[geclipse-dev] Secure storage usage in headless RCP app using g-Eclipse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[geclipse-dev] Secure storage usage in headless RCP app using g-Eclipse auth API

From: "Katarzyna Bylec" <katis@xxxxxxxxxxxxx>
Date: Mon, 24 Nov 2008 12:57:13 +0100
Delivered-to: geclipse-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/geclipse-dev>
List-help: <mailto:geclipse-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=unsubscribe>
Organization: PSNC
User-agent: Opera Mail/9.62 (Linux)

Hi all,

I was investigating the problem of secure storage in headless RCP appusing g-Eclipse plug-ins, which may be a bit tricky so I'm describing myexperiences here in case anyone encounters the same problem in the future.And also there's a question if we can make things easier in g-Eclipse whenit comes to secure storage.

My use case is to have headless RCP application (I have GUI, but Swing,not SWT-based) using g-Eclipse plugins as a grid access API, e.g. creatinggrid proxy using classes in eu.geclipse.globus.auth packages. In my app Ihave fields for providing path to user cert and key files and thenpassword - this information is passed to g-Eclipse auth mechanism which istaking care of e.g. loading user's key using the password. Everythingworked fine on windows, but when I tried the same run configuration onLinux I got org.eclipse.equinox.security.storage.StorageException saying"No secure storage modules found."

That was because secure storage implementations are operating systemspecific:

- the Windows-specific module in the org.eclipse.equinox.security.win32.x86
- the Mac-specific module in the org.eclipse.equinox.security.macosx
- the default UI module in the org.eclipse.equinox.security.ui

Basically switching from OS specific module to the default one(org.eclipse.equinox.security.ui) solves the problem, but only in terms ofruntime exceptions. In headless RCP, when there is no workbench available,using default secure storage will result in storing your password innon-encrypted value. There are 3 workarounds for that:1. creating your own password provider module (see the extension pointorg.eclipse.equinox.security.secureStorage)2. using the "-eclipse.password" runtime option to specify the filecontaining master password3. creating and running in background a workbench instance (which willtrigger Eclipse's mechanisms for encrypting your password with master oneyou will be asked for).

As adapting one of the solutions may be either time-consumptive or notelegant there's a question if it would be possible to make usage of securestorage in g-Eclipse auth mechanism optional?


Cheers,
Kasia

Follow-Ups:
- Re: [geclipse-dev] Secure storage usage in headless RCP app using g-Eclipse auth API
  - From: Ariel Garcia
- Re: [geclipse-dev] Secure storage usage in headless RCP app using g-Eclipse auth API
  - From: Ariel Garcia

Prev by Date: Re: [geclipse-dev] MyProxy support
Next by Date: Re: [geclipse-dev] Re: [g-Eclipse] Sample applications - eu.geclipse.gridge also fit here?
Previous by thread: [geclipse-dev] Re: [g-Eclipse] Sample applications - eu.geclipse.gridge also fit here?
Next by thread: Re: [geclipse-dev] Secure storage usage in headless RCP app using g-Eclipse auth API
Index(es):
- Date
- Thread

Breadcrumbs