Re: [ecf-dev] authentication and authorisation with ecf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ecf-dev] authentication and authorisation with ecf

From: Stefan Below <stefanbelow@xxxxxx>
Date: Sun, 19 Jun 2011 18:36:09 +0200
Delivered-to: ecf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ecf-dev>
List-help: <mailto:ecf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ecf-dev>, <mailto:ecf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ecf-dev>, <mailto:ecf-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

Hi,

If the connectHandlerPolicy is set, then it's checkConnect method iscalled (connectHandlerPolicy is of type IConnectHandlerPolicy...andthe last parameter...'data'...is the value from the client of the'connectData' that's returned from the connectPolicy.createConnectDatacall.
So to summarize, the IConnectInitiatorPolicy allows the determinationof the client-side 'connectData' during the execution of theIContainer.connect(ID,IConnectContext) call. The 'connectData' value(e.g. password) is then sent to the server. On the server containerthe IConnectHandlerPolicy is consulted (with the 'data'=='connectData'provided) to determine if the connect request, should be accepted.

ok, thanks for your explanation. The Problem was, that i didn 't setthe IConnectInitiatorPolicy. It's working now.Is it possible to use JAAS for authentication? Or is there a bestpractise for server side authentication (is it secure to sendusername/password as a 'connectData' or should i encrypt the passwordmanually?)

How does authorisation work?
I set the RemoteServiceCallPolicy (client side). But the method neverget called... (setRemoteServiceCallPolicy(callPolicy) returned true)
The remote service call policy is called by the service host for theremote call when a call request has been received, but before it isactually made on the service host's local service object. So it'sonly going to be called on the host side (I say 'host' rather than'server' because it's quite possible for a client to host aservice...and in that case the remote service callpolicy.checkRemoteCall would still be called in on the servicehost...but it would be a client). So in other words, you need to setthe remote service call policy on the container that has the servicehost (the server container in your situation, I believe).

When i return the authorization roles for the authenticated user on thecheckConnect call, how can i access these roles on theRemoteServiceCallPolicy.checkRemoteCall? Is there a default service/impl?


Thanks for your help,

Stefan

Hope this helps.

Scott


_______________________________________________
ecf-dev mailing list
ecf-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/ecf-dev

Follow-Ups:
- Re: [ecf-dev] authentication and authorisation with ecf
  - From: Scott Lewis

References:
- [ecf-dev] authentication and authorisation with ecf
  - From: Stefan Below
- Re: [ecf-dev] authentication and authorisation with ecf
  - From: Scott Lewis

Prev by Date: Re: [ecf-dev] authentication and authorisation with ecf
Next by Date: Re: [ecf-dev] authentication and authorisation with ecf
Previous by thread: Re: [ecf-dev] authentication and authorisation with ecf
Next by thread: Re: [ecf-dev] authentication and authorisation with ecf
Index(es):
- Date
- Thread

Breadcrumbs