Home » Modeling » EMF » [CDO]Security Problem
|
| Re: [CDO]Security Question [message #427859 is a reply to message #427857] |
Tue, 03 March 2009 05:36   |
|
xxlu,
Neither Net4j nor CDO data transfers are encrypted by default, but
youhave different options:
1) Use an IStreamWrapper
session.options().getProtocol().setStreamWrapper(xyz)
session.options().getProtocol().addStreamWrapper(xyz)
See XORStreamWrapper for an example.
2) Use an INegotiator to set something up in the underlying IConnector
3) Develop (and hopefully contribute) a new IConnector implementation,
based on NIO sockets and the SSL encryption engine.
Cheers
/Eike
----
http://thegordian.blogspot.com
xxlu schrieb:
> Hi,
> I want to know whether the process of data transmission is encrypted.
> Because my custom's data is very important, these data need to be encrypted
> during transmission.
> Thank you.
>
>
>
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
| |
| Re: [CDO]Security Question [message #427861 is a reply to message #427860] |
Tue, 03 March 2009 06:50 |
|
xxlu schrieb:
> Thank you very much, Eike. I am not familiar with NIO sockets and the SSL
> encryption engine technology. Can you give more in these areas to help?
>
Unfortunately not. I'm also not familiar with the encryption engine. I
only know that it's highly asynchronous, so that it should be feasible
to hook it into the buffer sequence processing of Net4j *somehow* ...
I'm sure that there is a lot of documentation available in the web:
http://www.google.de/search?hl=de&q=java+ssl+engine& btnG=Suche&meta=
Cheers
/Eike
----
http://thegordian.blogspot.com
> "Eike Stepper" <stepper@esc-net.de>
>
>> xxlu,
>>
>> Neither Net4j nor CDO data transfers are encrypted by default, but youhave
>> different options:
>>
>> 1) Use an IStreamWrapper
>>
>> session.options().getProtocol().setStreamWrapper(xyz)
>> session.options().getProtocol().addStreamWrapper(xyz)
>>
>> See XORStreamWrapper for an example.
>>
>> 2) Use an INegotiator to set something up in the underlying IConnector
>>
>> 3) Develop (and hopefully contribute) a new IConnector implementation,
>> based on NIO sockets and the SSL encryption engine.
>>
>> Cheers
>> /Eike
>>
>> ----
>> http://thegordian.blogspot.com
>>
>>
>>
>> xxlu schrieb:
>>
>>> Hi,
>>> I want to know whether the process of data transmission is encrypted.
>>> Because my custom's data is very important, these data need to be
>>> encrypted during transmission.
>>> Thank you.
>>>
>>>
>>>
>
>
>
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
| |
| Re: [CDO]Security Question [message #427864 is a reply to message #427862] |
Tue, 03 March 2009 08:08 |
|
xxlu schrieb:
> Is there any help document about StreamWrapperInjector?
Only the (short) source code.
> At the Client, I call this code: container.addPostProcessor(new CDOXORStreamWrapperInjector()); Is it right?
Yes.
> And what should I do at the
> server side?
>
The same ;-)
BUT:
I just realized that CDONet4jSessionImpl does no longer fetch its
protocol instance from a managed container so using
StreamWrapperInjector is kind of pointless. Please try the approach 1)
from my first reply:
session.options().getProtocol().setStreamWrapper(xyz)
On the server side the injector approach should work if the protocol
provider of your acceptor is a
org.eclipse.net4j.ContainerProtocolProvider.Server
Cheers
/Eike
----
http://thegordian.blogspot.com
>
>
> "Eike Stepper" <stepper@esc-net.de>
>
>> xxlu schrieb:
>>
>>> Thank you very much, Eike. I am not familiar with NIO sockets and the
>>> SSL encryption engine technology. Can you give more in these areas to
>>> help?
>>>
>>>
>> Unfortunately not. I'm also not familiar with the encryption engine. I
>> only know that it's highly asynchronous, so that it should be feasible to
>> hook it into the buffer sequence processing of Net4j *somehow* ...
>>
>> I'm sure that there is a lot of documentation available in the web:
>> http://www.google.de/search?hl=de&q=java+ssl+engine& btnG=Suche&meta=
>>
>> Cheers
>> /Eike
>>
>> ----
>> http://thegordian.blogspot.com
>>
>>
>>
>>> "Eike Stepper" <stepper@esc-net.de>
>>>
>>>
>>>> xxlu,
>>>>
>>>> Neither Net4j nor CDO data transfers are encrypted by default, but
>>>> youhave different options:
>>>>
>>>> 1) Use an IStreamWrapper
>>>>
>>>> session.options().getProtocol().setStreamWrapper(xyz)
>>>> session.options().getProtocol().addStreamWrapper(xyz)
>>>>
>>>> See XORStreamWrapper for an example.
>>>>
>>>> 2) Use an INegotiator to set something up in the underlying IConnector
>>>>
>>>> 3) Develop (and hopefully contribute) a new IConnector implementation,
>>>> based on NIO sockets and the SSL encryption engine.
>>>>
>>>> Cheers
>>>> /Eike
>>>>
>>>> ----
>>>> http://thegordian.blogspot.com
>>>>
>>>>
>>>>
>>>> xxlu schrieb:
>>>>
>>>>
>>>>> Hi,
>>>>> I want to know whether the process of data transmission is
>>>>> encrypted. Because my custom's data is very important, these data need
>>>>> to be encrypted during transmission.
>>>>> Thank you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
>
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
| Re: [CDO]Security Question [message #427865 is a reply to message #427864] |
Tue, 03 March 2009 08:13 |
|
I have the feeling that the mixed approach I suggested before is not
correct. The server protocol would wrap its streams from the beginning
(OpenSessionIndication) but the client protocol would send the
OpenSessionRequest before the stream wrapper is configured.
If you stillwant to use stream wrappers with CDO at the moment the best
way is to subclass CDONet4jSessionImpl and after calling the super
constructor configure the protocol...
Cheers
/Eike
----
http://thegordian.blogspot.com
Eike Stepper schrieb:
> xxlu schrieb:
>> Is there any help document about StreamWrapperInjector?
> Only the (short) source code.
>
>> At the Client, I call this code: container.addPostProcessor(new
>> CDOXORStreamWrapperInjector()); Is it right?
> Yes.
>
>> And what should I do at the server side?
>>
> The same ;-)
>
> BUT:
>
> I just realized that CDONet4jSessionImpl does no longer fetch its
> protocol instance from a managed container so using
> StreamWrapperInjector is kind of pointless. Please try the approach 1)
> from my first reply:
>
> session.options().getProtocol().setStreamWrapper(xyz)
>
> On the server side the injector approach should work if the protocol
> provider of your acceptor is a
> org.eclipse.net4j.ContainerProtocolProvider.Server
>
> Cheers
> /Eike
>
> ----
> http://thegordian.blogspot.com
>
>
>>
>>
>> "Eike Stepper" <stepper@esc-net.de>
>>
>>> xxlu schrieb:
>>>
>>>> Thank you very much, Eike. I am not familiar with NIO sockets and
>>>> the SSL encryption engine technology. Can you give more in these
>>>> areas to help?
>>>>
>>>>
>>> Unfortunately not. I'm also not familiar with the encryption engine.
>>> I only know that it's highly asynchronous, so that it should be
>>> feasible to hook it into the buffer sequence processing of Net4j
>>> *somehow* ...
>>>
>>> I'm sure that there is a lot of documentation available in the web:
>>> http://www.google.de/search?hl=de&q=java+ssl+engine& btnG=Suche&meta=
>>>
>>> Cheers
>>> /Eike
>>>
>>> ----
>>> http://thegordian.blogspot.com
>>>
>>>
>>>
>>>> "Eike Stepper" <stepper@esc-net.de>
>>>>
>>>>
>>>>> xxlu,
>>>>>
>>>>> Neither Net4j nor CDO data transfers are encrypted by default, but
>>>>> youhave different options:
>>>>>
>>>>> 1) Use an IStreamWrapper
>>>>>
>>>>> session.options().getProtocol().setStreamWrapper(xyz)
>>>>> session.options().getProtocol().addStreamWrapper(xyz)
>>>>>
>>>>> See XORStreamWrapper for an example.
>>>>>
>>>>> 2) Use an INegotiator to set something up in the underlying
>>>>> IConnector
>>>>>
>>>>> 3) Develop (and hopefully contribute) a new IConnector
>>>>> implementation, based on NIO sockets and the SSL encryption engine.
>>>>>
>>>>> Cheers
>>>>> /Eike
>>>>>
>>>>> ----
>>>>> http://thegordian.blogspot.com
>>>>>
>>>>>
>>>>>
>>>>> xxlu schrieb:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>> I want to know whether the process of data transmission is
>>>>>> encrypted. Because my custom's data is very important, these data
>>>>>> need to be encrypted during transmission.
>>>>>> Thank you.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>
>>
>>
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
| Re: [CDO]Security Question [message #427868 is a reply to message #427865] |
Tue, 03 March 2009 08:41 |
 Xingxiao Lu
Messages: 91
Registered: July 2009 |
Member |
|
|
This is a multi-part message in MIME format.
------=_NextPart_000_008C_01C99C1E.EA53EB50
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
At the server side, I start server like this:
protected void doStart() throws Exception
{
super.doStart();
OM.LOG.info("CDO Server starting");
File configFile =3D =
OMPlatform.INSTANCE.getConfigFile("cdo-server.xml");
if (configFile !=3D null && configFile.exists())
{
IPluginContainer.INSTANCE.addPostProcessor(new =
MyStreamWrapperInjector());//Add StreamWrapperInjector
=20
RepositoryConfigurator repositoryConfigurator =3D new =
RepositoryConfigurator(IPluginContainer.INSTANCE);
repositories =3D repositoryConfigurator.configure(configFile);
if (repositories =3D=3D null || repositories.length =3D=3D 0)
{
OM.LOG.warn("No repositories configured");
} =20
TransportConfigurator net4jConfigurator =3D new =
TransportConfigurator(IPluginContainer.INSTANCE);
acceptors =3D net4jConfigurator.configure(configFile);
if (acceptors =3D=3D null || acceptors.length =3D=3D 0)
{
OM.LOG.warn("No acceptors configured");
}
}
else
{
OM.LOG.warn("CDO server configuration not found: " + =
configFile.getAbsolutePath());
}
OM.LOG.info("CDO Server started");
}
Client side:
container =3D ContainerUtil.createContainer();
Net4jUtil.prepareContainer(container); // Register Net4j factories
TCPUtil.prepareContainer(container); // Register TCP factories
CDONet4jUtil.prepareContainer(container); // Register CDO =
factories
container.activate();
=20
PasswordCredentialsProvider credentialsProvider =3D new =
PasswordCredentialsProvider(
user, password);
container.addPostProcessor(new ConnectorCredentialsInjector(
host + ":" + port, credentialsProvider));
container.addPostProcessor(new MyStreamWrapperInjector());//Add =
StreamWrapperInjector
=20
connector =3D TCPUtil.getConnector(container, host + ":" + port );
// Create configuration
CDOSessionConfiguration configuration =3D CDONet4jUtil
.createSessionConfiguration();
configuration.setConnector(connector);
configuration.setRepositoryName(repositoryName);
// Set EagerPackageRegistry
configuration.setEagerPackageRegistry();
session =3D configuration.openSession();
Are not like this?
"Eike Stepper" <stepper@esc-net.de>=20
>I have the feeling that the mixed approach I suggested before is not=20
> correct. The server protocol would wrap its streams from the beginning =
> (OpenSessionIndication) but the client protocol would send the=20
> OpenSessionRequest before the stream wrapper is configured.
>=20
> If you stillwant to use stream wrappers with CDO at the moment the =
best=20
> way is to subclass CDONet4jSessionImpl and after calling the super=20
> constructor configure the protocol...
>=20
> Cheers
> /Eike
>=20
> ----
> http://thegordian.blogspot.com
>=20
>=20
>=20
> Eike Stepper schrieb:
>> xxlu schrieb:
>>> Is there any help document about StreamWrapperInjector?=20
>> Only the (short) source code.
>>
>>> At the Client, I call this code: container.addPostProcessor(new=20
>>> CDOXORStreamWrapperInjector()); Is it right?=20
>> Yes.
>>
>>> And what should I do at the server side?
>>> =20
>> The same ;-)
>>
>> BUT:
>>
>> I just realized that CDONet4jSessionImpl does no longer fetch its=20
>> protocol instance from a managed container so using=20
>> StreamWrapperInjector is kind of pointless. Please try the approach =
1)=20
>> from my first reply:
>>
>> session.options().getProtocol().setStreamWrapper(xyz)
>>
>> On the server side the injector approach should work if the protocol=20
>> provider of your acceptor is a=20
>> org.eclipse.net4j.ContainerProtocolProvider.Server
>>
>> Cheers
>> /Eike
>>
>> ----
>> http://thegordian.blogspot.com
>>
>>
>>>
>>>
>>> "Eike Stepper" <stepper@esc-net.de>
>>> =20
>>>> xxlu schrieb:
>>>> =20
>>>>> Thank you very much, Eike. I am not familiar with NIO sockets and =
>>>>> the SSL encryption engine technology. Can you give more in these=20
>>>>> areas to help?
>>>>>
>>>>> =20
>>>> Unfortunately not. I'm also not familiar with the encryption =
engine.=20
>>>> I only know that it's highly asynchronous, so that it should be=20
>>>> feasible to hook it into the buffer sequence processing of Net4j=20
>>>> *somehow* ...
>>>>
>>>> I'm sure that there is a lot of documentation available in the web: =
>>>> =
http://www.google.de/search?hl=3Dde&q=3Djava+ssl+engine& amp;btnG=3DSuche&meta=
=3D
>>>>
>>>> Cheers
>>>> /Eike
>>>>
>>>> ----
>>>> http://thegordian.blogspot.com
>>>>
>>>>
>>>> =20
>>>>> "Eike Stepper" <stepper@esc-net.de>
>>>>>
>>>>> =20
>>>>>> xxlu,
>>>>>>
>>>>>> Neither Net4j nor CDO data transfers are encrypted by default, =
but=20
>>>>>> youhave different options:
>>>>>>
>>>>>> 1) Use an IStreamWrapper
>>>>>>
>>>>>> session.options().getProtocol().setStreamWrapper(xyz)
>>>>>> session.options().getProtocol().addStreamWrapper(xyz)
>>>>>>
>>>>>> See XORStreamWrapper for an example.
>>>>>>
>>>>>> 2) Use an INegotiator to set something up in the underlying=20
>>>>>> IConnector
>>>>>>
>>>>>> 3) Develop (and hopefully contribute) a new IConnector=20
>>>>>> implementation, based on NIO sockets and the SSL encryption =
engine.
>>>>>>
>>>>>> Cheers
>>>>>> /Eike
>>>>>>
>>>>>> ----
>>>>>> http://thegordian.blogspot.com
>>>>>>
>>>>>>
>>>>>>
>>>>>> xxlu schrieb:
>>>>>>
>>>>>> =20
>>>>>>> Hi,
>>>>>>> I want to know whether the process of data transmission is=20
>>>>>>> encrypted. Because my custom's data is very important, these =
data=20
>>>>>>> need to be encrypted during transmission.
>>>>>>> Thank you.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> =20
>>>>>
>>>>> =20
>>>
>>>
>>>
------=_NextPart_000_008C_01C99C1E.EA53EB50
Content-Type: text/html;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-15">
<META content=3D"MSHTML 6.00.6000.16809" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3D宋体 size=3D2>At the server side, I start =
server like=20
this:</FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2> protected void =
doStart() throws=20
Exception<BR> {<BR> =20
super.doStart();<BR> OM.LOG.info("CDO Server=20
starting");<BR> File configFile =3D=20
OMPlatform.INSTANCE.getConfigFile("cdo-server.xml");<BR>  =
; if=20
(configFile !=3D null && =
configFile.exists())<BR> =20
{<BR> =20
IPluginContainer.INSTANCE.addPostProcessor(new =
MyStreamWrapperInjector());//Add=20
StreamWrapperInjector<BR> <BR> &n=
bsp; =20
RepositoryConfigurator repositoryConfigurator =3D new=20
RepositoryConfigurator(IPluginContainer.INSTANCE);<BR> &=
nbsp; =20
repositories =3D=20
repositoryConfigurator.configure(configFile);<BR> =
=20
if (repositories =3D=3D null || repositories.length =3D=3D=20
0)<BR> =20
{<BR> OM.LOG.warn("No =
repositories=20
configured");<BR> =
} =20
</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3D宋体 =
size=3D2> TransportConfigurator=20
net4jConfigurator =3D new=20
TransportConfigurator(IPluginContainer.INSTANCE);<BR> &n=
bsp; =20
acceptors =3D=20
net4jConfigurator.configure(configFile);<BR>  =
; if=20
(acceptors =3D=3D null || acceptors.length =3D=3D =
0)<BR> =20
{<BR> OM.LOG.warn("No =
acceptors=20
configured");<BR> }<BR> =20
}<BR> else<BR> =20
{<BR> OM.LOG.warn("CDO server =
configuration not=20
found: " + configFile.getAbsolutePath());<BR> =
}</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3D宋体 size=3D2> =
OM.LOG.info("CDO Server=20
started");<BR> }</FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2>Client side:</FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2>container =3D=20
ContainerUtil.createContainer();<BR> =20
Net4jUtil.prepareContainer(container); // Register Net4j=20
factories<BR> =
TCPUtil.prepareContainer(container);=20
// Register TCP factories<BR> =20
CDONet4jUtil.prepareContainer(container); // Register CDO=20
factories<BR> =
container.activate();</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3D宋体=20
size=3D2> <BR> PasswordCredentialsProvi=
der=20
credentialsProvider =3D new=20
PasswordCredentialsProvider(<BR> user,=20
password);<BR> container.addPostProcessor(new =20
ConnectorCredentialsInjector(<BR> &nbs=
p;host=20
+ ":" + port,=20
credentialsProvider));<BR> container.addPostProcessor(ne=
w=20
MyStreamWrapperInjector());//Add=20
StreamWrapperInjector<BR><BR> <BR> conn=
ector =3D=20
TCPUtil.getConnector(container, host + ":" + port );</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3D宋体 size=3D2> // Create=20
configuration<BR> CDOSessionConfiguration configuration =
=3D=20
CDONet4jUtil<BR> .createSes sionConfiguration=
();<BR> configuration.setConnector(con nector); <BR> =
configuration.setRepositoryName(reposito ryName); </FONT></DIV>=
<DIV> </DIV>
<DIV><FONT face=3D宋体 size=3D2> // Set=20
EagerPackageRegistry<BR> configuration.setEagerPackageR e=
gistry();</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3D宋体 size=3D2> session =
=3D=20
configuration.openSession();</FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2>
<DIV id=3Dresult_box dir=3Dltr style=3D"TEXT-ALIGN: left">Are not like=20
this?</DIV></FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2></FONT> </DIV>
<DIV><FONT face=3D宋体 size=3D2>"Eike Stepper" <</FONT><A =
href=3D"mailto:stepper@esc-net.de"><FONT face=3D宋体=20
size=3D2>stepper@esc-net.de</FONT></A><FONT face=3D宋体 =
size=3D2>> </FONT></DIV>
<DIV><FONT face=3D宋体 size=3D2>>I have the feeling that =
the mixed approach I=20
suggested before is not <BR>> correct. The server protocol would wrap =
its=20
streams from the beginning <BR>> (OpenSessionIndication) but the =
client=20
protocol would send the <BR>> OpenSessionRequest before the stream =
wrapper is=20
configured.<BR>> <BR>> If you stillwant to use stream wrappers =
with CDO at=20
the moment the best <BR>> way is to subclass CDONet4jSessionImpl and =
after=20
calling the super <BR>> constructor configure the protocol...<BR>> =
<BR>> Cheers<BR>> /Eike<BR>> <BR>> ----<BR>> </FONT><A=20
href=3D"http://thegordian.blogspot.com"><FONT face=3D宋体=20
size=3D2>http://thegordian.blogspot.com</FONT></A><BR><FONT =
face=3D宋体 size=3D2>>=20
<BR>> <BR>> <BR>> Eike Stepper schrieb:<BR>>> xxlu=20
schrieb:<BR>>>> Is there any help document about =
StreamWrapperInjector?=20
<BR>>> Only the (short) source code.<BR>>><BR>>>> =
At the=20
Client, I call this code: container.addPostProcessor(new =
<BR>>>>=20
CDOXORStreamWrapperInjector()); Is it right? <BR>>>=20
Yes.<BR>>><BR>>>> And what should I do at the =
server=20
side?<BR>>>> <BR>>> The same=20
;-)<BR>>><BR>>> BUT:<BR>>><BR>>> I just realized =
that=20
CDONet4jSessionImpl does no longer fetch its <BR>>> protocol =
instance from=20
a managed container so using <BR>>> StreamWrapperInjector is kind =
of=20
pointless. Please try the approach 1) <BR>>> from my first=20
reply:<BR>>><BR> >> & ;nbsp; =
session.options().getProtocol().setStreamWrapper(xyz)<BR>>> <BR>>=
> On=20
the server side the injector approach should work if the protocol =
<BR>>>=20
provider of your acceptor is a <BR>>>=20
org.eclipse.net4j.ContainerProtocolProvider.Server<BR>>> <BR>>>=
;=20
Cheers<BR>>> /Eike<BR>>><BR>>> ----<BR>>> =
</FONT><A=20
href=3D"http://thegordian.blogspot.com"><FONT face=3D宋体=20
size=3D2>http://thegordian.blogspot.com</FONT></A><BR><FONT =
face=3D宋体=20
size=3D2>>><BR>>><BR>>>> <BR>>>><BR>>>=
>=20
"Eike Stepper" <</FONT><A href=3D"mailto:stepper@esc-net.de"><FONT =
face=3D宋体=20
size=3D2>stepper@esc-net.de</FONT></A><FONT face=3D宋体=20
size=3D2>><BR>>>> <BR>>>>> xxlu=20
schrieb:<BR> >>>> &nbs p; <BR>>>>>> =
Thank=20
you very much, Eike. I am not familiar with NIO sockets and=20
<BR>>>>>> the SSL encryption engine technology. Can you =
give more=20
in these <BR>>>>>> areas to=20
help?<BR>>>>>><BR> >>>>> &n=
bsp; =20
<BR>>>>> Unfortunately not. I'm also not familiar with the=20
encryption engine. <BR>>>>> I only know that it's highly=20
asynchronous, so that it should be <BR>>>>> feasible to hook =
it into=20
the buffer sequence processing of Net4j <BR>>>>> *somehow*=20
....<BR>>>>><BR>>>>> I'm sure that there is a lot =
of=20
documentation available in the web: <BR>>>>> </FONT><A=20
href=3D"http://www.google.de/search?hl=3Dde&q=3Djava+ssl+engine&b=
tnG=3DSuche&meta"><FONT=20
face=3D宋体=20
size=3D2>http://www.google.de/search?hl=3Dde&q=3Djava+ssl+engine&=
btnG=3DSuche&meta</FONT></A><FONT=20
face=3D宋体 =
size=3D2>=3D<BR>>>>><BR>>>>>=20
Cheers<BR>>>>> /Eike<BR>>>>><BR>>>>> =
----<BR>>>>> </FONT><A =
href=3D"http://thegordian.blogspot.com"><FONT=20
face=3D宋体 =
size=3D2>http://thegordian.blogspot.com</FONT></A><BR><FONT =
face=3D宋体=20
size=3D2>>>>><BR>>>>> <BR>>>>> &n=
bsp; =20
<BR>>>>>> "Eike Stepper" <</FONT><A=20
href=3D"mailto:stepper@esc-net.de"><FONT face=3D宋体=20
size=3D2>stepper@esc-net.de</FONT></A><FONT face=3D宋体=20
size=3D2>><BR>>>>>> <BR> >>>>> =
=20
<BR>>>>>>>=20
xxlu,<BR>>>>>>><BR >>>>>>> Neither =
Net4j nor=20
CDO data transfers are encrypted by default, but =
<BR>>>>>>>=20
youhave different=20
options:<BR>>>>>>> <BR>>>>>>> 1) Use =
an=20
IStreamWrapper<BR>>>>>>> <BR>>>>>>>&nb=
sp; =20
session.options().getProtocol().setStreamWrapper(xyz)<BR>>>>>=
>> =20
session.options().getProtocol().addStreamWrapper(xyz)<BR>>>>>=
>><BR> >>>>>> &a mp;nbsp; =20
See XORStreamWrapper for an=20
example.<BR>>>>>>> <BR>>>>>>> 2) Use =
an=20
INegotiator to set something up in the underlying =
<BR>>>>>>>=20
IConnector<BR>>>>>>> <BR>>>>>>> 3) =
Develop=20
(and hopefully contribute) a new IConnector <BR>>>>>>> =
implementation, based on NIO sockets and the SSL encryption=20
engine.<BR>>>>>>> <BR>>>>>>>=20
Cheers<BR>>>>>>>=20
/Eike<BR>>>>>>><BR >>>>>>>=20
----<BR>>>>>>> </FONT><A=20
href=3D"http://thegordian.blogspot.com"><FONT face=3D宋体=20
size=3D2>http://thegordian.blogspot.com</FONT></A><BR><FONT =
face=3D宋体=20
size=3D2>>>>>>><BR >>>>>>><BR>>>=
>>>><BR>>>>>>>=20
xxlu=20
schrieb:<BR>>>>>>> <BR> >>>>>> &a mp;nb=
sp; =20
<BR>>>>>>>>=20
Hi,<BR> >>>>>>>& ;nbsp; I want to know =
whether the=20
process of data transmission is <BR>>>>>>>> =
encrypted.=20
Because my custom's data is very important, these data=20
<BR>>>>>>>> need to be encrypted during=20
transmission.<BR> >>>>>>>& ;nbsp; Thank=20
you.<BR>>>>>>>> <BR>>>>>>>> <BR>&=
gt;>>>>>><BR> >>>>>>>& ;nbsp; &n=
bsp; &n bsp; =20
<BR>>>>>><BR> >>>>> &=
nbsp; =20
<BR>>>><BR>>>><BR >>>></FONT></DIV></BODY></HTM=
L>
------=_NextPart_000_008C_01C99C1E.EA53EB50--
|
|
|
| Re: [CDO]Security Question [message #427870 is a reply to message #427868] |
Tue, 03 March 2009 09:00 |
|
Xxlu,
That looks good.
But don't forget to hook the streamwrapper into the client side session
protocol, too!
Cheers
/Eike
----
http://thegordian.blogspot.com
Cheers
/Eike
----
http://thegordian.blogspot.com
xxlu schrieb:
> At the server side, I start server like this:
> protected void doStart() throws Exception
> {
> super.doStart();
> OM.LOG.info("CDO Server starting");
> File configFile = OMPlatform.INSTANCE.getConfigFile("cdo-server.xml");
> if (configFile != null && configFile.exists())
> {
> IPluginContainer.INSTANCE.addPostProcessor(new
> MyStreamWrapperInjector());//Add StreamWrapperInjector
>
> RepositoryConfigurator repositoryConfigurator = new
> RepositoryConfigurator(IPluginContainer.INSTANCE);
> repositories = repositoryConfigurator.configure(configFile);
> if (repositories == null || repositories.length == 0)
> {
> OM.LOG.warn("No repositories configured");
> }
> TransportConfigurator net4jConfigurator = new
> TransportConfigurator(IPluginContainer.INSTANCE);
> acceptors = net4jConfigurator.configure(configFile);
> if (acceptors == null || acceptors.length == 0)
> {
> OM.LOG.warn("No acceptors configured");
> }
> }
> else
> {
> OM.LOG.warn("CDO server configuration not found: " +
> configFile.getAbsolutePath());
> }
> OM.LOG.info("CDO Server started");
> }
> Client side:
> container = ContainerUtil.createContainer();
> Net4jUtil.prepareContainer(container); // Register Net4j factories
> TCPUtil.prepareContainer(container); // Register TCP factories
> CDONet4jUtil.prepareContainer(container); // Register CDO factories
> container.activate();
>
> PasswordCredentialsProvider credentialsProvider = new
> PasswordCredentialsProvider(
> user, password);
> container.addPostProcessor(new ConnectorCredentialsInjector(
> host + ":" + port, credentialsProvider));
> container.addPostProcessor(new MyStreamWrapperInjector());//Add
> StreamWrapperInjector
>
>
> connector = TCPUtil.getConnector(container, host + ":" + port );
> // Create configuration
> CDOSessionConfiguration configuration = CDONet4jUtil
> .createSessionConfiguration();
> configuration.setConnector(connector);
> configuration.setRepositoryName(repositoryName);
> // Set EagerPackageRegistry
> configuration.setEagerPackageRegistry();
> session = configuration.openSession();
> Are not like this?
> "Eike Stepper" <stepper@esc-net.de <mailto:stepper@esc-net.de>>
> >I have the feeling that the mixed approach I suggested before is not
> > correct. The server protocol would wrap its streams from the beginning
> > (OpenSessionIndication) but the client protocol would send the
> > OpenSessionRequest before the stream wrapper is configured.
> >
> > If you stillwant to use stream wrappers with CDO at the moment the best
> > way is to subclass CDONet4jSessionImpl and after calling the super
> > constructor configure the protocol...
> >
> > Cheers
> > /Eike
> >
> > ----
> > http://thegordian.blogspot.com
> >
> >
> >
> > Eike Stepper schrieb:
> >> xxlu schrieb:
> >>> Is there any help document about StreamWrapperInjector?
> >> Only the (short) source code.
> >>
> >>> At the Client, I call this code: container.addPostProcessor(new
> >>> CDOXORStreamWrapperInjector()); Is it right?
> >> Yes.
> >>
> >>> And what should I do at the server side?
> >>>
> >> The same ;-)
> >>
> >> BUT:
> >>
> >> I just realized that CDONet4jSessionImpl does no longer fetch its
> >> protocol instance from a managed container so using
> >> StreamWrapperInjector is kind of pointless. Please try the approach 1)
> >> from my first reply:
> >>
> >> session.options().getProtocol().setStreamWrapper(xyz)
> >>
> >> On the server side the injector approach should work if the protocol
> >> provider of your acceptor is a
> >> org.eclipse.net4j.ContainerProtocolProvider.Server
> >>
> >> Cheers
> >> /Eike
> >>
> >> ----
> >> http://thegordian.blogspot.com
> >>
> >>
> >>>
> >>>
> >>> "Eike Stepper" <stepper@esc-net.de <mailto:stepper@esc-net.de>>
> >>>
> >>>> xxlu schrieb:
> >>>>
> >>>>> Thank you very much, Eike. I am not familiar with NIO sockets and
> >>>>> the SSL encryption engine technology. Can you give more in these
> >>>>> areas to help?
> >>>>>
> >>>>>
> >>>> Unfortunately not. I'm also not familiar with the encryption engine.
> >>>> I only know that it's highly asynchronous, so that it should be
> >>>> feasible to hook it into the buffer sequence processing of Net4j
> >>>> *somehow* ....
> >>>>
> >>>> I'm sure that there is a lot of documentation available in the web:
> >>>>
> http://www.google.de/search?hl=de&q=java+ssl+engine& btnG=Suche&meta
> < http://www.google.de/search?hl=de&q=java+ssl+engine& btnG=Suche&meta>=
> >>>>
> >>>> Cheers
> >>>> /Eike
> >>>>
> >>>> ----
> >>>> http://thegordian.blogspot.com
> >>>>
> >>>>
> >>>>
> >>>>> "Eike Stepper" <stepper@esc-net.de <mailto:stepper@esc-net.de>>
> >>>>>
> >>>>>
> >>>>>> xxlu,
> >>>>>>
> >>>>>> Neither Net4j nor CDO data transfers are encrypted by default, but
> >>>>>> youhave different options:
> >>>>>>
> >>>>>> 1) Use an IStreamWrapper
> >>>>>>
> >>>>>> session.options().getProtocol().setStreamWrapper(xyz)
> >>>>>> session.options().getProtocol().addStreamWrapper(xyz)
> >>>>>>
> >>>>>> See XORStreamWrapper for an example.
> >>>>>>
> >>>>>> 2) Use an INegotiator to set something up in the underlying
> >>>>>> IConnector
> >>>>>>
> >>>>>> 3) Develop (and hopefully contribute) a new IConnector
> >>>>>> implementation, based on NIO sockets and the SSL encryption engine.
> >>>>>>
> >>>>>> Cheers
> >>>>>> /Eike
> >>>>>>
> >>>>>> ----
> >>>>>> http://thegordian.blogspot.com
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> xxlu schrieb:
> >>>>>>
> >>>>>>
> >>>>>>> Hi,
> >>>>>>> I want to know whether the process of data transmission is
> >>>>>>> encrypted. Because my custom's data is very important, these data
> >>>>>>> need to be encrypted during transmission.
> >>>>>>> Thank you.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
Goto Forum:
Current Time: Thu Apr 25 16:30:00 GMT 2024
Powered by FUDForum. Page generated in 0.04170 seconds |
] 
Search
Help
Register
Login
Home
