1. Technical Field
The present invention relates in general to the field of computers, and, in particular, to the field of computer software. Still more particularly, the present invention relates to an improved method and system of using Enterprise JavaBean (EJB) security mechanisms to provide authorization security for non-EJB Common Object Request Broker Architecture (CORBA) objects in an object-oriented programming environment.
2. Description of the Related Art
Object-oriented programming (OOP) is a type of computer programming used in the development of operating system software as well as application software for a computer system. Contrary to traditional procedural programming techniques, OOP uses pre-engineered “methods” located within “objects” for the development of software. Methods are pre-configured software algorithms used to perform a particular task. Objects are self-contained software entities that consist of both methods plus variables (data) upon which the methods act. When created (instantiated) in a useful form, objects are typically referred to as “instances.”
FIG. 1 graphically depicts the relationship between methods 12, variables 14 and instances 16, as well as a class 10 that defines instances 16. Class 10 is a software template from which individual instances 16 can be instantiated. Class 10 defines both the formats of variables 14 (e.g., integers, strings, pointers to other objects, etc.) as well as the methods 12 used by instances 16. While class 10 defines methods 12 and the format of variables 14 only once, each instance 16 (depicted as instances 16a–16c) may be unique depending on what data values populate variables 14. These data values represent each instance 16's particular content and location.
OOP allows the user programmer to call up objects (instances), and is implemented in two ways: client-side operations and server-side operations. Most of the earlier OOP operations were client-side, including those performed using Java™-a platform independent object-oriented programming language developed by Sun Microsystems, Inc. (Sun). Examples of client-side operations include servlets 20 and applets 22 as illustrated in FIG. 2. Applets 14 are portable Java programs that can be downloaded on the fly and can execute in an untrusted environment. Typically, applets 22 are deployed in a Web page sent from a web server 18 to a client computer 24, whose browser 26 contains a browser applet viewer to run applets 22. Applets 22 typically display a user interface on client computer 24. Servlets 20 are applets that run on web server 18 in Web server's servlet engine. Servlets 20 are networked components that can be used to extend the functionality of web server 18. Servlets 20 are request/response oriented, in that they take requests from browser 26 and issue a response back to client computer 24. Servlets 20 are often used for performing Web tasks such as rendering a HyperText Markup Language (HTML) interface to an e-commerce catalog.
Server-side operations are those that operate typically in an application server 28, as depicted in FIG. 3. Applications are sent from application server 28 to client computer 24 typically upon a request from client computer 24. Server-side operations are useful in executing complex algorithms or performing high-volume business transactions. Application server 28 provides a highly available, fault-tolerant, transactional and multiuser secure environment. While applets 22 and servlets 20 may be deployed in server-side operations, Enterprise JaveBean (EJB) objects 30 are primarily used for server-side operations.
Java 2 Platform, Enterprise Edition™ (J2EE), also developed by Sun, is a robust suite of middleware services for developing server-side applications. An integral part of J2EE is Enterprise JavaBeans™ (EJB), which is a specification that defines a server-side architecture that enables and simplifies the process of building enterprise-class s (appropriate for a large enterprise, i.e., business organization) EJB objects 30. EJB allows the writing of scalable, reliable and secure applications in a platform-independent environment similar to that found when using Java. Thus EJB components can be provided from a variety of vendors, and simply “plugged in” to a network system, regardless of that network system's operating system.
Many of the features of EJB are derived from the Common Object Request Broker Architecture (CORBA) specification. CORBA was invented by the Object Management Group (OMG), a consortium of eleven founding companies in 1989. While EJB and J2EE are designed for use with Java oriented OOP's, CORBA supports cross-language interaction. That is, CORBA allows an object written in one language (such as Java) to interact with a second object written in a second language (such as C++). While EJB is actually a modification of CORBA, and EJB objects are often referred to as EJB CORBA objects, EJB objects must comply with Java language protocols. While CORBA offers a broader software range due to its ability to cross-talk between languages, it requires complex middleware application program interfaces (API's) to communicate between objects.
Many servers, usually because of CORBA legacy programs, contain and serve both CORBA and EJB objects. While such servers, by EJB specification, have security mechanisms to control access to EJB objects, they may or may not have security protection for CORBA objects. To provide such security in the prior art, servers have had to create a separate server-side security mechanism for CORBA objects independent of EJB object security. This is a costly process and a duplication of security effort.