|
Re: [CDO] Best practices for managing users [message #1834223 is a reply to message #1828172] |
Thu, 05 November 2020 09:56 |
|
The occurs because of this code in SecurityManager:
@Override
public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session)
{
String userID = session.getUserID();
if (SYSTEM_USER_ID.equals(userID))
{
return CDOPermission.WRITE;
}
if (revision.getEClass() == SecurityPackage.Literals.USER_PASSWORD)
{
return CDOPermission.NONE;
}
...
The SecurityManager is only accessible to (trusted) code in the server instance. The special handling of the UserPassword object is because the object-level CDO protocol does not support to encrypt specific object values. But the session-level protocol includes a sub protocol for secure key exchange (see org.eclipse.net4j.util.security.DiffieHellman). You can initiate this protocol by calling either of these methods:
1) org.eclipse.emf.cdo.session.CDOSession.changeCredentials();
2) org.eclipse.emf.spi.cdo.InternalCDOSession.resetCredentials(String userID);
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03389 seconds