This section describes advanced J-Integra® features for identifying the authentication of Java/COM clients and controlling access to Java objects from COM clients.
When a COM client uses J-Integra® to call Java methods, you can identify certain aspects of the caller identity using the following methods:
J-Integra® can authenticate a domain/user/password using the "NT Challenge-Response" protocol. This means no password is transmitted over the network. It does not use any native code to perform the authentication, and can therefore authenticate identities from any platform (e.g. Windows, Unix, Linux, etc). To perform the authentication, use the com.linar.jintegra.NTLMAuthenticate.validate() method. There are two forms of this method:
com.linar.jintegra.NTLMAuthenticate.validate(String pdcTcpHost, String domain, String user, String password);
com.linar.jintegra.NTLMAuthenticate.validate(String netBiosName, String pdcTcpHost, String domain, String user, String password);
If the domain/user/password are valid then this method simply returns, otherwise a security exception is thrown.
Parameters:
Throws:
java.lang.SecurityException - If the domain/user/password are not authenticated.
java.io.IOException - If there were problems connecting to the Windows Domain Server.
If the domain/user/password are valid then this method simply returns, otherwise an exception is thrown.
* This mechanism is not implemented in native mode.
In DCOM mode, you can register an object that will be notified whenever a Java object is about to be exposed to a COM client. You can then decide whether or not the object is allowed to be exposed. To do this, create a Java class that implements the com.linar.jintegra.ObjectExportChecker interface. This interface has one method:
Register an instance of your Java class with the J-Integra® runtime by calling com.linar.jintegra.Cleaner.setObjectExportListener(ObjectExportChecker listener). This method will throw a java.lang.SecurityException if a listener is already registered.
The example below demonstrates how to use multiple user credentials to access COM components, such as Excel, on separate machines. It is important to use trackObjectsInCurrentThread() / releaseAllInCurrentThread() in separate threads to authenticate with multiple user credentials using com.linar.jintegra.AuthInfo.setThreadDefault(..).
| import excel.*; public class MultithreadedExcel { public static void main(String args[]){ com.linar.jintegra.Log.logImmediately(3, "jintegra.log"); System.out.println("MultithreadedExcel started\n"); ClientThread ct1 = new ClientThread("hostname1", "domain1", "user1", "password1"); ct1.start(); ClientThread ct2 = new ClientThread("hostname2", "domain2", "user2", "password2"); ct2.start(); ClientThread ct3 = new ClientThread("hostname3", "domain3", "user3", "password3"); ct3.start(); System.out.println("\nMultithreadedExcel finished"); } } class ClientThread extends Thread { String hostname; String domain; String user; String password; public ClientThread (String hostname, String domain, String user, String password) { this.hostname = hostname; this.domain = domain; this.user = user; this.password = password; System.out.println( "A new thread is created:" + " hostname=" + hostname + " domain=" + domain + " user=" + user ); } public void run() { try{ // Track all DCOM objects in current thread com.linar.jintegra.Cleaner.trackObjectsInCurrentThread(); com.linar.jintegra.AuthInfo.setThreadDefault(domain, user, password); Application app = new Application(hostname); System.out.println("Excel Version " + app.getVersion() + " on " + hostname); Thread.sleep(5000); // Release all DCOM objects com.linar.jintegra.Cleaner.release(app); app = null; }catch(Exception e){ System.out.println("*** Exception is thrown on hostname=" + hostname + ":"); e.printStackTrace(); } finally { // Release all DCOM objects in current thread com.linar.jintegra.Cleaner.releaseAllInCurrentThread(); } } } |