This is the credentials object. This object has some problems right off in its semantic model and required a couple of modifications to be able to work properly within SecurityReplaceable. However, be warned, it has many other serious semantic problems pertaining to the whole security model and needs a good reworking. For the time being, they are still pretty close to the 1.3 version of the spec.
attribute Security::AssociationOptions accepting_options_required;
This attribute is for examination and modification of the assocation options that these credentials require. They cannot be set to something more than the accepting_options_supported. These options are the options that get stored in the "target_requires" part of the security component for the crendentials mechanism in the IOR. This attribute generally applies to the Own type credentials.
attribute Security::AssociationOptions accepting_options_supported;
This attribute is for examination and modification of the association options that these credentials support. A CORBA::BAD_PARAM exception will be raised should an attempt to set this attribute to a set of options below or above the credentials capabilities.
These options are the options that get stored in the "target_supports" part of the security component for the mechanism in the IOR. This attribute generally applies to the Own type credentials.
readonly attribute Security::AuthenticationStatus authentication_state;
This readonly attribute specifies the authentication state of the Credentials object. For Credentials that are created by the PrincipalAuthenticator this attribute tells whether the Credentials are partially initialized.
readonly attribute Security::CredentialsType credentials_type;
This attribute specifies the type of credentials. The possible values are Own or Received, depending on whether they were created with the Principal Authenticator or were received while servicing an invocation.
attribute Security::AssociationOptions invocation_options_required;
This attribute is for examination an modification of the association options that these credentials use to establish invocation security contexts with a remote target. A CORBA::BAD_PARAM exception will be raised if they are set to a value beyond the credential's capabilities.
attribute Security::AssociationOptions invocation_options_supported;
This attribute is for examination and modification of the invocation association options that these credentials support. A CORBA::BAD_PARAM exception will be raised should an attempt to set this attribute to a set of options below or above the credentials capabilities.
readonly attribute Security::MechanismType mechanism;
This attribute names the type that this credential currently supports. With the supplied Kerberos Vault in Orbasec this means that the value of mechanism is "Kerberos,11".
Credentials copy();
Copies the credentials. This operation is not meant to be directly called by the application, as the ORB should be using this call to do its own credentials management, being that Credentials objects are created from within SecurityReplaceable. (Well, at least now they are).
void destroy();
Destroys the credentials. This operation is not meant to be directly caled by the application, as the ORB shoud be using this call to do its own credentials management.
Note: If the appliciation wanted to "destroy" some credentails the proper terminology should invoke a revocation process, such as "revoke", or something along those lines.
Security::AttributeList get_attributes(in Security::AttributeTypeList attributes);
This operation retrieves an unordered set of SecAttributes that pertain to the particular mechanism and implementation of the Credentials. See the particular mechanism documentation for a specification of the values of security attributes.
boolean get_security_feature(in Security::CommunicationDirection direction, in Security::SecurityFeature feature);
Get a security feature. This method is used to get a on/off value for a particular security feature that this credentials object supports.
boolean is_valid(out Security::UtcT expiry_time);
This operation returns the validity of the credentials an output the expiry time of the credentials.
boolean refresh(in Security::Opaque refresh_data);
Refreshes the credentials. Note that this may or may not be a viable operation depending on the mechanism and type of credentials, Own or Received.
boolean set_attributes(in Security::AttributeList requested_privileges, out Security::AttributeList actual_privileges);
This operation sets the set of all attributes of this Credentials object. It must be a subset of all the attributes. If it is not, it raises a system exception. However, sometimes a mechanism may not allow you to eliminate some attributes. If this is the case, this operation will return false, and the actual_attributes parameter will return the list of all the attributes that are still exist.
boolean set_privileges(in boolean force_commit, in Security::AttributeList requested_privileges, out Security::AttributeList actual_privileges);
This method has been deprecated.
Generated by the ORBacus IDL-to-HTML translator (non-commercial)