Borland VisiBroker® 7.0 - Borland Technical Publications
Borland VisiBroker® 7.0 - Borland Technical Publications
Borland VisiBroker® 7.0 - Borland Technical Publications
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Steps to secure clients and serversKeeping these constraints in mind, <strong>Borland</strong> VisiBroker supports the following usagemodels, any of which could be used to provide an identity to the server or client:■“Username/password authentication, using LoginModules, for known realms” onpage 72■“Username/password authentication, using APIs” on page 72■“Certificate-based authentication, using KeyStores through property settings” onpage 72■“Certificate-based authentication, using KeyStores through APIs” on page 72■“Certificate-based authentication, using APIs” on page 73■“pkcs12-based authentication, using KeyStores” on page 73■“pkcs12-based authentication, using APIs” on page 73Username/password authentication, using LoginModules, for knownrealmsIf the realm to which the client wishes to authenticate is known, the client-sideconfiguration would take the following form:vbroker.security.login=truevbroker.security.login.realms=Username/password authentication, using APIsThe following code sample demonstrates the use of the login APIs. This case uses awallet. For a full description of the four login modes supported, see Chapter 11,“VisiSecure for C++ APIs” and Chapter 12, “Security SPI for C++.”int main(int argc, char* const* argv) {// initialize the ORBCORBA::ORB_var orb = CORBA::ORB_init(argc, argv);CORBA::Object_var obj = orb->resolve_initial_references("VBSecurityContext");Context* c = dynamic_cast (obj.in());// Obtain a walletFactoryCORBA::Object_var o = orb->resolve_initial_references("VBWalletFactory");vbsec::WalletFactory* wf = dynamic_cast(o.in());vbsec::Wallet* wallet = wf->createIdentityWallet( , ,);c->login(*wallet);}Certificate-based authentication, using KeyStores through propertysettingsBy setting the property vbroker.security.login.realms=Certificate#ALL, the client willbe prompted for keystore location and access information. For valid values, see“Certificate mechanism” on page 38.Certificate-based authentication, using KeyStores through APIsYou can use the same APIs discussed in ““Username/password authentication, usingAPIs” on page 72” to login using certificates through KeyStores. The realm name in theIdentityWallet should be CERTIFICATE#ALL, the username corresponds to an alias name inthe default KeyStore that refers to a Key entry, and the password refers to the PrivateKey password (also the KeyStore password) corresponding to the same Key entry.72 VisiBroker Security Guide