it is up to the
implementation to either throw a system exception or return a
CredentialsAcquirer with the AQST_Failed
status.
The acquisition_arguments parameter is a CORBA
any that is constructed according to the acquisition
method used. The ArgumentFactory from the
SL3AQArgs module is a local object that helps
immensely with the construction of this complex argument.
Extensions of that object are defined in their own separate
modules that pertain to the particular acquisition mechanism,
such as the SL3CSI, SL3TLS, SL3TCPIP, SL3KRB5 modules.
acquisition_method - The identifier of the desired acquisition method.
A CORBA BAD_PARAM exception will be raised
if the named method is not supported.
acquisition_arguments - The argument of the desired acquisition method.
This CORBA any type is constructed according
to the particular acquisition method.
"SL3AQArgs""SL3CSI""SL3TLS""SL3TCPIP""SL3KRB5"OwnCredentials get_own_credentials(in CredentialsId credentials_id);This operation retrieves Own Credentials by identifier. It is not required that the identifier name a credentials on the default_credentials_list. The Curator keeps track of all OwnCredentials it creates, until they are explicitly released.
void release_own_credentials(in CredentialsId credentials_id);This operation releases credentials from the default_creds_list, if there, and also disables the credentials from further use, provided that all their pending work is done.