Re: [ecf-dev] user authentication and user dependent services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ecf-dev] user authentication and user dependent services

From: Scott Lewis <slewis@xxxxxxxxxxxxx>
Date: Tue, 30 Jun 2015 09:11:07 -0700
Delivered-to: ecf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ecf-dev>
List-help: <mailto:ecf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ecf-dev>, <mailto:ecf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ecf-dev>, <mailto:ecf-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0

Hi Peter,

On 6/29/2015 4:11 AM, Peter Hermsdorf wrote:

Hi,
I have a use case, where a client/consumer needs to authenticate atthe server/provider and the actual service implementation on theserver needs the authentication information (at least the username)when called.
My current solution is to make the username part of the API. eg.

String myService(String username, String otherparameters);
But it would be nice to have access to the actual Authenticationinformation of the caller to use them.

So that I understand: What you mean by 'authentication information' isthe information passed by the client to the server upon initialconnection, correct?

I have implemented a custom HostContainerSelector which registers aIConnectHandlerPolicy to handle to authentication. But I have no ideaon how to access them in my service implementation (probably I need tocall some ECF API....)

Do you somehow store/maintain the association between the client (i.e.the clientID) and the authentication information? If you do, then youshould be able to access this information later (i.e. when the remotecall is made).

The use case is access control, eg. depending on your username/loginyou can "see" different content. When making the username part of theAPI a authenticated client could pretend being someone else by justcalling the service with a different username.
I could imagine a kind of wrapper code on server side which interceptthe service call and "substitutes" the username in the service callbefore the actual service is called. This would have the benefit ofdecoupling this authentication/user handling stuff from the actualservice implementation. (the service wouldn't need to know anythingabout ECF and user management)
Thanks for any hints and ideas!

If I've understood your use case correctly (above questions), then I canthink of a couple of approaches. One that I've done myself is to havesome other OSGi service for storing/retrieving the association betweenthe clientID and the username/pw/auth info. Then you could store thatassociation away upon connect/disconnect (or at some other point in theprotocol...e.g. if you have some other login service), and then look itup/check it in response to a remote call. There is a way with existingAPI to get the clientID/fromID for every remote call.

Another way would be to keep the above association info not as aseparate service but as some state on the host container. Perhaps notas clean IMHO, but possibly serviceable.

There are other ways, but before going further let's make sure I'munderstanding you correctly.


Thanks,

Scott

Follow-Ups:
- Re: [ecf-dev] user authentication and user dependent services
  - From: Peter Hermsdorf

References:
- [ecf-dev] user authentication and user dependent services
  - From: Peter Hermsdorf

Prev by Date: [ecf-dev] New topic in forum Eclipse Communications Framework (ECF), called Easiest way to set up ECF for a multiclient sync'd workspace?, by Dakota Dock
Next by Date: Re: [ecf-dev] user authentication and user dependent services
Previous by thread: [ecf-dev] user authentication and user dependent services
Next by thread: Re: [ecf-dev] user authentication and user dependent services
Index(es):
- Date
- Thread

Breadcrumbs