Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ecf-dev] RemoteService + Context

Hi Franky,

Consider the following scenario:
A web application separated into two OSGI platforms - gui and business. The business platform provides (remote) services that the gui platform uses. Requests to (remote) business services can be
initiated from the gui platform by different users. So each request should be associated with some security context.

As I understand, once a remote service (proxy) is registered in the client platform and a communication container is created, all subsequent request are executed using the same container. Is this correct?


Regards,
Radostin

On 29.10.2010 г. 17:33, Franky Bridelance wrote:
Hi Radostin,
 
Is there a specific need to attach the security context to each request?
For example in my use case I send the security context once at client container connection (via an  IConnectContext implementation in IContainer.connect method). On server side during the connect request handling (via an IConnectHandlerPolicy implementation) I keep a map between the security context and the client ID. Each request already contains the client ID so it's just a matter to lookup the security context for the given client ID and inject this in SecurityContextHolder just before the call: that's where I'm currently missing an API to do this. 
 
Franky
 
 
2010/10/29 Radostin Surilov <rado@xxxxxxxxxxxx>
Hi Scott,

Please find my answers below.

Regards,
Radostin


On 28.10.2010 г. 17:21, Scott Lewis wrote:
Hi Radostin,

Thanks for the description of your work. 

A couple of comments below.

On 10/28/2010 1:50 AM, Radostin Surilov wrote:
Hi Scott,

Thank you for the comments.

I suppose this approach is quite specific to our use case. The actual aspect is:

import org.eclipse.ecf.provider.remoteservice.generic.RemoteCallImpl;
import org.eclipse.ecf.provider.remoteservice.generic.Request;
import org.eclipse.ecf.provider.remoteservice.generic.RemoteServiceRegistrationImpl;

public aspect ECFRequestExtAspect {
   
    private ISecurityToken RemoteCallImpl.mSecurityToken; //serializable parameter to pass (security token in this case)
   
    //advice executed after a new request object has been created
    after(Request request) returning : initialization(Request+.new(..)) && this(request) {
        //put the (local) security context in the RemoteCallImpl instance of the request
        request.getCall().mSecurityToken = SecurityContextHolder.getContext().getToken();
    }
   
    //advice executed before the remote service method invocation
    before(RemoteCallImpl remoteCall) : execution(* RemoteServiceRegistrationImpl.callService(RemoteCallImpl)) && args(remoteCall) {
        //get the security context from the RemoteCallImpl instance and put it in a thread local
        SecurityContextHolder.getContext().setToken(remoteCall.mSecurityToken);       
    }
}

Regards,
Radostin

Interesting.   I take it from your description that you are able to implement this by extending relevant classes and by overriding methods in RegistrySharedObject (in ECF 3.4)...is that correct?
Yes, although I do not have to explicitly modify or extend ECF classes...All the work is done by the dynamic and static crosscutting constructs of the aspect. I just have to put
this aspect in a bundle and start it in all platforms (together with the equinox aspects bundles, etc). Not sure to fully understand your question - would you need more details?


Based upon this use case, do you have any desired API additions/changes...that might accomodate this use case and others more easily/gracefully (e.g. without having to extend classes).
Definitely providing API support to accommodate this use case would lead to a better solution than the fix with the aspect.
Speaking about our use case we have two problems:
 - (client) attaching serializable data to each Request.
 - (server) retrieving the attached serializable data from the Request before the (remote) method execution. This must be in the thread that actually invokes the method.

Generally, the ECF framework could provide some special events  (e.g. on_request_creation, before_remote_method_invocation) and allow users code to attach listeners to these events. However I am not very familiar with the ECF architecture so do not know if this makes sense.


Scott


_______________________________________________ ecf-dev mailing list ecf-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/ecf-dev


_______________________________________________
ecf-dev mailing list
ecf-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/ecf-dev


_______________________________________________ ecf-dev mailing list ecf-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/ecf-dev


Back to the top