[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jacorb-developer
Subject:    Re: [jacorb-developer] sas issue in jacorb after relogon to
From:       "Ling Yun" <drlingyun () 163 ! com>
Date:       2005-02-28 15:19:29
[Download RAW message or body]



I have studied the SASClientInterceptor/SASTargetInterceptor working mechanism. I \
found the ClientRequestInterceptor have no way to clear the cached service context \
after the service context have changed by re-login. 

According on the CSI context management protocols, the service context will be cached \
to the connection both in client and server sides after establish the context message \
in the first time to call the orb reference. After this, all call to the orb \
reference will use the MTMessageInContext type context message that do not include \
real service context but client context id. 

In server side, during the first time to call the service reference, the sas context \
has been verified and cached to connection when receive MTEstablishContext type \
context message. After this, the cached context will be used.

when the server down and restart, the cached context in the server connection is \
clean, but client side connection still cache the context even if client login again \
and get another Principal with JAAS.

Now, I modify the SASClientInterceptor source code. when it handle the NO_PERMISSION \
exception replied from server, and the reply service context is null, the request \
service context will be checked for the client context id, if the id >0 \
purgeSASContext from the connection. so after one time NO_PERMISSION, the client \
application always connect to the service application again without restart.

But I believe that this is not the real solution to this problem, because there is \
still one NO_PERMISSION exception. And the most important is that if the client \
re-login only to change the login user and both the server and client do not \
shutdown, the server will not recognize the new user and view him as the old user.

So the SASClientInterceptor need an method to clear the cached service context for \
one or all client context id to re-establish the service context with the server side \
when the client user need, such as login again without restart.

how do i clear the cached service context in the client connection before reference \
is called?  or is there any solution else?

Any reply is welcome! 

> 
> I have three services, one is the authentication service, the others are \
> application services. 
> The application service logon to the authentication service as soon as it start. If \
> it lost the connection with the authentication service, such as the authentication \
> service down, the application service will try to reconnect to the authentication \
> service until logon again when the authentication service restart. 
> The authentication service provide the sas context to the application service after \
> verify the logon certificate (user name and \
> password)(ISASContext.createClientContext), then the context is sent to the third \
> service (that provide the secure ORB servant). the third service verify the context \
> validity to the authentication service(ISASContext.validateContext). 
> I found that the above action seems only be done only one time for a secure orb \
> object. it's right for normal case. But once the application service lost \
> connection and re-logon to authentication service, the context is changed, the new \
> context is not sent to the third service when the application call the method of \
> object servant in the third service because neither createClientContext nor \
> validateContext have not been called again even if the application service resolve \
> the servant object again from Name service after re-logon.  As result the call will \
> get NO_PERMISSION exception though the re-logon already succeed. 
> If restart the application service in this time, the call will succeed. But I don't \
> think the application service should be restarted to solve the issue because it is \
> a service. 
> how do i tell ORB the sas context of the orb object has been changed and have the \
> createClientContext and validateContext be invoked again? or is there any \
> resolution else?  Who can explain the SASInterceptor work theory? 
> Thanks any help in advanced!
> 
> 
> Paul Ling
> 　　　　　　　　drlingyun@163.com
> 　　　　　　　　　　2005-02-18
> _______________________________________________
> jacorb-developer maillist  -  jacorb-developer@lists.spline.inf.fu-berlin.de
> http://lists.spline.inf.fu-berlin.de/mailman/listinfo/jacorb-developer

				 
　　　　　　　　Paul Ling
　　　　　　　　drlingyun@163.com
　　　　　　　　　　2005-02-28


[prev in list] [next in list] [prev in thread] [next in thread]