Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Equinox » RCP App and role based, dynamic policy
RCP App and role based, dynamic policy [message #48546] Fri, 03 June 2005 08:54 Go to next message
Eclipse UserFriend
Originally posted by: NoStier.Spam.rs-system.de

Hi there!

I'm new to the equinox thing and I hope it's the right place for this
discussion...

I'm about to implement an RCP application which has to be secured in
several ways. I've worked on a solution for several days and would like
to discuss it, to see if I'm missing something.

Requirements

1. Application and Resources
- modifications on the codesource and resources (our plugins and
platform) must be detected and in case of modification execution prevented.
- additional plugins are not allowed.

2. Application Data
- application data is stored within an RDBMS.
- access to application data is governed by an application policy which
is stored within the RDBMS too.
- policy is pricipal/role based

Desgin
I've decided to implement security based on JAAS (JDK 5.0).
The system policy must be protected against modifications. Suns
PolicyFile policy (java.policy) therfore is not suitable for desktop
applications.
I've decided to implement an own policy class based on
java.security.Policy: MyPolicy. It grants AllPermission to the whole
platform codesource. Since it will be a "closed" RCP application, this
will be sufficient.
I will sign any application jar to prevent modifications within the
platform.

To enable MyPolicy from the start it must be defined in java.security as
"policy.provider=MyPolicy". This makes it necessary to add MyPolicy to
the bootclasspath.

Application data is governed by a policy which is stored within an RDBS
thus not available at initialization of MyPolicy. I've added two methods
to MyPolicy: addPolicyProvider(IPolicyProvider) and
removePolicyProvider(IPolicyProvider) which allow to add or remove
dynamically a set of grant entries like the ones in java.policy.

If a user authenticates to an application RDBMS, the policy of this
RDBMS will be added to MyPolicy.
If he logs out, it will be removed accordingly.

The policy within the RDBMS is protected by encryption.


Any comments?
Is there anything in equinox/OSGi which achieves the same functionality
with standardized means?

regards

Markus

Report message to a moderator

Re: RCP App and role based, dynamic policy [message #49453 is a reply to message #48546] Mon, 22 August 2005 08:58 Go to previous message
Marcus Olk is currently offline Marcus OlkFriend
Messages: 130
Registered: July 2009
Senior Member
M. Stier wrote:
> I'm new to the equinox thing and I hope it's the right place for this
> discussion...

This should be the right place, I guess, yes. We're currently trying
to implement a role based GUI / feature contribution using the existing
framework classes and had to cease struggling. We have to write our
own code now, because we have to get our product shipped in the nearer
future.

The current Eclipse framework doesn't seem to provide support for
this kind of requirement, does it?

Marcus

Report message to a moderator

Previous Topic:Why does the org.eclipse.core.runtime bundle manifest.mf have no Bundle-ClassPath entry?
Next Topic:Why using .jar file plugins for platform fragments?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Apr 23 12:27:38 GMT 2024

Powered by FUDForum. Page generated in 0.03045 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly