| 摘要 |
Mutual authentication between a client and server over the Internet utilizing the IOP protocol in its current state is enabled by first engaging in a "dummy" request when a client initiates a request to a new target server for the first time. This provides the means for creating a two way authentication mechanism. Rather than creating an object reference for the dummy request, the object reference at hand in the client, which the client is about to utilize for a request, is reused by extracting a proxy object from the request. The request is intercepted in the client and the proxy object passed to the interception method. The client next issues a two-way remote method already defined for the proxy object, such as the "non_existent( )" method defined on the CORBA object. The client then computes a security token, and sends the dummy request to the server. The server intercepts the dummy request, validates the security token received in the dummy request, and acquires a new authentication token to be returned to the client. Upon interception of the outgoing message, the new security token is marshalled in the security service context and sent to the client on the response message. The client intercepts the reply message and demarshals the security service context to recover the security token and complete mutual authentication.
|
