Interface CtsSecurity::CallerPrincipal

This represents an interface for retrieving additional information about the current authenticated session. This interface should be used when a customized authentication service component is also used or a JAAS login module is used that invokes SessionInfo.setName(alternateName).

There are 2 ways to implement this interface.

1. User can write an implementation of this interface and configure a server level caller principal service by setting the property com.sybase.jaguar.server.callerprincipalservice to the URL by which to access the component that implements this interface.
   There are 2 accepted forms for the URL.
   • The URL can be set to the JaguarPackage/JaguarComponent if the component is a Java CORBA, C++ CORBA, Stateless COM, or PowerBuilder NVO. The component must be installed in the server.

     For example, to set the callerprincipal service, set the server level property to com.sybase.jaguar.server.callerprincipalservice=Security/CallerPrincipalService assuming, Security is the name of the Jaguar package that containing a Jaguar component called CallerPrincipalService that implements this interface.

   • In addition, Java CORBA and C++ CORBA components may be accessed using the pseudo component object URL. The syntax for a Java pseudo component is: pseudo://java/JavaPackage/JaguarPackage/JaguarComponent. The syntax for a C++ pseudo component is: pseudo://cpp/SharedLibraryName/JaguarPackage/JaguarComponent. The caller principal service property can also be set to the pseudo component object URL. For example, the server level caller principal service can be set to pseudo://cpp/libAuthorize/Security/CallerPrincipalService where, libAuthorize is the name of the shared library that contains the C++ Security/RoleService component's implementation.

     Components implemented for pseudo component access, must be thread safe. Pseudo components cannot be refreshed. Hence, a server refresh, or refresh of the component using the EAServer Manager, will not have any effect on the refresh of the role service. You must restart the EAServer if there is a need to refresh the role service component. For more information on EAServer Pseudo components, please refer to your EAServer documentation.

   For performance, the caller principal service component may be implemented as a pseudo C++ CORBA component.

2. Otherwise, this interface may be implemented by setting the CtsSecurity::CallerPrincipal as an additional interface for the authentication component. If this scheme is adopted, it is not necessary to set the server level caller principal service property as described above.

At runtime, the server will first check for the server level caller principal service property. If this property is set, the authentication service is not consulted at all. However, if the server level caller principal service property is not set, then the server will default to checking if the authentication service (if any) has implemented this interface.

It is optional to implement this interface.

Operation Index

• getCallerPrincipal

Operations

• getCallerPrincipal

  Returns the original principal name given the alternate_name. An Authentication service can modify the username associated with an authenticated session by calling the setName method. The getCallerPrincipal method should perform the reverse mapping of setName.

      string getCallerPrincipal
      (
          in string alternate_name
      );
  

  This method is internally invoked by the server, when a bean calls EJBContext.getCallerPrincipal. If the authentication service does not implement this interface, then this method is not invoked, and the current username is returned.