Security Guide : VisiSecure for C++ APIs

VisiSecure for C++ APIs
This section describes APIs that are defined in VisiSecure for C++. It is separated into subsections including:
All classes are under namespace vbsec unless otherwise specified.
Note
HTML documentation of the equivalent VisiSecure for Java API is included in your VisiBroker installation. It can be found at <install_dir>\doc\sec-api-doc.
General API
The general VisiSecure API describes the Current and Context APIs. It provides API information for Principals, Credentials, and Subjects. In addition, the class vbsec::Wallet API is discussed.
class vbsec::Current
The class current represents the view to the thread-specific security context. This object can be obtained through the following code:
CORBA::Object_var obj = orb->resolve_initial_references("VBSecurityCurrent");
Current* c = dynamic_cast(obj.in());
Include File
The vbsec.h file should be included when you use this class.
Methods
void asserting (const vbsec::Subject* caller)
Assert a subject as caller identity.
void clearAssertion ()
Clear an assertion made by any previous API call of asserting. The caller before the assertion is made will be restored as the caller for next invocation. This API shall be used in conjunction with asserting. Mismatching calls of these two methods may cause undesired caller identities or unexpected exceptions.
const vbsec::Subject* getPeerSubject ()
Accesses the peer subject.
Returns
The pointer to a Subject object representing the peer.
const vbsec::Subject* getCallerSubject ()
Accesses the caller subject.
Returns
The pointer to a Subject object representing the caller.
const vbsec::SSLSession* getPeerSession (CORBA::Object* peer)
Get the peer SSLSession. This call returns the SSLSession of the client peer for this request. This method cannot be called outside the context of a request.
Returns
The pointer to a SSLSession currently established.
Exceptions
BAD_OPERATION is thrown if this method is called outside the context of a request or when called in a request context where the request was received over a clear TCP connection.
class vbsec::Context
Context represents the security context under which a client will execute. This class can be obtained through the following code:
CORBA::Object_var obj = orb-resolve_initial_references("VBSecurityContext");
Context* c = dynamic_cast(obj.in());
Include File
The vbsec.h file should be included when you use this class.
Methods
void login()
Login into the system. This logs-in to the realms defined in the property vbroker.security.loginRealms. It traverses the list of realms specified and authenticates against each realm.
void login (vbsec::CallbackHandler& handler)
Use this to login to the system using the specified CallbackHandler to obtain the login information.
void login (const std::string& realm)
Login to the system for a specific realm.
void login (const std::string& realm, vbsec::CallbackHandler& handler)
Login to the system for a given realm, using a given callback handler for acquiring information.
void login (const vbsec::Wallet& wallet)
Login to the system with a wallet. Wallet can be created using WalletFactory API.
void login (const std::vector<const vbsec::Wallet*>& wallet)
Login to the system with a set of wallets specified as a vector.
const vbsec::Subject* getSubject (const std::string& realm)
Gets the Subject corresponding to a given realm.
Returns
A pointer to the Subject object representing the subject of the realm.
void loadVault (std::istream& stream, const CSI::UTF8String& vaultPass)
Loads a given vault. The identities in the vault are loaded into the system. No login required when this method is used.
void logout()
Log the user out from all the realms.
void logout (const std::string& realm)
Log the user out from a given realm.
void setCallbackHandler (vbsec::CallbackHandler* handler)
Set the default callback handler programmatically. This is similar to using the property vbroker.security.authentication.callbackHandler.
The CallbackHandler to be set.
void generateVault( std::ostream& stream, const CSI::UTF8String& password)
Generates a vault. The vault is written out to the stream that is passed in and encrypted using the password provided (also used to decrypt the vault). The password may be null. The vault contains all of the system's identities.
vbsec::Subject* authenticateUser (const vbsec::Wallet& wallet)
Authenticate the given wallet credential. The login will be performed using the wallet but the authenticated subject will not be used as one of the system identities.
vbsec::Subject* importIdentity (const vbsec::Wallet& wallet)
Import a subject using the given wallet credential. No login is required with this method. The subject will not be used as one of the system identities.
void setPRNGSeed (const CORBA::OctetSequence& seed)
Sets a seed for the pseudo-random generator used by the SSL layer.
ssl::CipherSuiteInfoList* listAvailableCipherSuites()
Get the list of cipher suites that are available for use with the SSL layer. Note that this is different from the getEnabledCipherSuites call in that not all the available cipher suites may be currently enabled.
Returns
List of cipher suites that are available but may not be enabled for use with the SSL layer.
void enableCipherSuites (const ssl::CipherSuiteInfoList& suites)
Sets the cipher suites that should be enabled for all SSL sessions.
An IDL-generated CipherSuiteInfoList type.
ssl::CipherSuiteInfoList* getEnabledCipherSuites()
Gets the set of cipher suites that are currently enabled for all SSL sessions.
Returns
Cipher suites that are currently enabled for all SSL sessions.
void setSSLContext (vbsec::VBSSLContext* ctx)
Sets the SSL context. This allows the establishing of an SSL session using the information defined in VBSSLContext. A VBSSLContext can be created using the SecureSocketProvider API.
The VBSSLContext that is to be used for any SSL session establishment.
VBSSLContext& getSSLContext()
Get the VBSSLContext that is set using the setSSLContext() or return a default VBSSLContext object.
Returns
The VBSSLContext that will be used for any SSLSession establishment.
class vbsec::Principal
Principal represents the identity of a user. This is a virtual class.
Include file
The vbsec.h file should be included when you use this class.
Methods
std::string getName() const
Returns
The name of the Principal.
std::string toString() const
Get the string representation of the Principal.
Returns
The string representation of the Principal.
class vbsec::Credential
Credential represents the information used to authenticate an identity, such as user name and password. This is a virtual class.
Include File
The vbsec.h file should be included when you use this class.
class vbsec::Subject
Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).
Include File
The vbsec.h file should be included when you use this class.
Methods
Principal::set& getPrincipals()
Gets the principals in the subject.
Returns
The set of the principals in the subject. Modifying the content of the set will have no effect on the subject.
void clearPrincipals()
Clears the principals from the subject. All principals in the subject are removed.
Credential::set& getPublicCredentials()
Get the public credentials in the subject—public keys for example.
Returns
The set of the public credential in the subject. Modifying the content of the set will have no effect on the subject.
void clearPublicCredentials()
Clear the public credentials in the subject. All public credentials in the subject will be destroyed and removed.
Credential::set& getPrivateCredentials()
Get the private credentials in the subject—private keys for example.
Returns
The set of the private credential in the subject. Modifying the content of the set will have no effect on the subject.
void clearPrivateCredentials()
Clear the private credentials in the subject. All private credentials in the subject will be destroyed and removed.
Principal::set getPrincipals (const type_info& info) const
Gets a set of principals in the subject which have the same runtime type information as provided.
Returns
A set of the principals in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.
Credential::set getPublicCredentials (const type_info& info) const
Get set of public credentials in the subject which have the same runtime type information as provided.
Returns
A set of the public credentials in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.
Credential::set getPrivateCredentials (const type_info& info) const
Get set of private credentials in the subject which have the same runtime type information as provided.
Returns
A set of the private credentials in the subject which have the same runtime information as the given one. Modifying the content of the set will have no effect on the subject.
class vbsec::Wallet
A Wallet is a holder of credentials usually used in login API calls. A Wallet can be created using WalletFactory APIs and contain multiple types of credentials.
Include File
The vbsec.h file should be included when you use this class.
Methods
std::string getTarget () const
Get the target to which the wallet authenticates.
Returns
The string representation of the target information.
void populateSubject (Subject& subject)
Populate the given subject with necessary credentials or other information for authentication.
class vbsec::WalletFactory
WalletFactory is a factory class to create multiple types of wallets.
Include File
The vbsec.h file should be included when you use this class.
Methods
Wallet* createCertificateWallet (const std::string& name, const std::string& password, const std::string& alias, const std::string& keypassword, short usage)
Create a certificate wallet using a C++ keystore. The C++ keystore is similar to the Java keystore but is implemented using a directory structure. When logging in with a wallet created by this API, the certificate chain will be used in the SSL layer.
The password for the keystore, not used for this release.
Returns
Certificate wallet that contains the given information.
Wallet* createCertificateWallet (const CORBAsec::X509CertList& chain, const CORBAsec::ASN1Object& privkey, const CSI::UTF8String& password)
Create a certificate wallet using a certificate chain, private key and password.
Returns
Certificate wallet that contains the given information.
Wallet* createIdentityWallet (const std::string& username, const std::string& password, const std::string& realm)
Create an identity wallet using a username, password and realm to which the wallet authenticates.
Returns
Identity wallet that contains the given information.
Wallet* createIdentityWallet (const std::string& username, const std::string& password, const std::string& realm, const std::vector<std::string>& groups)
Create an identity wallet using a username, password, realm to which the wallet authenticates, and a set of group attributes.
Returns
Identity wallet that contains the given information.
SSL API
This section explains the various SSL APIs that interact with VisiSecure's SSL implementation.
class vbsec::SSLSession
SSLSession represents the session of the current SSL connection. The SSLSession can be obtained from vbsec::Context using getPeerSession().
Include File
The vbssp.h file should be included when you use this class.
Methods
time_t getEstablishmentTime() const
Get the time when the SSL connection was established.
Returns
The time when the SSL connection was established.
const ssl::CipherSuiteInfo& getNegotiatedCipher() const
This method returns the negotiated cipher from the peer for a given SSL connection.
Returns
The negotiated cipher from the peer for a given SSL connection.
const CORBAsec::X509CertList& getPeerCertificates() const
Get the certificate chain of the peer.
Returns
Peer certificate chain.
const CORBAsec::X509Cert* getTrustpoint() const
Get the trust point by which the peer is trusted. Null will be returned if peer does not have certificates or its certificates are not trusted.
Returns
The trust point by which the peer is trusted, or null if not.
char* getPeerAddress() const
Get the IP address of the peer.
Returns
Peer IP address in a string with the following format: xxx.xx.xx.xx.
CORBA::UShort getPeerPort() const
Returns the peer port number used by this connection.
Returns
The port number of the peer on the connection.
void prettyPrint (std::ostream& os) const
Print the SSLSession information into the given output stream.
class vbsec::VBSSLContext
VBSSLContext contains information needed to establish an SSLSession. This object is created using SecureSocketProvider::createSSLContext().
Include File
The vbssp.h file should be included when you use this class.
Methods
const CORBAsec::X509CertList& getCertificates() const
Get the certificate chain representing the identity to be used for the SSL layer.
Returns
The certificate chain representing the identity to be used for the SSL layer.
void setCipherSuiteList (const ssl::CipherSuiteInfoList& list)
This method is used to specify the ciphers available for the SSL connections.
const ssl::CipherSuiteInfoList& getCipherSuiteList() const
Return the ciphers that are currently used by the SSL layer.
Returns
The ciphers that are currently used by the SSL layer.
void addTrustedCertificate
(const CORBAsec::X509Cert& trusted,const CORBAsec::ASN1Object* crl = NULL)
Programmatically add a trusted certificate into the SSL context.
CORBAsec::X509CertList* getTrustedCertificates() const
Get list of certificates that are trusted.
Returns
List of certificates that are trusted.
class ssl::CipherSuiteInfo
CipherSuiteInfo is a structure containing two fields:
This IDL structure contains two fields which describe ciphers according to the SSL specification. The list of SuiteID values and their names is in the include file, ssl_c.h.
Include File
The ssl_c.hh file should be included when you use this class.
class CipherSuiteName
This class provides information about the ciphers used in the Security Service.
Include File
The csstring.h file should be included when you use this class.
Methods
static const char* toString (int tag)
Return a standard representation of a supported SSL cipher.
Returns
A stringified description of the cipher.
static const int fromString (char* description)
Give the tag associated to the given cipher description.
Returns
The tag associated with the cipher name provided as the argument.
class vbsec::SecureSocketProvider
A SecureSocketProvider is the provider for secure socket connections. It provides the function of creating the SSL context, handling SSL certificates, and managing other secure socket-related information.
Include File
The vbssp.h file should be included when you use this class.
Methods
vbsec::VBSSLContext* createSSLContext (const CORBAsec::X509CertList& chain, const CORBAsec::ASN1Object& privkey,
const CSI::UTF8String& password)
This method creates an SSL context using the given information. The SSL context can then be passed into vbsec::Context and used to establish an SSL connection.
Returns
VBSSLcontext containing the given information.
void setPRNGSeed (const ssl::Current::PRNGSeed& seed)
Sets a seed for the pseudo-random number generator used by the SSL layer.
const ssl::CipherSuiteInfoList& listAvailableCipherSuites() const
Gets the list of cipher suites that are available for use with the SSL layer. Note that this is different from the getEnabledCipherSuites call in that not all the available cipher suites may be currently enabled.
Returns
List of cipher suites that are available but may not be enabled for use with the SSL layer.
const CertificateFactory& getCertificateFactory() const
Gets a certificate Factory.
Returns
A CertificateFactory object.
class ssl::Current
The ssl::Current lets your client application or server object set its private key and offer its certificate information to its peer. This interface also lets you configure the SSL connection and associate your certificates and private key with an SSL connection.
Be aware that private keys and certificates contain header and trailer lines, which mark the beginning and end of the key or certificate. All of the methods offered by this interface for setting private keys and certificate chains require that these header and trailer lines be present. The parsing rules for these lines is:
-----BEGIN CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
This object can be obtained through the following code:
CORBA::Object_var obj = orb->resolve_initial_references("SSLCurrent");
ssl::Current_var current = ssl::Current::_narrow(obj);
Include File
The ssl_c.hh file should be included when you use this class.
Methods
CORBA::ULong getNegotiatedCipher(CORBA::Object_ptr peer)
This method returns the negotiated cipher from the peer for a given SSL connection.
Returns
A value (tag) representing the cipher used. (Use CipherSuiteName::toString to get a String representation.)
Exceptions
CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.
CORBAsec::X509CertList_ptr getPeerCertificateChain(CORBA::Object_ptr peer)
This method obtains the peer's certificate chain. It is usually invoked by a client application to obtain information from a server, but a server can optionally request information from a client.
Returns
A value representing the cipher used. (Use CipherSuiteName::toString to get a String representation.)
Exceptions
CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.
char* getPeerAddress(CORBA::Object_ptr peer)
Returns a description of the socket parameters used by this connection.
Returns
Peer IP address in a string with the following format: xxx.xx.xx.xx
Exceptions
CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.
CORBA::Boolean isPeerTrusted(CORBA::Object_ptr peer)
Tests if the certificate chain of the peer is trusted—that is, if one certificate of the chain is in the trustpoint.
Returns
true if the chain is trusted, false otherwise.
Exceptions
CORBA::BAD_OPERATION if the object is null or the connection is not using SSL.
trust::Trustpoints_ptr Trustpoints getTrustpointsObject()
Returns a reference to the trustpoint repository. Use this API to access trustpoints object and set trustpoints.
Returns
A reference to the trustpoint repository, which should be assigned to a _var.
void setPRNGSeed (const ssl::Current::PRNGseed& seed)
Sets a seed for the pseudo-random number generator used by the SSL layer.
The OctetSequenceseed for the PRNG.
void setPKprincipal (const CORBAsec::ASN1ObjectList chain,&const CORBAsec::ASN1Object& privkey,&const char* password);
This method is used in the client or the server to set the certificate chain and private key that must be used for the SSL connections. This is required for servers and optional for clients. Also look at the peerAuthenticationMode property documented in , “Security Properties for C++.”
Exceptions
CORBA::BAD_PARAM if the user name or password is null.
void setCipherSuiteList (const ssl::CipherSuiteInfoList& list)
This method is used in the client or the server to specify the ciphers available for the SSL connections.
ssl::CipherSuiteInfoList* listAvailableCipherSuites()
Returns a list of cipher suites available in VisiSecure. You are responsible for freeing memory.
Returns
A list of cipher suites.
ssl::CipherSuiteInfoList* getCipherSuiteList()
Returns the ciphers that are currently used by the SSL layer.
Returns
A list of cipher suites.
void setP12Identity (const CORBASEC::ASNIOBJECT& pks12cert, const char* password)
Certificate API
This API contains classes and methods for working with certificates.
class vbsec::CertificateFactory
This is a utility class for handling of certificates and keys.
Include File
The vbssp.h file should be included when you use this class.
Methods
CORBAsec::X509CertList* importCertificateChain (const CORBAsec::ASN1ObjectList& certs) const
Import the certification chain in the form of CORBAsec::ASN1ObjectList into CORBAsec::X509CertList, which could be used in VBSSLContext.
ASN1ObjectList representation of the certificate chain.
Returns
CORBAsec::X509CertList representation of the certificate chain for CORBA transportation.
CORBAsec::X509CertList* importCertificates (const CORBAsec::ASN1ObjectList& certs) const
Import the certification list in the form of CORBAsec::ASN1ObjectList into CORBAsec::X509CertList. Certificates need not be related to each other. The original order is preserved after importing.
ASN1ObjectList representation of certificate list
Returns
CORBAsec::X509CertList representation of the certificate list.
CORBAsec::ASN1Object* importPrivateKey (const CORBAsec::ASN1Object& key) const
Convert the private key from BASE64 or PEM format to DER format.
ASN1ObjectList representation of private key object.
Returns
DER format of the private key.
CORBAsec::X509CertList* importCertificateChain (const CORBAsec::ASN1Object& pkcs12bytes, const CSI::UTF8String& password) const
Imports a certificate chain from pkcs12 binary.
ASN1ObjectList representation of pkcs12 binary.
Returns
CORBAsec::X509CertList representation of the certificate chain.
CORBAsec::ASN1Object* importPrivateKey (const CORBAsec::ASN1Object& pkcs12bytes, const CSI::UTF8String& password) const
Import private key from pkcs12 binary.
ASN1ObjectList representation of pkcs12 binary.
Returns
CORBAsec::ASN1Object representation of the private key object.
const CertificateFactory& printCertificate (const CORBAsec::X509Cert& certificate, std::ostream& stream) const
Print out the certification information into an output stream.
Returns
The CertificateFactory.
bool passwordForPrivatekey (const CSI::UTF8String& password, const CORBAsec::ASN1Object& privkey) const
Test if the given password can decrypt the given private key object.
Returns
true if decryption is successful, false if not.
class CORBAsec::X509Cert
This class represents an X509 certificate. When a client application binds to a CORBA object, the client uses this interface to obtain the server’s certificate information. The server can use this interface to obtain the client’s certification information, if the client has a certificate.
Include File
The X509Cert_c.hh file should be included when you use this class.
Methods
char* getSubjectDN()
Returns the subject DN contained in the certificate.
Returns
The subject name is returned in the following format:
CN=<value>, OU=<value>, O=<value>, L=<value>, S=<value>, C=<value>
char* getIssuerDN()
Returns the issuer DN contained in the certificate.
Returns
The subject name is returned in the following format:
CN=<value>, OU=<value>, O=<value>, L=<value>, S=<value>, C=<value>
CORBA::OctetSequence * getSignatureAlgorithm()
Returns the signature algorithm used in the certificate.
Returns
The signature algorithm used in the certificate.
CORBA::OctetSequence * getHash(CORBASEC::HashAlgorithm algorithm)
Returns a hash of the certificate.
The hash algorithm. The possible values are: CORBASec::MD5, CORBASec::MD2 and CORBASec::SHA1
Returns
A hash of the certificate using the specified algorithm.
CORBAsec::ASN1Object_ptr getDER()
Returns the DER encoded form of this certificate.
Returns
The ASN.1 DER encoded form of this certificate (assign to a _var).
CORBAsec::SerialNumberValue_ptr getSerialNumber()
Retrieves the serial number of the certificate.
Returns
The serial number of the certificate.
CORBAsec::X509CertExtensionList_ptr getExtensions()
Returns all the extensions available in this certificate as a list of X509CertExtension.
Returns
Returns all the extensions available in this certificate as a list of X509CertExtension. Or, if this certificate has no extensions, the method returns an array of length null. The extensions are not parsed.
CORBA::Boolean isValid (CORBA::ULong_out date)
Checks if a certificate date is between the valid start and end dates.
Returns
true if the certificate is valid, false otherwise.
CORBA::ULong startDate()
Gets the date from which a certificate’s validity starts.
Returns
Returns an int representing the number of seconds from midnight, January 1st, 1970.
CORBA::ULong endDate()
Gets the expiration date of the certificate.
Returns
Returns an int representing the number of seconds from midnight, January 1st, 1970.
CORBA::Boolean equals (CORBAsec::X509Cert_ptr other)
Compares two CORBAsec::X509Cert certificates.
Returns
Returns true (1UL) if the two certificates are identical; otherwise, returns false (0UL).
CORBA::Boolean isTrustpoint()
Checks if this certificate is a trustpoint—that is, if it is a trusted certificate
Returns
If the certificate is a trustpoint, returns true.
class CORBAsec::X509CertExtension
This class is an IDL structure that represents an X509 certificate extension, as follows:
struct X509CertExtension {
long seq;
sequence<long> oid;
boolean critical;
sequence<octet> value;
};
Include File
The X509Cert_c.hh file should be included when you use this class.
QoP API
The following section details the Quality of Protection API provided with VisiSecure.
class vbsec::ServerConfigImpl
ServerConfigImpl is the implementation of the csiv2::ServerQoPConfig, which is an IDL structure as follows:
ServerConfigImpl (
CORBA::Boolean disable,
CORBA::Short transport,
CORBA::Boolean trustInClient,
csiv2::AccessPolicyManager* access_manager,
const CORBA::StringSequence& realms = _available,
CORBA::Short requiredIdentityType = csiv2::ServerQoPConfig::UP_OR_PK,
CORBA::Boolean supportIdentityAssertion = static_cast<CORBA::Boolean>(1)
);
csiv2::CLEAR_ONLY: no secure transport is necessary
csiv2::SECURE_ONLY: only secure connections are permitted
csiv2::ALL: any method of transport is allowed
An access manager for the QoP implementation, an implementation of csiv2::AccessPolicyManager defined by the user. If null, it uses a default value.
The required identity for the QoP policy implementation. The default value is csiv2::ServerQoPConfig::UP_OR_PK. Possible values are: csiv2:ServerQoPConfig::NO_ID, csiv2::ServerQoPConfig::UP, csiv2::ServerQoPConfig::PK, csiv2::ServerQoPConfig::UP_OR_PK and csiv2::ServerQoPConfig::UP_AND_PK
To define the ServerQoPPolicy, you create this object which defines the various characteristics of the policy.
Include File
The CSIV2Policies.h file should be included when you use this class.
class ServerQoPPolicyImpl
ServerQoPPolicyImpl is the implementation of the csiv2::ServerQoPPolicy. The ServerQoPPolicyImpl object impacts the QoP behavior of the server.
Include File
The CSIV2Policies.h file should be included when you use this class.
Methods
ServerQoPPolicyImpl (const csiv2::ServerQoPConfig_var& conf);
Constructor of the ServerQoPPolicyImpl object.
ServerQoPConfig object which contains the designed QoP configuration.
virtual csiv2::ServerQoPConfig_ptr config();
Get the ServerQoPConfigImpl object from the ServerQoPPolicyImpl.
Returns
The ServerQoPConfigImpl object from the ServerQoPPolicyImpl.
class vbsec::ClientConfigImpl
ClientConfigImpl is the implementation of the csiv2::ClientQoPConfig. To define the ClientQoPPolicy, you create this object which defines the various characteristics of the policy.
Include File
The CSIV2Policies.h file should be included when you use this class
Methods
ClientConfigImpl (const CORBA::Short transport, const CORBA::Boolean trustInTarget)
Constructor of ClientConfigImpl object.
csiv2::CLEAR_ONLY: no secure transport is necessary
csiv2::SECURE_ONLY: only secure connections are permitted
csiv2::ALL: any method of transport is allowed
class vbsec::ClientQoPPolicyImpl
ClientQoPPolicyImpl is the implementation of the csiv2::ClientQoPPolicy. The ClientQoPPolicyImpl object impacts the QoP behavior of the server.
Include File
The CSIV2Policies.h file should be included when you use this class.
Methods
ClientQoPPolicyImpl( const csiv2::ClientQoPConfig_var& conf);
Constructor for ClientQoPPolicyImpl object.
ClientConfigImpl object to be used for the policy.
virtual csiv2::ClientQoPConfig_ptr config();
Returns the ClientConfigImpl object of this ClientQopPolicyImpl.
Returns
The ClientConfigImpl object of this ClientQopPolicyImpl.
Authorization API
The following section describes the classes and methods used for authorization in VisiSecure.
class csiv2::AccessPolicyManager
AccessPolicyManager is used to define your Access Policy for authorization of a client's method calls.
Include File
The CSIV2Policies.h file should be included when you use this class.
Methods
char* domain()
Returns the authorization domain name for the AccessPolicyManager.
Returns
The authorization domain name for the object that uses this AccessPolicyManager.
csiv2::ObjectAccessPolicy* getAccessPolicy (PortableServer_ServantBase* servant, const PortableServer::ObjectId& id, const CORBA::OctetSequence& adapter_id)
Returns the objectAccessPolicy for the servant with the objectId (id) and poa id.
Returns
ObjectAccessPolicy of the servant object.
class csiv2::ObjectAccessPolicy
This class represents the access policy from AccessPolicyManager.
Include File
The CSIV2Policies.h file should be included when you use this class.
Methods
CORBA::StringSequence* getRequiredRoles (const char* method)
Returned the list of required roles to access the method.
Returns
A list of required roles to access the method.
char* getRunAsRole (const char* method)
Return the run-as role for the method. This method is not used in this release.
Returns
The run-as role configured to access the method.