Eclipse Community Forums: Oomph » Authorization in Eclipse Installer

Help

Home

Home » Eclipse Projects » Oomph » Authorization in Eclipse Installer

Show: Today's Messages :: Show Polls :: Message Navigator

Authorization in Eclipse Installer [message #1805299]

Thu, 11 April 2019 11:52

Tim Sibirsky

Messages: 9
Registered: October 2018

Junior Member

Hello, it's me again.

Does the Eclipse Installer support any kind of authorization to access remotre Oomph index? For example, I don't want to allow non-authorized users to access setup files of our team. Can it be done with current capabilities of Eclipse Installer's infrastructure?

Thank you!

Report message to a moderator

Re: Authorization in Eclipse Installer [message #1805318 is a reply to message #1805299]

Thu, 11 April 2019 14:23

Ed Merks

Messages: 30458
Registered: July 2009

Senior Member

If the setup file(s) themselves are accessed via a server that does authentication, either basic authentication or cookie-based form login, that's supported via this commit last year:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=537032

The Bugzilla has some examples.

You can use -Doomph.setup.ecf.trace=true to help see how/whether it's working you. Or setup a development environment

https://ci.eclipse.org/oomph/

and monitor what's happening here:

https://git.eclipse.org/c/oomph/org.eclipse.oomph.git/tree/plugins/org.eclipse.oomph.setup.core/src/org/eclipse/oomph/setup/internal/core/util/ECFURIHandlerImpl.java#n2113

The basic idea is that the URI is augmented with information about which login page must be visited first to acquire the session cookie need to access the original URI...

Report message to a moderator

Re: Authorization in Eclipse Installer [message #1805663 is a reply to message #1805318]

Fri, 19 April 2019 19:09

Tim Sibirsky

Messages: 9
Registered: October 2018

Junior Member

Sorry for long response...

Thanks a lot for answering. As I have understood, Eclipse Installer out-of-the-box supports only cookie-based and http basic authentication, right?

The problem is that we use token-based authentication (token is passed via separate http header). So it means that methods mentioned above are not suitable for our case. Is there a way to embed into Eclipse Installer our custom authentication logic?

[Updated on: Fri, 19 April 2019 19:10]

Report message to a moderator

Re: Authorization in Eclipse Installer [message #1805668 is a reply to message #1805663]

Sat, 20 April 2019 04:38

Ed Merks

Messages: 30458
Registered: July 2009

Senior Member

In the end, cookies are also exchanged via the HTTP header. Whatever is needed in your case would need to be processed by ECFURIHandlerImpl likely in a similar same way as the current form-based logic. So likely it's best that you contribute the mechanism needed for this type of protocol to the open source code so that it's available for you or anyone else to use. No matter what, some extensibility mechanism would need to be designed if there needs to be new support for pluggable extensions. I spent many painful days figuring out what a browser exactly is doing in order to login and finally be able to access the actual resources and then emulating that same processing (header exchanges) automatically in Oomph. So you can either implement this yourself and contribute an extension mechanism, contribute the entire implementation, or sponsor the development of these things...

Report message to a moderator

Previous Topic:	Necromancing the org.eclipse.amalgan.setup
Next Topic:	Eclipse installer error

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Sep 21 12:56:48 GMT 2019

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter