Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Eclipse Platform » User management
User management [message #335073] Fri, 20 March 2009 09:22 Go to next message
Eclipse UserFriend
Originally posted by: k.wint.mas_software.de

Hi all,

i am looking for user management in Eclipse RCP. Meaning i want to en/-
disable certain functionality within the RCP application based on user
roles.

What i found so far are activities. They basically provide the mechanism
needed. However, i see a securtiy issue since the activities are defined in
plugin.xml files which can be modified easily. So a "bad guy" could simply
change user roles/activities of the functionality he desires.

Besides that i haven't found another eclipse way of doing user management.
Two questions for you:
1) What is the standard way to do user managment within Eclipse?
2) Is there anything else out there?

Any hints and pointers are welcome!
Klaus
Re: User management [message #335076 is a reply to message #335073] Fri, 20 March 2009 09:46 Go to previous messageGo to next message
Eclipse UserFriend
I think you found what there is to find. Maybe Equinox Security would be
helpful but it's not really for limiting functionality.

http://www.eclipse.org/equinox/security/

Klaus wrote:
> Hi all,
>
> i am looking for user management in Eclipse RCP. Meaning i want to en/-
> disable certain functionality within the RCP application based on user
> roles.
>
> What i found so far are activities. They basically provide the mechanism
> needed. However, i see a securtiy issue since the activities are defined in
> plugin.xml files which can be modified easily. So a "bad guy" could simply
> change user roles/activities of the functionality he desires.
>
> Besides that i haven't found another eclipse way of doing user management.
> Two questions for you:
> 1) What is the standard way to do user managment within Eclipse?
> 2) Is there anything else out there?
>
> Any hints and pointers are welcome!
> Klaus
Re: User management [message #335078 is a reply to message #335073] Fri, 20 March 2009 09:57 Go to previous message
Eclipse UserFriend
Originally posted by: eclipse-news.rizzoweb.com

On 3/20/2009 9:22 AM, Klaus wrote:
> Hi all,
>
> i am looking for user management in Eclipse RCP. Meaning i want to en/-
> disable certain functionality within the RCP application based on user
> roles.
>
> What i found so far are activities. They basically provide the mechanism
> needed. However, i see a securtiy issue since the activities are defined in
> plugin.xml files which can be modified easily. So a "bad guy" could simply
> change user roles/activities of the functionality he desires.

Dealing with role-based security and functionality is always a two-part
problem. The first part involves only presenting and enabling UI for
functionality that the user's role(s) permit. That is where activities
helps you.
However, that is never enough; as you have pointed out, it is a poorly
secured application that relies on the UI to prevent a user from doing
something he is not authorized to do. There must be, in addition to the
UI convenience, a "back-end" authorization mechanism that blocks access
attempts by unauthorized users.
All this is to say that you're just running into the typical challenges
when building an application that requires authorization. In my
experience, there is not a lot of help out there in this area; the
pointer to OSGi Security is a good start, and you might also want to
look at Eclipse-JAAS (http://sourceforge.net/projects/eclipse-jaas)

Hope this helps,
Eric
Previous Topic:uninstall features/plug-ins from commandline
Next Topic:SubMonitor usage in deep recursion chains
Goto Forum:
  


Current Time: Tue May 06 23:08:30 EDT 2025

Powered by FUDForum. Page generated in 0.03500 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly