Security/Authentication

This section describes advanced J-Integra® features for identifying the authentication of Java/COM clients and controlling access to Java objects from COM clients.

Contents


Identifying the Authentication of COM Clients Invoking Java Code

When a COM client uses J-Integra® to call Java methods, you can identify certain aspects of the caller identity using the following methods:


Identifying Arbitary Domain/User/Password Combinations From Java Clients

J-Integra® can authenticate a domain/user/password using the "NT Challenge-Response" protocol. This means no password is transmitted over the network. It does not use any native code to perform the authentication, and can therefore authenticate identities from any platform (e.g. Windows, Unix, Linux, etc). To perform the authentication, use the com.linar.jintegra.NTLMAuthenticate.validate() method. There are two forms of this method:

If the domain/user/password are valid then this method simply returns, otherwise a security exception is thrown.

Parameters:


Controlling Which Java Objects Are Allowed To Be Accessed From COM

* This mechanism is not implemented in native mode.

In DCOM mode, you can register an object that will be notified whenever a Java object is about to be exposed to a COM client. You can then decide whether or not the object is allowed to be exposed. To do this, create a Java class that implements the com.linar.jintegra.ObjectExportChecker interface. This interface has one method:

Register an instance of your Java class with the J-Integra® runtime by calling com.linar.jintegra.Cleaner.setObjectExportListener(ObjectExportChecker listener). This method will throw a java.lang.SecurityException if a listener is already registered.


Using Multiple User Credentials to Access COM Components on Separate Machines

The example below demonstrates how to use multiple user credentials to access COM components, such as Excel, on separate machines. It is important to use trackObjectsInCurrentThread() / releaseAllInCurrentThread() in separate threads to authenticate with multiple user credentials using com.linar.jintegra.AuthInfo.setThreadDefault(..).

import excel.*;

public class MultithreadedExcel {
  public static void main(String args[]){
    com.linar.jintegra.Log.logImmediately(3, "jintegra.log");
    System.out.println("MultithreadedExcel started\n");

    ClientThread ct1 = new ClientThread("hostname1", "domain1", "user1", "password1");
    ct1.start();
    ClientThread ct2 = new ClientThread("hostname2", "domain2", "user2", "password2");
    ct2.start();
    ClientThread ct3 = new ClientThread("hostname3", "domain3", "user3", "password3");
    ct3.start();

    System.out.println("\nMultithreadedExcel finished");
  }
}

class ClientThread extends Thread {

  String hostname;
  String domain;
  String user;
  String password;

  public ClientThread (String hostname, String domain, String user, String password) {
    this.hostname = hostname;
    this.domain = domain;
    this.user = user;
    this.password = password;
    System.out.println(
      "A new thread is created:" +
      " hostname=" + hostname +
      " domain=" + domain +
      " user=" + user
    );
  }

  public void run() {
    try{
      // Track all DCOM objects in current thread
      com.linar.jintegra.Cleaner.trackObjectsInCurrentThread();

      com.linar.jintegra.AuthInfo.setThreadDefault(domain, user, password);

      Application app = new Application(hostname);
      System.out.println("Excel Version " + app.getVersion() + " on " + hostname);
      Thread.sleep(5000);

      // Release all DCOM objects
      com.linar.jintegra.Cleaner.release(app);
      app = null;
    }catch(Exception e){
      System.out.println("*** Exception is thrown on hostname=" + hostname + ":");
      e.printStackTrace();
    } finally {
      // Release all DCOM objects in current thread
      com.linar.jintegra.Cleaner.releaseAllInCurrentThread();
    }
  }

}