diff options
Diffstat (limited to 'trunk/TAO/orbsvcs/examples/Security/SecurityLevel1/SLevel1_Test_i.cpp')
-rw-r--r-- | trunk/TAO/orbsvcs/examples/Security/SecurityLevel1/SLevel1_Test_i.cpp | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/trunk/TAO/orbsvcs/examples/Security/SecurityLevel1/SLevel1_Test_i.cpp b/trunk/TAO/orbsvcs/examples/Security/SecurityLevel1/SLevel1_Test_i.cpp new file mode 100644 index 00000000000..2153014c111 --- /dev/null +++ b/trunk/TAO/orbsvcs/examples/Security/SecurityLevel1/SLevel1_Test_i.cpp @@ -0,0 +1,122 @@ +// $Id$ + +#include "SLevel1_Test_i.h" + +#if !defined(__ACE_INLINE__) +#include "test_i.i" +#endif /* __ACE_INLINE__ */ + +ACE_RCSID (SecurityLevel1, + SLevel1_Test_i, + "$Id$") + +static int authorize_1 = 1; +static int authorize_2 = 1; + +CORBA::Boolean +SLevel1_Server_i::authorize_level1 (ACE_ENV_SINGLE_ARG_DECL) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + + /// Get a reference to the SecurityCurrent object. + CORBA::Object_var obj = + orb->resolve_initial_references ("SecurityCurrent" ACE_ENV_ARG_PARAMETER); + ACE_CHECK_RETURN (0); + + /// Narrow it down correctly. + SecurityLevel1::Current_var current = + SecurityLevel1::Current::_narrow (obj.in ()); + + /// Check for nil reference. + if (CORBA::is_nil (current.in ())) + ACE_ERROR_RETURN ((LM_ERROR, + " (%P|%t) Unable to initialize the SecurityCurrent object\n"), + 1); + + Security::AttributeType desired_attribute_1; + + /// @@ Need to check more abt this variable + desired_attribute.attribute_family.family_definer = 0; + + /// Implies Privilege Attributes + desired_attribute.attribute_family.family = 1; + + /// AccessId: the identity of the principal used for access + /// control + desired_attribute.attibute_type = 2; + + // Second desired attribute + Security::AttributeType desired_attribute_2; + + /// @@ Need to check more abt this variable + desired_attribute.attribute_family.family_definer = 0; + + /// Implies Privilege Attributes. + desired_attribute.attribute_family.family = 1; + + /// Primary Group ID. + /// @@ I am not sure if Ossama will have all these attribute types + /// If it is not the same, one might have to change the comments + /// to show the attribute_type that is checked and change the + /// number accordingly. + desired_attribute.attibute_type = 3; + + /// Define the AttributeTypeList + Security::AttributeTypeList attribute_type_list; + attribute_type_list.length (2); + attribute_type_list[0] = &desired_attribute_1; + attribute_type_list[1] = &desired_attribute_2; + + /// Get the desired security attributes + Security::AttributeList_var attribute_list = + current->get_attributes (attribute_type_list); + + /* @@ What did we do till now ?? + * We set attribute_type_list so that we get the values of + * the variables we are interested in. Depending on how Ossama + * implements, the valid values of family_definer, family and the + * attribute type and its values all change .. but the process is + * similar. + * The type which is returned from the get_attribute method is a + * sequence of the AttributeList struct. This struct has three + * members: the attribute type, the defining_authority and the + * value of the attribute type. + * + * @@ What should we do now ?? + * Compare the returned values with the values we, as in the + * server, decided and check if they are the same. + + * Once we retrieve this sequence, we can invoke a method which + * has a generic list of attribute_types and corresponding values + * which are valid to authorize access to the requested + * invocation. Or complete this stuff with a single if condition + * make things easier. + * + */ + + if ((attribute_type == 1) && (attribute_value == 10)) + { + // Lets say, this is the valid case. + authorize_1 = 0; + } + + /// If the owner of this invocation is authorized to invoke this + /// method, return 0 else return 1. + if (authorize_1 == 0) + return 0; + else + return 1; +} + + +CORBA::Boolean +SLevel1_Server_i::authorize_level2 (ACE_ENV_SINGLE_ARG_DECL_NOT_USED) + ACE_THROW_SPEC ((CORBA::SystemException)) +{ + /// If the owner of this invocation is authorized to invoke this + /// method, return 0 else return 1. + if (authorize_2 == 0) + return 0; + else + return 1; +} |