File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Distributed Java and the fly likes RMI & Authentication: How do I access the transport layer from an exported object Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Distributed Java
Bookmark "RMI & Authentication: How do I access the transport layer from an exported object" Watch "RMI & Authentication: How do I access the transport layer from an exported object" New topic
Author

RMI & Authentication: How do I access the transport layer from an exported object

Thomas Wunder
Greenhorn

Joined: Sep 06, 2011
Posts: 1
I've written some socket implementation (i call it GSSSocket) which allows for using JGSS (method = Kerberos) to set up secure connections while looking pretty
much like a simple java.net.Socket. For those who don't already know -- JGSS is a Framework which can be e.g. used to securely
(data confidentiality, authentication, etc.) transfer data from one site to another (pretty much like a stream encoder/decoder).
On top of my GSSSocket I need to run RMI, i.e. I want RMI to use my GSSSocket as a transport. I've already accomplished that by
implementing RMIClientSocketFactory and RMIServerSocketFactory so that my GSSSocket is used instead of a plain java.net.Socket.

(J)GSS provides methods (e.g. GSSContext.getSrcName()) to each peer which can be used to retrieve authentication information like
usernames (or kerberos principal names) of the respectively other peer. I.e. for example the server can retrieve the username which
was used on the client machine to establish the connection. (My GSSSocket therefore got additional methods like 'GSSSocket.getInitiatorPrincipal()')

I've got to implement a server side authorization mechanism which bases on the client principal name and therefore I'm facing the following problem:
Let's assume that the server carries out a (remotely invoked) call to method 'getServiceProxy() : ServiceProxyIF'.
getServiceProxy() should return either null or an instance of ServiceProxyImpl (implements ServiceProxyIF) depending on whether the 'calling principal'
is authorized to obtain and use such a ServiceProxyImpl object.
I cannot retrieve that 'calling principal name' though, since for that I'd need a reference to the GSSSocket instance (e.g. for using 'getSrcName()') which was used to receive the
method invocation.

Is there a way to obtain a reference to the underlying socket within a remotely invoked method?


Thanks in advance!
Tom

PS: I'm searching the web for days now but I couldn't find anything related to this except for the 'UnicastRemoteObject.getClientHost()'
method which at least shows that there must exist some sort of (internal) call source mapping feature.
Karthik Shiraly
Ranch Hand

Joined: Apr 04, 2009
Posts: 503
    
    5
If authentication is successful in GSSSocket. store the principal as a ThreadLocal and retrieve it from your UnicastRemoteObject implementation.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: RMI & Authentication: How do I access the transport layer from an exported object