Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » Security in Juno
Security in Juno [message #894034] Fri, 06 July 2012 09:00 Go to next message
Bertin Kiekebosch is currently offline Bertin Kiekebosch
Messages: 223
Registered: August 2011
Senior Member
Tried to enable security by changing the config.ini as I did before in previous Scout version, but it does not seem to work.

From the code it seems that the names have been changed so I tried it with the old and new class names

Oldname: org.eclipse.scout.rt.server.servlet.filter.DataSourceSecurityFilter#active=true

New name
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true

But it never shows me the login dialog.

Did I miss something.

Report message to a moderator

Re: Security in Juno [message #894095 is a reply to message #894034] Fri, 06 July 2012 11:39 Go to previous messageGo to next message
Stefan Mutschler is currently offline Stefan Mutschler
Messages: 17
Registered: June 2012
Location: Baden-Baden, Germany
Junior Member
I also tried to set up DataSourceSecurityFilter today but did not succeed.
After having disabled BasicSecurityFilter and AnonymousSecurityFilter in the default config.ini and configuring realm, jdbcDriverName, jdbcMappingName, jdbcUsername, jdbcPassword and selectUserPass for DataSourceSecurityFilter, the DevelopmentAuthFilter decided to grant access. As a next step I disabled DevelopmentAuthFilter and ended up with a 403 FORBIDDEN. Unfortunately no error message that could help me until now. Anyone else an idea?

Report message to a moderator

Re: Security in Juno [message #894320 is a reply to message #894034] Sun, 08 July 2012 02:54 Go to previous messageGo to next message
Jeremie Bresson is currently offline Jeremie Bresson
Messages: 108
Registered: November 2010
Senior Member
Bertin Kiekebosch wrote on Fri, 06 July 2012 15:00
From the code it seems that the names have been changed so I tried it with the old and new class names


I also figured out there was a change in the class name (Bug 361256), but I did not have any problem...

What are the other parameters you are setting in the config.ini.

If you use a DataSource SecurityFilter you also will need to configure other properties... Have you also change their names too ?

Report message to a moderator

Re: Security in Juno [message #894345 is a reply to message #894320] Sun, 08 July 2012 10:05 Go to previous messageGo to next message
Andreas Hoegger is currently offline Andreas Hoegger
Messages: 133
Registered: February 2010
Senior Member
I tried the following setup with success:



  1. Person table on DB.
    CREATE TABLE PERSON (
  PERSON_NR DECIMAL NOT NULL,
  NAME VARCHAR(128),
  PRENAME VARCHAR(128),
  BIRTHDAY DATE,
  PASSWORD VARCHAR(128),
  PRIMARY KEY (PERSON_NR)
);

  2. add DataSourceSecurityFilter to 'org.eclipse.db.testapp.server/plugin.xml'
          <filter
            aliases="/process"
            class="org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter"
            ranking="40">
      </filter>

  3. configuration of DataSourceSecurityFilter in 'org.eclipse.db.testapp.server/producs/development/config.ini'
    org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#realm=TEST APPLICATION
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=org.apache.derby.jdbc.EmbeddedDriver
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:derby:D:/Temp/max24h/scoutJuno/derbyDb 
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT LOWER(NAME) FROM PERSON WHERE  LOWER(NAME)=? AND PASSWORD=?

    Ensure to have no white spaces at the end of the parameters and set all other security filters to active=false.

  4. ensure the bundle 'org.eclipse.scout.http.servletfilter' is added as requred bundle in the product file.


If you are still in troubles let us know your configuration and stack traces.

-andreas

Report message to a moderator

Re: Security in Juno [message #894410 is a reply to message #894345] Mon, 09 July 2012 03:04 Go to previous messageGo to next message
Jeremie Bresson is currently offline Jeremie Bresson
Messages: 265
Registered: October 2011
Senior Member
@Andreas Hoegger.

Thanks for your example.

I merged your text in this wiki page:
Security > 2.1 Security Filters.
Maybe the text can be improved, but at least the information is there.

A last world on the PASSWORD field in the PERSON table: this is only for demonstration, because storing clear text passwords in a database is never a good idea (hash with salt is a much better practice).

Report message to a moderator

Re: Security in Juno [message #894454 is a reply to message #894410] Mon, 09 July 2012 05:45 Go to previous messageGo to next message
Andreas Hoegger is currently offline Andreas Hoegger
Messages: 133
Registered: February 2010
Senior Member
@J.Br.

Thank you for the wiki update.

The 'DataSourceSecurityFilter' does a Base64 encryption in its default negotiate implementation (see 'DataSourceSecurityFilter.negotiate' and 'DataSourceSecurityFilter.encryptPass'). So the expected password in the database is also Base64 encrypted. To change this behavior change one or the other implementation of the two methods in a subclass of DataSourceSecurityFilter.

-andreas

Report message to a moderator

Re: Security in Juno [message #894763 is a reply to message #894454] Tue, 10 July 2012 08:38 Go to previous messageGo to next message
Stefan Mutschler is currently offline Stefan Mutschler
Messages: 17
Registered: June 2012
Location: Baden-Baden, Germany
Junior Member
Hi,

thanks for the info... also working fine in my case now. As described in the wiki the login dialog for the swing gui is shown when accessing the server for the first time. But how about the RAP gui? It seems as if there is no login dialog. Do I have to configure a servlet filter and use the (ugly) browser dialog? Wink

Best regards

Stefan

Report message to a moderator

Re: Security in Juno [message #895070 is a reply to message #894763] Wed, 11 July 2012 11:18 Go to previous messageGo to next message
Bertin Kiekebosch is currently offline Bertin Kiekebosch
Messages: 223
Registered: August 2011
Senior Member
Thanks a lot,

works OK now.

Bertin

Report message to a moderator

Re: Security in Juno [message #897535 is a reply to message #895070] Tue, 24 July 2012 08:40 Go to previous messageGo to next message
Stefan Mutschler is currently offline Stefan Mutschler
Messages: 17
Registered: June 2012
Location: Baden-Baden, Germany
Junior Member
Hi again,

just for completeness: any ready-to-use possibility to have a nice RAP login dialog?

Greetings

Stefan

Report message to a moderator

Re: Security in Juno [message #902186 is a reply to message #897535] Thu, 16 August 2012 05:26 Go to previous message
Stephan Leicht Vogt is currently offline Stephan Leicht Vogt
Messages: 84
Registered: February 2010
Location: Baden Switzerland
Member
Hi Stefan

Unfortunately there is no ready-to-use RAP login dialog. But I would hugely appreciate it, if you would open a CR bugzilla with your implementation as patch Smile

Greetings Stephan

Report message to a moderator

Previous Topic:Set '*' as a Password Char in a Form Field
Next Topic:How to create UI fields at runtime?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri May 24 06:48:23 EDT 2013

Powered by FUDForum. Page generated in 0.02484 seconds