1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
<header>
<copyright>
<year>2001</year><year>2016</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
</legalnotice>
<title>Orber Interceptors</title>
<prepared>Nick</prepared>
<docno></docno>
<date>2001-08-16</date>
<rev></rev>
<file>ch_interceptors.xml</file>
</header>
<section>
<title>Using Interceptors</title>
<p>For Inter-ORB communication, e.g., via <c>IIOP</c>, it is possible
to intercept requests and replies. To be able to use <c>Interceptors</c>
Orber the configuration parameter <c>interceptors</c> must be defined.</p>
<section>
<title>Configure Orber to Use Interceptors</title>
<p>The configuration parameter <c>interceptors</c> must be defined, e.g.,
as command line option:</p>
<code type="none">
erl -orber interceptors "{native, ['myInterceptor']}"
</code>
<p>It is possible to use more than one interceptor; simply add them to the
list and they will be invoked in the same order as they appear in the list.</p>
<p>One can also active and deactivate an interceptor during
run-time, but this will only affect currently existing connections.
For more information, consult Orber's Reference Manual regarding the
operations <c>orber:activate_audit_trail/0/1</c> and
<c>orber:activate_audit_trail/0/1.</c></p>
</section>
<section>
<title>Creating Interceptors</title>
<p>Each supplied interceptor <em>must</em> export the following functions:</p>
<list type="bulleted">
<item><em>new_out_connection/3/5</em> - one of these operations is called when
a client application calls an object residing on remote ORB.
If an interceptor exports both versions, arity 3 and 5, which
operation that will be invoked is Orber internal.</item>
<item><em>new_in_connection/3/5</em> - one of these operations is invoked
when a client side ORB tries to set up a connection to the target ORB.
If an interceptor exports both versions, arity 3 and 5, which
operation that will be invoked is Orber internal.</item>
<item><em>out_request/6</em> - supplies all request data on the client side
ORB.</item>
<item><em>out_request_encoded/6</em> - similar to <c>out_request</c>
but the request body is encode.</item>
<item><em>in_request_encoded/6</em> - after a new request arrives at the
target ORB the request data is passed to the interceptor in
encoded format.</item>
<item><em>in_request/6</em> - prior to invoking the operation on the
target object, the interceptor <c>in_request</c> is called.</item>
<item><em>out_reply/6</em> - after the target object replied the
<c>out_reply</c> operation is called with the result of the object
invocation.</item>
<item><em>out_reply_encoded/6</em> - before sending a reply back to the
client side ORB this operation is called with the result in
encoded format.</item>
<item><em>in_reply_encoded/6</em> - after the client side ORB receives
a reply this function is called with the reply in encoded
format.</item>
<item><em>in_reply/6</em> - before delivering the reply to the client
this operation is invoked.</item>
<item><em>closed_in_connection/1</em> - when a connection is terminated
on the client side this function is called.</item>
<item><em>closed_out_connection/1</em> - if an outgoing connection is
terminated this operation will be invoked.</item>
</list>
<p>The operations <c>new_out_connection</c>, <c>new_in_connection</c>,
<c>closed_in_connection</c> and <c>closed_out_connection</c> operations
are only invoked <em>once</em> per connection. The remaining operations
are called, as shown below, for every Request/Reply to/from remote
CORBA Objects.</p>
<marker id="interceptor_operations"></marker>
<image file="interceptor_operations.gif">
<icaption>
The Invocation Order of Interceptor Functions.</icaption>
</image>
</section>
</section>
<section>
<title>Interceptor Example</title>
<p>Assume we want to create a simple access service which purpose is to:</p>
<list type="bulleted">
<item>Only allow incoming request from ORB's residing on a certain set of
nodes.</item>
<item>Restrict the objects any client may invoke operations on.</item>
<item>Only allow outgoing requests to call a limited set of external
ORB's.</item>
<item>Add a checksum to each binary request/reply body.</item>
</list>
<p>To restricts the access we use a <c>protected</c> and <c>named</c> ets-table
holding all information. How the ets-table is initiated and maintained
is implementation specific, but it contain
<c>{Node, ObjectTable, ChecksumModule}</c> where <c>Node</c> is used as
ets-key, <c>ObjectTable</c> is a reference to another ets-table in which
we store which objects the clients are allowed to invoke operations on
and <c>ChecksumModule</c> determines which module we should use to handle
the checksums. </p>
<code type="none">
new_in_connection(Arg, Host, Port) ->
%% Since we only use one interceptor we do not care about the
%% input Arg since it is set do undefined by Orber.
case ets:lookup(in_access_table, Host) of
[] ->
%% We may want to log the Host/Port to see if someone tried
%% to hack in to our system.
exit("Access not granted");
[{Host, ObjTable, ChecksumModule}] ->
{ObjTable, ChecksumModule}
end.
</code>
<p>The returned tuple, i.e., {ObjTable, ChecksumModule}, will be passed
as the first argument whenever invoking one of the interceptor functions.
Unless the connection attempt did not fail we are now ready for receiving
requests from the client side ORB.</p>
<p>When a new request comes in the first interceptor function to be invoked is
<c>in_request_encoded</c>. We will remove the checksum from the coded
request body in the following way:</p>
<code type="none">
in_request_encoded({ObjTable, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:remove_checksum(Bin),
{NewBin, Extra}.
</code>
<p>If the checksum check fails the <c>ChecksumModule</c> should invoke exit/1.
But if the check succeeded we are now ready to check if the client-ORB
objects are allowed to invoke operations on the target object. Please note,
it is possible to run both checks in <c>in_request_encoded</c>. Please
note, the checksum calculation must be relatively fast to ensure a
good throughput.</p>
<p>If we want to we can restrict any clients to only use a subset of operations
exported by a server:</p>
<code type="none">
in_request({ObjTable, ChecksumModule}, ObjKey, Ctx, Op, Params, Extra) ->
case ets:lookup(ObjTable, {ObjKey, Op}) of
[] ->
exit("Client tried to invoke illegal operation");
[SomeData] ->
{Params, Extra}
end.
</code>
<p>At this point Orber are now ready to invoke the operation on the target
object. Since we do not care about what the reply is the <c>out_reply</c>
function do nothing, i.e.:</p>
<code type="none">
out_reply(_, _, _, _, Reply, Extra) ->
{Reply, Extra}.
</code>
<p>If the client side ORB expects a checksum to be added to the reply we
add it by using:</p>
<code type="none">
out_reply_encoded({ObjTable, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:add_checksum(Bin),
{NewBin, Extra}.
</code>
<warning>
<p>If we manipulate the binary as above the behavior <em>must</em>
be <c>Bin == remove_checksum(add_checksum(Bin))</c>.</p>
</warning>
<p>For outgoing requests the principle is the same. Hence, it is not further
described here. The complete interceptor module would look like:</p>
<code type="none">
-module(myInterceptor).
%% Interceptor functions.
-export([new_out_connection/3,
new_in_connection/3,
closed_in_connection/1,
closed_out_connection/1,
in_request_encoded/6,
in_reply_encoded/6,
out_reply_encoded/6,
out_request_encoded/6,
in_request/6,
in_reply/6,
out_reply/6,
out_request/6]).
new_in_connection(Arg, Host, Port) ->
%% Since we only use one interceptor we do not care about the
%% input Arg since it is set do undefined by Orber.
case ets:lookup(in_access_table, Host) of
[] ->
%% We may want to log the Host/Port to see if someone tried
%% to hack in to our system.
exit("Access not granted");
[{Host, ObjTable, ChecksumModule}] ->
{ObjTable, ChecksumModule}
end.
new_out_connection(Arg, Host, Port) ->
case ets:lookup(out_access_table, Host) of
[] ->
exit("Access not granted");
[{Host, ObjTable, ChecksumModule}] ->
{ObjTable, ChecksumModule}
end.
in_request_encoded({_, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:remove_checksum(Bin),
{NewBin, Extra}.
in_request({ObjTable, _}, ObjKey, Ctx, Op, Params, Extra) ->
case ets:lookup(ObjTable, {ObjKey, Op}) of
[] ->
exit("Client tried to invoke illegal operation");
[SomeData] ->
{Params, Extra}
end.
out_reply(_, _, _, _, Reply, Extra) ->
{Reply, Extra}.
out_reply_encoded({_, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:add_checksum(Bin),
{NewBin, Extra}.
out_request({ObjTable, _}, ObjKey, Ctx, Op, Params, Extra) ->
case ets:lookup(ObjTable, {ObjKey, Op}) of
[] ->
exit("Client tried to invoke illegal operation");
[SomeData] ->
{Params, Extra}
end.
out_request_encoded({_, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:add_checksum(Bin),
{NewBin, Extra}.
in_reply_encoded({_, ChecksumModule}, ObjKey, Ctx, Op, Bin, Extra) ->
NewBin = ChecksumModule:remove_checksum(Bin),
{NewBin, Extra}.
in_reply(_, _, _, _, Reply, Extra) ->
{Reply, Extra}.
closed_in_connection(Arg) ->
%% Nothing to clean up.
Arg.
closed_out_connection(Arg) ->
%% Nothing to clean up.
Arg.
</code>
<note>
<p>One can also use interceptors for debugging purposes, e.g.,
print which objects and operations are invoked with which arguments
and the outcome of the operation. In conjunction with the configuration
parameter <c>orber_debug_level</c> it is rather easy to find out what
went wrong or just to log the traffic. </p>
</note>
</section>
</chapter>
|