Win a copy of TDD for a Shopping Website LiveProject this week in the Testing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

RMI & Authentication: How do I access the transport layer from an exported object

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've written some socket implementation (i call it GSSSocket) which allows for using JGSS (method = Kerberos) to set up secure connections while looking pretty
much like a simple java.net.Socket. For those who don't already know -- JGSS is a Framework which can be e.g. used to securely
(data confidentiality, authentication, etc.) transfer data from one site to another (pretty much like a stream encoder/decoder).
On top of my GSSSocket I need to run RMI, i.e. I want RMI to use my GSSSocket as a transport. I've already accomplished that by
implementing RMIClientSocketFactory and RMIServerSocketFactory so that my GSSSocket is used instead of a plain java.net.Socket.

(J)GSS provides methods (e.g. GSSContext.getSrcName()) to each peer which can be used to retrieve authentication information like
usernames (or kerberos principal names) of the respectively other peer. I.e. for example the server can retrieve the username which
was used on the client machine to establish the connection. (My GSSSocket therefore got additional methods like 'GSSSocket.getInitiatorPrincipal()')

I've got to implement a server side authorization mechanism which bases on the client principal name and therefore I'm facing the following problem:
Let's assume that the server carries out a (remotely invoked) call to method 'getServiceProxy() : ServiceProxyIF'.
getServiceProxy() should return either null or an instance of ServiceProxyImpl (implements ServiceProxyIF) depending on whether the 'calling principal'
is authorized to obtain and use such a ServiceProxyImpl object.
I cannot retrieve that 'calling principal name' though, since for that I'd need a reference to the GSSSocket instance (e.g. for using 'getSrcName()') which was used to receive the
method invocation.

Is there a way to obtain a reference to the underlying socket within a remotely invoked method?


Thanks in advance!
Tom

PS: I'm searching the web for days now but I couldn't find anything related to this except for the 'UnicastRemoteObject.getClientHost()'
method which at least shows that there must exist some sort of (internal) call source mapping feature.
 
Bartender
Posts: 1210
25
Android Python PHP C++ Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If authentication is successful in GSSSocket. store the principal as a ThreadLocal and retrieve it from your UnicastRemoteObject implementation.
 
Getting married means "We're in love, so let's tell the police!" - and invite this tiny ad to the wedding:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic