yoko-spec-corba/src/main/idl/SecurityLevel2.idl - geronimo-yoko - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
 */
 //File: SecurityLevel2.idl
 //Part of the Security Service

 #ifndef _SECURITY_LEVEL_2_IDL_
 #define _SECURITY_LEVEL_2_IDL_
 #include <SecurityLevel1.idl>
 //#pragma prefix "omg.org"

 module SecurityLevel2 {
 	// Forward declaration of interfaces
 	local interface PrincipalAuthenticator;
 	local interface Credentials;
 	local interface Current;
 // Interface PrincipalAuthenticator
 	local interface PrincipalAuthenticator {
 		Security::AuthenticationMethodList
 		get_supported_authen_methods(
 			in		Security::MechanismType		mechanism
 		);
 		Security::AuthenticationStatus authenticate (
 			in 		Security::AuthenticationMethod	method,
 			in		Security::MechanismType		mechanism,
 			in 		Security::SecurityName		security_name,
 			in 		any					auth_data,
 			in 		Security::AttributeList		privileges,
 			out 		Credentials				creds,
 			out 		any					continuation_data,
 			out 		any					auth_specific_data
 		);
 		Security::AuthenticationStatus continue_authentication (
 			in		any					response_data,
 			in		Credentials				creds,
 			out	 	any					continuation_data,
 			out	 	any					auth_specific_data
 		);
 	};
 	// Interface Credentials
 	local interface Credentials {
 		Credentials copy ();
 		void destroy();
 		readonly attribute Security::InvocationCredentialsType
 										credentials_type;
 		readonly attribute Security::AuthenticationStatus
 										authentication_state;
 		readonly attribute Security::MechanismType mechanism;
 		attribute Security::AssociationOptions
 										accepting_options_supported;
 		attribute Security::AssociationOptions
 										accepting_options_required;
 		attribute Security::AssociationOptions
 										invocation_options_supported;
 		attribute Security::AssociationOptions
 										invocation_options_required;
 		boolean get_security_feature(
 			in		Security::CommunicationDirection	direction,
 			in		Security::SecurityFeature		feature
 		);
 		boolean set_attributes (
 			in		Security::AttributeList	requested_attributes,
 			out		Security::AttributeList	actual_attributes
 		);
 		Security::AttributeList get_attributes (
 			in 		Security::AttributeTypeList	attributes
 		);
 		boolean is_valid (
 			out		Security::UtcT			expiry_time
 		);
 		boolean refresh(
 			in		any					refresh_data
 		);
 	};
 	typedef sequence <Credentials> CredentialsList;
 	local interface ReceivedCredentials : Credentials {
 		readonly attribute Credentials accepting_credentials;
 		readonly attribute Security::AssociationOptions
 											association_options_used;
 		readonly attribute Security::DelegationState
 											delegation_state;
 		readonly attribute Security::DelegationMode
 											delegation_mode;
 	};
 	local interface TargetCredentials : Credentials {
 		readonly attribute Credentials									initiating_credentials;
 		readonly attribute Security::AssociationOptions
 											association_options_used;
 	};
 	// RequiredRights Interface
 	interface RequiredRights{
 		void get_required_rights(
 			in 		Object				obj,
 			in 		CORBA::Identifier			operation_name,
 			in 		CORBA::RepositoryId		interface_name,
 			out 		Security::RightsList		rights,
 			out 		Security::RightsCombinator	rights_combinator
 		);
 		void set_required_rights(
 			in 		CORBA::Identifier			operation_name,
 			in 		CORBA::RepositoryId    		interface_name,
 			in 		Security::RightsList		rights,
 			in 		Security::RightsCombinator 	rights_combinator
 		);
 	};
 	// interface audit channel
 	local interface AuditChannel {
 		void audit_write (
 			in		Security::AuditEventType	event_type,
 			in		CredentialsList			creds,
 			in		Security::UtcT			time,
 			in		Security::SelectorValueList	descriptors,
 			in		any					event_specific_data
 		);
 		readonly attribute Security::AuditChannelId 												audit_channel_id;
 	};
 	// interface for Audit Decision
 	local interface AuditDecision {
 		boolean audit_needed (
 			in 		Security::	AuditEventType		event_type,
 			in 		Security::SelectorValueList		value_list
 		);
 		readonly attribute AuditChannel audit_channel;
 	};
 	local interface AccessDecision {
 		boolean access_allowed (
 			in		SecurityLevel2::CredentialsList	cred_list,
 			in		Object	               		target,
 			in		CORBA::Identifier           	operation_name,
 			in		CORBA::Identifier		target_interface_name
 		);
 	};
 	// Policy interfaces to control bindings
 	local interface QOPPolicy : CORBA::Policy {
 		readonly attribute Security::QOP												qop;
 	};
 	local interface MechanismPolicy : CORBA::Policy {
 		readonly attribute Security::MechanismTypeList													mechanisms;
 	};
 	local interface InvocationCredentialsPolicy : CORBA::Policy {
 		readonly attribute CredentialsList												creds;
 	};
 	local interface EstablishTrustPolicy : CORBA::Policy {
 		readonly attribute Security::EstablishTrust												trust;
 	};
 	local interface DelegationDirectivePolicy : CORBA::Policy {
 		readonly attribute Security::DelegationDirective
 											delegation_directive;
 	};
 	local interface SecurityManager {
 		// Process/Capsule/ORB Instance specific operations
 		readonly attribute Security::MechandOptionsList
 												supported_mechanisms;
 		readonly attribute CredentialsList 										own_credentials;
 		readonly attribute RequiredRights										required_rights_object;
 		readonly attribute PrincipalAuthenticator
 												principal_authenticator;
 		readonly attribute AccessDecision										access_decision;
 		readonly attribute AuditDecision										audit_decision;
 		TargetCredentials get_target_credentials (
 			in		Object				obj_ref
 		);
 		void remove_own_credentials(
 			in		Credentials				creds
 		);
 		CORBA::Policy get_security_policy (
 			in		CORBA::PolicyType			policy_type
 		);
 	};
 	// Interface Current derived from SecurityLevel1::Current  providing
 	// additional operations on Current at this security level.
 	// This is implemented by the ORB
 	local interface Current : SecurityLevel1::Current {
 	// Thread specific
 		readonly attribute ReceivedCredentials received_credentials;
 	};
 };

 #endif /* _SECURITY_LEVEL_2_IDL_ */
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	//File: SecurityLevel2.idl
	//Part of the Security Service

	#ifndef _SECURITY_LEVEL_2_IDL_
	#define _SECURITY_LEVEL_2_IDL_
	#include <SecurityLevel1.idl>
	//#pragma prefix "omg.org"

	module SecurityLevel2 {
	// Forward declaration of interfaces
	local interface PrincipalAuthenticator;
	local interface Credentials;
	local interface Current;
	// Interface PrincipalAuthenticator
	local interface PrincipalAuthenticator {
	Security::AuthenticationMethodList
	get_supported_authen_methods(
	in Security::MechanismType mechanism
	);
	Security::AuthenticationStatus authenticate (
	in Security::AuthenticationMethod method,
	in Security::MechanismType mechanism,
	in Security::SecurityName security_name,
	in any auth_data,
	in Security::AttributeList privileges,
	out Credentials creds,
	out any continuation_data,
	out any auth_specific_data
	);
	Security::AuthenticationStatus continue_authentication (
	in any response_data,
	in Credentials creds,
	out any continuation_data,
	out any auth_specific_data
	);
	};
	// Interface Credentials
	local interface Credentials {
	Credentials copy ();
	void destroy();
	readonly attribute Security::InvocationCredentialsType
	credentials_type;
	readonly attribute Security::AuthenticationStatus
	authentication_state;
	readonly attribute Security::MechanismType mechanism;
	attribute Security::AssociationOptions
	accepting_options_supported;
	attribute Security::AssociationOptions
	accepting_options_required;
	attribute Security::AssociationOptions
	invocation_options_supported;
	attribute Security::AssociationOptions
	invocation_options_required;
	boolean get_security_feature(
	in Security::CommunicationDirection direction,
	in Security::SecurityFeature feature
	);
	boolean set_attributes (
	in Security::AttributeList requested_attributes,
	out Security::AttributeList actual_attributes
	);
	Security::AttributeList get_attributes (
	in Security::AttributeTypeList attributes
	);
	boolean is_valid (
	out Security::UtcT expiry_time
	);
	boolean refresh(
	in any refresh_data
	);
	};
	typedef sequence <Credentials> CredentialsList;
	local interface ReceivedCredentials : Credentials {
	readonly attribute Credentials accepting_credentials;
	readonly attribute Security::AssociationOptions
	association_options_used;
	readonly attribute Security::DelegationState
	delegation_state;
	readonly attribute Security::DelegationMode
	delegation_mode;
	};
	local interface TargetCredentials : Credentials {
	readonly attribute Credentials initiating_credentials;
	readonly attribute Security::AssociationOptions
	association_options_used;
	};
	// RequiredRights Interface
	interface RequiredRights{
	void get_required_rights(
	in Object obj,
	in CORBA::Identifier operation_name,
	in CORBA::RepositoryId interface_name,
	out Security::RightsList rights,
	out Security::RightsCombinator rights_combinator
	);
	void set_required_rights(
	in CORBA::Identifier operation_name,
	in CORBA::RepositoryId interface_name,
	in Security::RightsList rights,
	in Security::RightsCombinator rights_combinator
	);
	};
	// interface audit channel
	local interface AuditChannel {
	void audit_write (
	in Security::AuditEventType event_type,
	in CredentialsList creds,
	in Security::UtcT time,
	in Security::SelectorValueList descriptors,
	in any event_specific_data
	);
	readonly attribute Security::AuditChannelId audit_channel_id;
	};
	// interface for Audit Decision
	local interface AuditDecision {
	boolean audit_needed (
	in Security:: AuditEventType event_type,
	in Security::SelectorValueList value_list
	);
	readonly attribute AuditChannel audit_channel;
	};
	local interface AccessDecision {
	boolean access_allowed (
	in SecurityLevel2::CredentialsList cred_list,
	in Object target,
	in CORBA::Identifier operation_name,
	in CORBA::Identifier target_interface_name
	);
	};
	// Policy interfaces to control bindings
	local interface QOPPolicy : CORBA::Policy {
	readonly attribute Security::QOP qop;
	};
	local interface MechanismPolicy : CORBA::Policy {
	readonly attribute Security::MechanismTypeList mechanisms;
	};
	local interface InvocationCredentialsPolicy : CORBA::Policy {
	readonly attribute CredentialsList creds;
	};
	local interface EstablishTrustPolicy : CORBA::Policy {
	readonly attribute Security::EstablishTrust trust;
	};
	local interface DelegationDirectivePolicy : CORBA::Policy {
	readonly attribute Security::DelegationDirective
	delegation_directive;
	};
	local interface SecurityManager {
	// Process/Capsule/ORB Instance specific operations
	readonly attribute Security::MechandOptionsList
	supported_mechanisms;
	readonly attribute CredentialsList own_credentials;
	readonly attribute RequiredRights required_rights_object;
	readonly attribute PrincipalAuthenticator
	principal_authenticator;
	readonly attribute AccessDecision access_decision;
	readonly attribute AuditDecision audit_decision;
	TargetCredentials get_target_credentials (
	in Object obj_ref
	);
	void remove_own_credentials(
	in Credentials creds
	);
	CORBA::Policy get_security_policy (
	in CORBA::PolicyType policy_type
	);
	};
	// Interface Current derived from SecurityLevel1::Current providing
	// additional operations on Current at this security level.
	// This is implemented by the ORB
	local interface Current : SecurityLevel1::Current {
	// Thread specific
	readonly attribute ReceivedCredentials received_credentials;
	};
	};

	#endif /* _SECURITY_LEVEL_2_IDL_ */