85 lines
5.2 KiB
HTML
85 lines
5.2 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
|
<!DOCTYPE html
|
||
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
|
<html lang="en-us" xml:lang="en-us">
|
||
|
|
<head>
|
||
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
|
<meta name="security" content="public" />
|
||
|
|
<meta name="Robots" content="index,follow" />
|
||
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
|
<meta name="DC.Type" content="concept" />
|
||
|
|
<meta name="DC.Title" content="Establishing context" />
|
||
|
|
<meta name="abstract" content="The two communicating peers must establish a security context over which they can use per-message services." />
|
||
|
|
<meta name="description" content="The two communicating peers must establish a security context over which they can use per-message services." />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev10.htm" />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1050.htm" />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1070.htm" />
|
||
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
|
<meta name="DC.Format" content="XHTML" />
|
||
|
|
<meta name="DC.Identifier" content="rzahajgssdev1060" />
|
||
|
|
<meta name="DC.Language" content="en-us" />
|
||
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
|
<!-- US Government Users Restricted Rights -->
|
||
|
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
|
<title>Establishing context</title>
|
||
|
|
</head>
|
||
|
|
<body id="rzahajgssdev1060"><a name="rzahajgssdev1060"><!-- --></a>
|
||
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
<h1 class="topictitle1">Establishing context</h1>
|
||
|
|
<div><p>The two communicating peers must establish a security context over
|
||
|
|
which they can use per-message services. </p>
|
||
|
|
<p>The initiator calls initSecContext() on its context, which returns a token
|
||
|
|
to the initiator application. The initiator application transports the
|
||
|
|
context token to the acceptor application. The acceptor calls acceptSecContext()
|
||
|
|
on its context, specifying the context token received from the initiator.
|
||
|
|
Depending on the underlying mechanism and the optional services that the initiator
|
||
|
|
selected, acceptSecContext() might produce a token that the acceptor application
|
||
|
|
has to forward to the initiator application. The initiator application then
|
||
|
|
uses the received token to call initSecContext() one more time.</p>
|
||
|
|
<p>An application can make multiple calls to GSSContext.initSecContext() and
|
||
|
|
GSSContext.acceptSecContext(). An application can also exchange multiple tokens
|
||
|
|
with a peer during context establishment. Hence, the typical method of establishing
|
||
|
|
context uses a loop to call GSSContext.initSecContext() or GSSContext.acceptSecContext()
|
||
|
|
until the applications establish context.</p>
|
||
|
|
<p><strong>Example: Establishing context</strong></p>
|
||
|
|
<p>The following example illustrates the initiator (foo) side of context establishment:</p>
|
||
|
|
<pre> byte array[] inToken = null; // The input token is null for the first call
|
||
|
|
int inTokenLen = 0;
|
||
|
|
|
||
|
|
do {
|
||
|
|
byte[] outToken = fooContext.initSecContext(inToken, 0, inTokenLen);
|
||
|
|
|
||
|
|
if (outToken != null) {
|
||
|
|
send(outToken); // transport token to acceptor
|
||
|
|
}
|
||
|
|
|
||
|
|
if( !fooContext.isEstablished()) {
|
||
|
|
inToken = receive(); // receive token from acceptor
|
||
|
|
inTokenLen = inToken.length;
|
||
|
|
}
|
||
|
|
} while (!fooContext.isEstablished());</pre>
|
||
|
|
<p>The following example illustrates the acceptor side of context establishment:</p>
|
||
|
|
<pre> // The acceptor code for establishing context may be the following:
|
||
|
|
do {
|
||
|
|
byte[] inToken = receive(); // receive token from initiator
|
||
|
|
byte[] outToken =
|
||
|
|
serverAcceptorContext.acceptSecContext(inToken, 0, inToken.length);
|
||
|
|
|
||
|
|
if (outToken != null) {
|
||
|
|
send(outToken); // transport token to initiator
|
||
|
|
}
|
||
|
|
} while (!serverAcceptorContext.isEstablished());</pre>
|
||
|
|
</div>
|
||
|
|
<div>
|
||
|
|
<div class="familylinks">
|
||
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssdev10.htm" title="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services.">IBM JGSS application programming steps</a></div>
|
||
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzahajgssdev1050.htm" title="Your application can request any of several optional security services. IBM JGSS supports several services.">Requesting optional security services</a></div>
|
||
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzahajgssdev1070.htm" title="After establishing a security context, two communicating peers can exchange secure messages over the established context.">Using per-message services</a></div>
|
||
|
|
</div>
|
||
|
|
</div>
|
||
|
|
</body>
|
||
|
|
</html>
|