Rick McGuire wrote:
Well, Yoko will need to some hooks/plugins/callbacks that will allow the
OpenEJB code to interact with the ORB transport-level security. The
touch points that are used in the other ORB implementations are:
Server-connections:
1. Mechanism to configure the ORB listening socket to use a secure
connection.
2. A socket-factory like mechanism that will allow Geronimo to use
its own mechanisms for creating and configuring the ServerSocket.
3. An callback or interceptor that allows the OpenEJB security
manager to maintain mappings of requests to the SSLSessions used
to service the requests (if a secure transport is being used).
Client Connections:
1. Mechanism to allow Geronimo to make the decision what type of
connection is used for a given IOR (access to the target IOR is
required).
2. A socket-factory like mechanism to allow Geronimo to create and
configure the socket as needed.
For 3, each POA apparently has an org.apache.yoko.orb.OCI.Current, which
apparently can be used to get the currently used transport by looking it
up in a HashMap with threads as keys. I haven't noticed any way this
object is exposed to clients, but every POA has a reference to it.
Perhaps we could add a getCurrentTransport method somewhere appropriate.
If we do that an interceptor could be used to maintain the mapping, just
like its done with the sunorb.
I think we are going to have to write a custom OCI plugin to handle the
rest. Otherwise we would have to modify the existing IIOP plugin
significantly, which I think would become a mess.
Best regards,
Anders
