platform-help-home/infocenter_secure_access.html
Parent Directory
| 
Revision Log
Revision 1.2 - (view) (download) (as text)
| 1 : | kkolosow | 1.1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> |
| 2 : | <!------------------------------------------------------------------------------ | ||
| 3 : | ! Copyright (c) 2000, 2004 IBM Corporation and others. | ||
| 4 : | ! All rights reserved. This program and the accompanying materials | ||
| 5 : | ! are made available under the terms of the Common Public License v1.0 | ||
| 6 : | ! which accompanies this distribution, and is available at | ||
| 7 : | kkolosow | 1.2 | ! http://www.eclipse.org/legal/epl-v10.html |
| 8 : | kkolosow | 1.1 | ! |
| 9 : | ! Contributors: | ||
| 10 : | ! IBM Corporation - initial API and implementation | ||
| 11 : | -------------------------------------------------------------------------------> | ||
| 12 : | |||
| 13 : | |||
| 14 : | |||
| 15 : | <html> | ||
| 16 : | |||
| 17 : | <head> | ||
| 18 : | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | ||
| 19 : | |||
| 20 : | <title>Secure InfoCenter Help - Eclipse Platform</title> | ||
| 21 : | </head> | ||
| 22 : | |||
| 23 : | <body> | ||
| 24 : | <h1>Secure InfoCenter Help</h1> | ||
| 25 : | |||
| 26 : | <h2>Introduction</h2> | ||
| 27 : | |||
| 28 : | <p>The Eclipse InfoCenter provides a common framework allowing | ||
| 29 : | help and information documentation from different sources to be | ||
| 30 : | integrated. The <a href= | ||
| 31 : | "http://help.eclipse.org/help30/topic/org.eclipse.platform.doc.isv/reference/misc/help_infocenter.html"> | ||
| 32 : | Standalone Infocenter</a> in turn allows these documentation | ||
| 33 : | content available on the intranet/internet for convenient access.</p> | ||
| 34 : | |||
| 35 : | <p>Prior to Eclipse 3.1, no security or access control mechanisms | ||
| 36 : | are provided for the InfoCenter content, making it unsuitable for | ||
| 37 : | serving up confidential information in an enterprise environment.</p> | ||
| 38 : | |||
| 39 : | <p>Eclipse 3.1 has been enhanced to allow secure access to the | ||
| 40 : | InfoCenter.</p> | ||
| 41 : | |||
| 42 : | <h2>Enabling Secure Access to InfoCenter Help</h2> | ||
| 43 : | |||
| 44 : | <p>By default, security and access control is turned off. To turn on | ||
| 45 : | secure access for the InfoCenter, follow the following steps.</p> | ||
| 46 : | |||
| 47 : | <ol> | ||
| 48 : | <li><a href="#realmfactory">Implement the <code>IRealmFactory</code> | ||
| 49 : | interface</a>.</li> | ||
| 50 : | <li><a href="#enableSSL">Enable the SSL connector in the help | ||
| 51 : | subsystem appserver</a>.</li> | ||
| 52 : | <li><a href="#enableSecureWebApp">Enable and configure the security | ||
| 53 : | constraint in the help web application</a>.</li> | ||
| 54 : | </ol> | ||
| 55 : | |||
| 56 : | <h3><a name="realmfactory">Implement the <code>IRealmFactory</code> | ||
| 57 : | interface</a></h3> | ||
| 58 : | |||
| 59 : | <p>To enable access control to the InfoCenter, one needs to | ||
| 60 : | create a plugin that implements the | ||
| 61 : | <code>org.eclipse.tomcat.realmfactory</code> extension point. | ||
| 62 : | <pre><code> <extension | ||
| 63 : | id="org.eclipse.test.simplerealm" | ||
| 64 : | name="%simplerealm.realm" | ||
| 65 : | point="org.eclipse.tomcat.realmfactory"> | ||
| 66 : | <realmfactory class="org.eclipse.test.simplerealm.SimpleRealmFactory"> | ||
| 67 : | <parameter | ||
| 68 : | name="userDefinitionFile" | ||
| 69 : | value="c:\\tomcat-users.xml"/> | ||
| 70 : | </realmfactory> | ||
| 71 : | </extension></code></pre></p> | ||
| 72 : | |||
| 73 : | <p>The extension point implemention declares a class | ||
| 74 : | that implements the <code>IRealmFactory</code> | ||
| 75 : | interface. In the example shown here, the class is called | ||
| 76 : | <code>org.eclipse.test.simplerealm.SimpleRealmFactory</code>.</p> | ||
| 77 : | |||
| 78 : | <p>The main purpose of classes implementing the | ||
| 79 : | <code>IRealmFactory</code> interface is to return an appropriate | ||
| 80 : | <code>org.apache.catalina.Realm</code> object, perhaps taking | ||
| 81 : | info account the configuration information provided in the | ||
| 82 : | extension point. A very simple implementation might look like | ||
| 83 : | the following | ||
| 84 : | <pre><code> /* (non-Javadoc) | ||
| 85 : | * @see org.eclipse.core.runtime.IExecutableExtension#setInitializationData(org.eclipse.core.runtime.IConfigurationElement, java.lang.String, java.lang.Object) | ||
| 86 : | */ | ||
| 87 : | public void setInitializationData(IConfigurationElement config, | ||
| 88 : | String propertyName, Object data) throws CoreException { | ||
| 89 : | this.config = config; | ||
| 90 : | parameters = (Map) data; | ||
| 91 : | } | ||
| 92 : | |||
| 93 : | /** | ||
| 94 : | * Creates a realm appropriate for authenticating | ||
| 95 : | * using the path specified in the userDefFile parameter. | ||
| 96 : | * | ||
| 97 : | * @see org.eclipse.tomcat.extensions.IRealmFactory#createRealm(org.eclipse.tomcat.extensions.ConfigurationInfo[]) | ||
| 98 : | */ | ||
| 99 : | public Realm createRealm() { | ||
| 100 : | MemoryRealm retVal = new MemoryRealm(); | ||
| 101 : | IConfigurationElement [] parameters = config.getChildren(); | ||
| 102 : | String filepath = null; | ||
| 103 : | for (int i =0; i < parameters.length; i++) { | ||
| 104 : | if ("userDefinitionFile".equals(parameters[i].getAttribute("name"))) { | ||
| 105 : | filepath = parameters[i].getAttribute("value"); | ||
| 106 : | break; | ||
| 107 : | } | ||
| 108 : | } | ||
| 109 : | if (filepath != null) { | ||
| 110 : | retVal.setPathname(filepath); | ||
| 111 : | } | ||
| 112 : | return retVal; | ||
| 113 : | }</code></pre></p> | ||
| 114 : | |||
| 115 : | <p>How to implement a custom <code>Realm</code> object that | ||
| 116 : | could provide more sophisticated authentication (perhaps by | ||
| 117 : | going to a JNDI directory) is beyond the scope of this | ||
| 118 : | document. Please refer to the appropriate documentation on | ||
| 119 : | Tomcat for more information.</p> | ||
| 120 : | |||
| 121 : | <h3><a name="enableSSL">Enable the SSL connector in the help | ||
| 122 : | subsystem appserver</a></h3> | ||
| 123 : | |||
| 124 : | <p>Before one can enable SSL for the help subsystem, one must | ||
| 125 : | create the Java key store file using the <code>keytool</code> | ||
| 126 : | command in the Java JDK. To create a new key store file | ||
| 127 : | containing a self signed certificate on windows, | ||
| 128 : | <pre><code>%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA</code></pre> | ||
| 129 : | On Unix, execute instead | ||
| 130 : | <pre><code>$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA</code></pre> | ||
| 131 : | </p> | ||
| 132 : | |||
| 133 : | <p>Optionally, one could also set up an officially approved | ||
| 134 : | certificate. For more details on requesting and importing a | ||
| 135 : | Certificate from a Certificate Authority, see <a href= | ||
| 136 : | "http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html"> | ||
| 137 : | SSL Configuration How-to</a> on the Tomcat site.</p> | ||
| 138 : | |||
| 139 : | <p>After the Java key store has been properly initialized, | ||
| 140 : | enable SSL for the help subsystem by editing the | ||
| 141 : | <code>preferences.ini</code> file in the plugin | ||
| 142 : | <code>org.eclipse.tomcat</code>. Modify the value of sslPort | ||
| 143 : | <pre><code># The port number to use for the SSL Connector | ||
| 144 : | # Should consider moving this to the AppserverPlugin | ||
| 145 : | sslPort = -1</code></pre> | ||
| 146 : | from -1 to 0 (to request the system to assign an arbitrary | ||
| 147 : | available port or a specific available port for the SSL | ||
| 148 : | connection.</p> | ||
| 149 : | |||
| 150 : | <h3><a name="enableSecureWebApp">Enable and configure the security | ||
| 151 : | constraint in the help web application</a></h3> | ||
| 152 : | |||
| 153 : | <p>To enable the security constraint, uncomment the following | ||
| 154 : | section in the <code>web.xml</code> file in the plugin | ||
| 155 : | <code>org.eclipse.help.webapp</code>, under the directory | ||
| 156 : | <code>WEB-INF</code>. | ||
| 157 : | <pre><code><!-- Uncomment to enable secure access to the InfoCenter. | ||
| 158 : | ** Update the role-name s as appropriate. | ||
| 159 : | <security-constraint> | ||
| 160 : | <web-resource-collection> | ||
| 161 : | <web-resource-name>helproot</web-resource-name> | ||
| 162 : | <description></description> | ||
| 163 : | <url-pattern>/*</url-pattern> | ||
| 164 : | <http-method> | ||
| 165 : | GET</http-method> | ||
| 166 : | <http-method> | ||
| 167 : | PUT</http-method> | ||
| 168 : | </web-resource-collection> | ||
| 169 : | <auth-constraint> | ||
| 170 : | <description></description> | ||
| 171 : | <role-name>tomcat</role-name> | ||
| 172 : | </auth-constraint> | ||
| 173 : | <user-data-constraint> | ||
| 174 : | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | ||
| 175 : | </user-data-constraint> | ||
| 176 : | </security-constraint> | ||
| 177 : | <login-config> | ||
| 178 : | <auth-method>BASIC</auth-method> | ||
| 179 : | </login-config> | ||
| 180 : | <security-role> | ||
| 181 : | <description></description> | ||
| 182 : | <role-name>tomcat</role-name> | ||
| 183 : | </security-role> | ||
| 184 : | --></code></pre> | ||
| 185 : | Make sure the <code>role-name</code> elements are updated to the | ||
| 186 : | appropriate role name for your organization.</p> | ||
| 187 : | |||
| 188 : | <h2>How to start or stop infocenter from command line</h2> | ||
| 189 : | |||
| 190 : | <p>The org.eclipse.help.standalone.Infocenter class has a main | ||
| 191 : | method that you can use to launch infocenter from a command | ||
| 192 : | line. The command line arguments syntax is:</p> | ||
| 193 : | |||
| 194 : | <p><code>-command start | shutdown | [-eclipsehome | ||
| 195 : | eclipseInstallPath] [-host helpServerHost] [-locales localeList] | ||
| 196 : | [-port helpServerPort] [-adminId administratorUserId] | ||
| 197 : | [-adminPassword administratorPassword] [-trustStoreLocation | ||
| 198 : | trustStoreLocation] [-trustStorePassword trustStorePassword] | ||
| 199 : | [-dir rtl] [-noexec] [platform options] | ||
| 200 : | [-vmargs JavaVMarguments]</code></p> | ||
| 201 : | |||
| 202 : | <p>To start an infocenter on port 8081 issue a start command by running</p> | ||
| 203 : | |||
| 204 : | <p><code>java -classpath d:\myApp\eclipse\plugins\org.eclipse.help.base_3.1.0.jar | ||
| 205 : | org.eclipse.help.standalone.Infocenter -command start -eclipsehome d:\myApp\eclipse -port 8081</code></p> | ||
| 206 : | |||
| 207 : | <p>To shut the infocenter down issue a shutdown command by running</p> | ||
| 208 : | |||
| 209 : | <p><code>java -classpath d:\myApp\eclipse\plugins\org.eclipse.help.base_3.1.0.jar | ||
| 210 : | org.eclipse.help.standalone.Infocenter -command shutdown | ||
| 211 : | -adminId adminUserId -adminPassword adminPassword | ||
| 212 : | -trustStoreLocation trustStoreLocation -trustStorePassword | ||
| 213 : | trustStorePassword -eclipsehome d:\myApp\eclipse</code></p> | ||
| 214 : | |||
| 215 : | <p>The options <code>adminId</code>, <code>adminPassword</code>, | ||
| 216 : | <code>trustStoreLocation</code>, and <code>trustStorePassword</code> | ||
| 217 : | are needed if secure access to the infocenter is enabled. | ||
| 218 : | The administrator must be authorized by the realm for | ||
| 219 : | accessing the Infocenter. The trust store options may | ||
| 220 : | be needed if the keystore is not an officially approved | ||
| 221 : | certificate.</p> | ||
| 222 : | |||
| 223 : | </body> | ||
| 224 : | |||
| 225 : | </html> |
| help@eclipse.org | ViewVC Help |
| Powered by ViewVC 1.0.3 |