[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [ecf-dev] authentication and authorisation with ecf
|
Hi Stefan,
On 6/18/2011 9:27 AM, Stefan Below wrote:
Hi,
i am playing around with the ECF and authentication/authorisation with
the ecf.generic provider.
How can i retrieve the IConnectContext for authentication on the server?
The IConnectContext is passed into the client container in the
IContainer.connect(ID,IConnectContext) call.
For the client container, this results in this code being called (in
ClientSOContainer):
protected Object getConnectData(ID remote, IConnectContext
joinContext) throws IOException, UnsupportedCallbackException {
Object connectData = null;
if (connectPolicy != null)
connectData = connectPolicy.createConnectData(this, remote,
joinContext);
else {
final Callback[] callbacks = createAuthorizationCallbacks();
if (joinContext != null) {
final CallbackHandler handler =
joinContext.getCallbackHandler();
if (handler != null)
handler.handle(callbacks);
}
}
return ContainerMessage.createJoinGroupMessage(getID(), remote,
getNextSequenceNumber(), (Serializable) connectData);
}
As you can see above, if the connectPolicy has been set/is non-null
(obviously before the IContainer.connect call), then the connect policy
is consulted for for the connectData (which is serialized and sent to
the generic server). The connectPolicy is an impl of interface
org.eclipse.ecf.core.security.IConnectInitiatorPolicy, and is set via
ISharedObjectContainerClient.setConnectInitiatorPolicy(IConnectInitiatorPolicy).
When i set the ConnectPolicy on the container, i do get notifed
through the checkConnect method. But how can i retrieve the security
context or username/password?
On the server container instance, this method gets called in handling a
connect request message:
protected Object checkJoin(SocketAddress saddr, ID fromID, String
target, Serializable data) throws Exception {
if (this.connectHandlerPolicy != null) {
return this.connectHandlerPolicy.checkConnect(saddr,
fromID, getID(), target, data);
}
return null;
}
If the connectHandlerPolicy is set, then it's checkConnect method is
called (connectHandlerPolicy is of type IConnectHandlerPolicy...and the
last parameter...'data'...is the value from the client of the
'connectData' that's returned from the connectPolicy.createConnectData call.
So to summarize, the IConnectInitiatorPolicy allows the determination of
the client-side 'connectData' during the execution of the
IContainer.connect(ID,IConnectContext) call. The 'connectData' value
(e.g. password) is then sent to the server. On the server container the
IConnectHandlerPolicy is consulted (with the 'data'=='connectData'
provided) to determine if the connect request, should be accepted.
How does authorisation work?
I set the RemoteServiceCallPolicy (client side). But the method never
get called... (setRemoteServiceCallPolicy(callPolicy) returned true)
The remote service call policy is called by the service host for the
remote call when a call request has been received, but before it is
actually made on the service host's local service object. So it's only
going to be called on the host side (I say 'host' rather than 'server'
because it's quite possible for a client to host a service...and in that
case the remote service call policy.checkRemoteCall would still be
called in on the service host...but it would be a client). So in other
words, you need to set the remote service call policy on the container
that has the service host (the server container in your situation, I
believe).
Hope this helps.
Scott
