| Password protection of specific pages/plugins in standalone help [message #475102] |
Wed, 04 February 2009 10:06  |
Eclipse User |
|
|
|
Hi,
I've been advised to also post this here, originally from newcomer.
Ken Adams wrote:
I've been playing around with the standalone eclipse help; I've
managed to create a plugin, but I want particular articles to be password
protected. Can someone tell me if this is possible?
Hi Ken,
There's a newsgroup specifically for the Eclipse help area. To get more
up-to-date information, you might want to repost your question there:
eclipse.platform.ua
About security and authentication in the help system, I'm not sure how
much has been done on that. There was some work done a few years ago to
have secure infocenter access, and I don't think it was kept up after the
initial work.
See: https://bugs.eclipse.org/bugs/show_bug.cgi?id=73285
There is also now the ability to deploy the infocenter mode of the help
system as a WAR in an app server environment. That would support providing
secure access to an infocenter by using the app server's
authentication/security features.
However, those scenarios concern providing security/authentication for the
infocenter as a whole. Your scenario is to secure specific articles or
plug-ins within the help system. I can imagine something that might be
done by leveraging the dynamic filtering capabilities of the help system
and pairing it with the security work done for bugzilla 73285. However, I
don't think it exists out of the box today.
Best regards,
Lee Anne
kowalskilee user and gmail dot com
|
|
|
|
|
| Re: Password protection of specific pages/plugins in standalone help [message #475108 is a reply to message #475106] |
Thu, 05 February 2009 10:40  |
| Eclipse User |
|
|
|
This is a good question to ask. A content provider does not have any
information about the requester, additionally the pages could end up
getting cached on the server. What this means is that any client that
tries to open a particular page will end up getting the same content so
this would not be a means to achieve password protection.
If you really want to secure certain documents the best way would be
host those documents on a secure server and have the help system
reference them. If you wanted to modify Eclipse source or write an
extension to add the password protection it would probably be possible
(but not trivial) to do it and I could point you at where to start but
it would not be as secure as keeping those documents behind their own
server.
Chris
Ken Adams wrote:
> Do you think it would be possible by using a contentprovider? (Sorry, I
> really am a newbie when it comes to eclipse and java). Would a
> contentprovider be able to look at cookies, compare with a database of
> sessions and return nothing if the person was logged in, thus causing
> infocenter to display the underlying page?
>
> When it comes to implementing contentproviders, do they need to be jar'd
> up? I've looked on the web for a concrete example of using a
> contentprovider, but nothing I've seen shows a step-by-step "hello
> world" example of contentprovers. :o(
>
|
|
|
|
| Re: Password protection of specific pages/plugins in standalone help [message #623212 is a reply to message #475104] |
Thu, 05 February 2009 05:03 |
| Eclipse User |
|
|
|
Do you think it would be possible by using a contentprovider? (Sorry, I
really am a newbie when it comes to eclipse and java). Would a
contentprovider be able to look at cookies, compare with a database of
sessions and return nothing if the person was logged in, thus causing
infocenter to display the underlying page?
When it comes to implementing contentproviders, do they need to be jar'd
up? I've looked on the web for a concrete example of using a
contentprovider, but nothing I've seen shows a step-by-step "hello world"
example of contentprovers. :o(
|
|
|
| Re: Password protection of specific pages/plugins in standalone help [message #623215 is a reply to message #475106] |
Thu, 05 February 2009 10:40 |
| Eclipse User |
|
|
|
This is a good question to ask. A content provider does not have any
information about the requester, additionally the pages could end up
getting cached on the server. What this means is that any client that
tries to open a particular page will end up getting the same content so
this would not be a means to achieve password protection.
If you really want to secure certain documents the best way would be
host those documents on a secure server and have the help system
reference them. If you wanted to modify Eclipse source or write an
extension to add the password protection it would probably be possible
(but not trivial) to do it and I could point you at where to start but
it would not be as secure as keeping those documents behind their own
server.
Chris
Ken Adams wrote:
> Do you think it would be possible by using a contentprovider? (Sorry, I
> really am a newbie when it comes to eclipse and java). Would a
> contentprovider be able to look at cookies, compare with a database of
> sessions and return nothing if the person was logged in, thus causing
> infocenter to display the underlying page?
>
> When it comes to implementing contentproviders, do they need to be jar'd
> up? I've looked on the web for a concrete example of using a
> contentprovider, but nothing I've seen shows a step-by-step "hello
> world" example of contentprovers. :o(
>
|
|
|
Powered by
FUDForum. Page generated in 0.55634 seconds
Home