• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

RMI & Authentication: How do I access the transport layer from an exported object

 
Thomas Wunder
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've written some socket implementation (i call it GSSSocket) which allows for using JGSS (method = Kerberos) to set up secure connections while looking pretty
much like a simple java.net.Socket. For those who don't already know -- JGSS is a Framework which can be e.g. used to securely
(data confidentiality, authentication, etc.) transfer data from one site to another (pretty much like a stream encoder/decoder).
On top of my GSSSocket I need to run RMI, i.e. I want RMI to use my GSSSocket as a transport. I've already accomplished that by
implementing RMIClientSocketFactory and RMIServerSocketFactory so that my GSSSocket is used instead of a plain java.net.Socket.

(J)GSS provides methods (e.g. GSSContext.getSrcName()) to each peer which can be used to retrieve authentication information like
usernames (or kerberos principal names) of the respectively other peer. I.e. for example the server can retrieve the username which
was used on the client machine to establish the connection. (My GSSSocket therefore got additional methods like 'GSSSocket.getInitiatorPrincipal()')

I've got to implement a server side authorization mechanism which bases on the client principal name and therefore I'm facing the following problem:
Let's assume that the server carries out a (remotely invoked) call to method 'getServiceProxy() : ServiceProxyIF'.
getServiceProxy() should return either null or an instance of ServiceProxyImpl (implements ServiceProxyIF) depending on whether the 'calling principal'
is authorized to obtain and use such a ServiceProxyImpl object.
I cannot retrieve that 'calling principal name' though, since for that I'd need a reference to the GSSSocket instance (e.g. for using 'getSrcName()') which was used to receive the
method invocation.

Is there a way to obtain a reference to the underlying socket within a remotely invoked method?


Thanks in advance!
Tom

PS: I'm searching the web for days now but I couldn't find anything related to this except for the 'UnicastRemoteObject.getClientHost()'
method which at least shows that there must exist some sort of (internal) call source mapping feature.
 
Karthik Shiraly
Bartender
Pie
Posts: 1055
24
Android C++ Java Linux PHP Python
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If authentication is successful in GSSSocket. store the principal as a ThreadLocal and retrieve it from your UnicastRemoteObject implementation.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic