SEAL( ) method

Seals a Client-principal object with the specified message authentication code (MAC). Sealing a Client-principal object signifies that the user identity from the authentication domain has successfully logged into that domain. Once logged in, you can use the sealed Client-principal object to set a user ID using either the SET-CLIENT( ) method or SET-DB-CLIENT function.

You must set the following attributes on the Client-principal object before you can seal the object:

USER-ID attribute
DOMAIN-NAME attribute
SESSION-ID attribute

If you do not set these attributes, the AVM generates a run-time error.

You can seal a Client-principal object only once per user login session. Then, you can use the VALIDATE-SEAL( ) method to validate the seal whenever necessary.

Once sealed, you cannot set any new or existing properties or attributes for the object.

Return type: LOGICAL

Applies to: Client-principal object handle

Syntax

SEAL( key )

key

A character expression containing the key of the authentication domain that authenticated the user ID. The AVM uses this key to generate the MAC with which to seal the Client-principal object. The AVM converts this key to UTF-8 before using it, which ensures a consistent value regardless of code page settings. A matching authentication domain key must be registered in a trusted authentication domain registry before you can validate and use the user ID represented by the Client-principal object.

If successful, this method returns TRUE. The AVM also sets the SEAL-TIMESTAMP attribute with the time stamp of when the Client-principal object was sealed, and sets the LOGIN-STATE attribute to “LOGIN”.

The AVM also checks the LOGIN-EXPIRATION-TIMESTAMP attribute. If the Client-principal object expires before you can seal it, the AVM sets the LOGIN-STATE attribute to “EXPIRED” and returns FALSE.

Calling this method generates an audit event and creates an audit record for the event in all connected audit-enabled databases according to each database’s current audit policy settings.

The following code fragment illustrates how to use the SEAL( ) method:

DEFINE VARIABLE hCP     AS HANDLE    NO-UNDO DEFINE VARIABLE key     AS CHARACTER NO-UNDO. DEFINE VARIABLE lResult AS LOGICAL   NO-UNDO. . . . CREATE CLIENT-PRINCIPAL hCp. . . . lResult = hCP:SEAL(key).

See also: SEAL-TIMESTAMP attribute, LOGIN-EXPIRATION-TIMESTAMP attribute, LOGIN-STATE attribute, SET-CLIENT( ) method, SET-DB-CLIENT function, VALIDATE-SEAL( ) method

OpenEdge Release 10.2B

Copyright © 2009 Progress Software Corporation