hello, I'm using sun's ORB for a 3tier app. I need to implement some type of session management so only authorized clients can connect. I know there's a security service spec to corba, and some vendors support it, but not in the orb that comes in j2se standard. So here was my idea: Put a "Login" object in the naming service. This object is like a servant factory any client can access it and if the authentication info checks out, a new SessionServant is instantiated and connected to the ORB, but NOT exposed through the naming service. I convert the new session servant object reference to a string and pass it back to the client. So now only the client knows what this string is (assume a secure connection end to end). How easy is it to guess this string that you get from object_to_string? Can it be used like a "key" in a way? I know this is quirky, but I can't really think of a easier way to implement this using J2SE and its ORB and nothing else. My other idea was to pass a key back with every method invocation but that's insane :P. Any thoughts? thx jr
Peter Tran
Bartender
Joined: Jan 02, 2001
Posts: 783
posted
0
"jerere" The Java Ranch has thousands of visitors every week, many with surprisingly similar names. To avoid confusion we have a naming convention, described at http://www.javaranch.com/name.jsp . We require names to have at least two words, separated by a space, and strongly recommend that you use your full real name. Please log in with a new name which meets the requirements. Regards, -Peter
0
