incubator-yoko-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick McGuire <>
Subject Re: CSIv2
Date Wed, 31 May 2006 15:01:07 GMT
Anders Hessellund Jensen wrote:
> Rick McGuire wrote:
>> Well, Yoko will need to some hooks/plugins/callbacks that will allow 
>> the OpenEJB code to interact with the ORB transport-level security.  
>> The touch points that are used in the other ORB implementations are:
>> Server-connections:
>>   1. Mechanism to configure the ORB listening socket to use a secure
>>      connection.
>>   2. A socket-factory like mechanism that will allow Geronimo to use
>>      its own mechanisms for creating and configuring the ServerSocket.
>>   3. An callback or interceptor that allows the OpenEJB security
>>      manager to maintain mappings of requests to the SSLSessions used
>>      to service the requests (if a secure transport is being used).
>> Client Connections:
>>   1. Mechanism to allow Geronimo to make the decision what type of
>>      connection is used for a given IOR (access to the target IOR is
>>      required).
>>   2. A socket-factory like mechanism to allow Geronimo to create and
>>      configure the socket as needed.
> For 3, each POA apparently has an org.apache.yoko.orb.OCI.Current, 
> which apparently can be used to get the currently used transport by 
> looking it up in a HashMap with threads as keys. I haven't noticed any 
> way this object is exposed to clients, but every POA has a reference 
> to it. Perhaps we could add a getCurrentTransport method somewhere 
> appropriate. If we do that an interceptor could be used to maintain 
> the mapping, just like its done with the sunorb.
> I think we are going to have to write a custom OCI plugin to handle 
> the rest. Otherwise we would have to modify the existing IIOP plugin 
> significantly, which I think would become a mess.
Speaking with my Geronimo hat on, I'd have to say that requiring a 
custom OCI plugin get written is not an acceptable solution.  Adding the 
appropriate hooks is not that big of a change to the IIOP code....I had 
support for a plugin-to-the-plugin roughed out in just a day that met 
all of the Geronimo requirements I stated above.  I shelved this 
solution pending checking of the secure transport code you said you were 
working one. 

Geronimo is banking a lot on being able to use Yoko in the next release, 
assuming it would not be difficult to hook it in as a replacement for 
the Sun ORB.  Requiring a complete IIOP OCI plugin to be written will 
most likely not allow that goal to be achieved.

> Best regards,
> Anders

View raw message