InfoCenter Home >
5: Securing applications -- special topics >
5.7: The Secure Association Service (SAS) >
5.7.2: SAS on the server side

5.7.2: SAS on the server side

When an RMI/IIOP request arrives at a server, SAS intercepts the request and performs the necessary security tasks before the business method is invoked on the server. After the method is invoked, a response is sent back to the client.

Authenticating the user

When a server first receives a request, a user must be authenticated and authorized before the method can be invoked. Part of SAS's responsibility is to authenticate the user to the user registry to validate that they are who they say. The SAS programming model has APIs for authenticating users on both the client and server sides. Currently, the only client authentication supported is Basic Auth (i.e., authenticating a userid and password). SSL client authentication is planned for a future release.

Invoking the method

Once SAS authenticates the user, a credential is created with information about the user. This credential is associated with the thread of execution and the method is invoked in the container after being authorized.

Sending a response back to the client

After the method is invoked, a response is sent back to the client.

Go to previous article: Client-side SAS Go to next article: ORB SSL Configuration

 

 
Go to previous article: Client-side SAS Go to next article: ORB SSL Configuration