Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Security
Security [message #57208] Sun, 04 November 2007 15:33 Go to next message
Eclipse UserFriend
Originally posted by: m.n.com

Does anyone have examples of implementing security in RAP?
Re: Security [message #57261 is a reply to message #57208] Sun, 04 November 2007 16:01 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: m.n.com

Mark wrote:
> Does anyone have examples of implementing security in RAP?
Ok, I found the right keyword to search on. I found something here to
help with "logon".

I also found this -
http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #57314 is a reply to message #57261] Sun, 04 November 2007 21:25 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: eclipse-dev.volanakis.de

Hi Mark,

IMHO, the suggestion in this article is ill advised. The primary
intention of the capabilities / activities is to reveal UI elements as
the user becomes more proficient with an application. It can be used for
"security" but is very easy to bypass (for example by manually modifying
the plugin.xml files).

Anyway, if you want to go down this path you should check if rap
supports the org.eclipse.ui.activities extension point.

Just my 2 cents.

Regards,
Elias


Mark wrote:
> Mark wrote:
>> Does anyone have examples of implementing security in RAP?
> Ok, I found the right keyword to search on. I found something here to
> help with "logon".
>
> I also found this -
> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #57365 is a reply to message #57314] Mon, 05 November 2007 01:44 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: m.n.com

Elias,

Thanks for input. Do you have suggestions on how to implement
"Authorization" in RAP then? I have parts of the app that should
probably on be available based on roles.

As for modifying the plugin.xml, since it is on the server I doubt a
use could modify it. They could with a standard RCP app.




Elias Volanakis wrote:
> Hi Mark,
>
> IMHO, the suggestion in this article is ill advised. The primary
> intention of the capabilities / activities is to reveal UI elements as
> the user becomes more proficient with an application. It can be used for
> "security" but is very easy to bypass (for example by manually modifying
> the plugin.xml files).
>
> Anyway, if you want to go down this path you should check if rap
> supports the org.eclipse.ui.activities extension point.
>
> Just my 2 cents.
>
> Regards,
> Elias
>
>
> Mark wrote:
>> Mark wrote:
>>> Does anyone have examples of implementing security in RAP?
>> Ok, I found the right keyword to search on. I found something here to
>> help with "logon".
>>
>> I also found this -
>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #57394 is a reply to message #57261] Mon, 05 November 2007 01:46 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: m.n.com

I did find this
-http://www.ibm.com/developerworks/lotus/library/expeditor-e clipse/

Not sure how it could help with RAP.

Mark wrote:
> Mark wrote:
>> Does anyone have examples of implementing security in RAP?
> Ok, I found the right keyword to search on. I found something here to
> help with "logon".
>
> I also found this -
> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #57445 is a reply to message #57208] Mon, 05 November 2007 08:03 Go to previous messageGo to next message
Markus Wolf is currently offline Markus WolfFriend
Messages: 153
Registered: July 2009
Senior Member
> Does anyone have examples of implementing security in RAP?
Have a look at eclipse Jaas. It's a project for implementing
authentication + authorisation based on jaas for eclipse.
I'm not sure if it could be used with rap, but it is easy to integrate
with rcp.

Markus
--
> emedia-solutions wolf web: http://www.emedia-solutions-wolf.de
> Eimsbüttler Straße 115 mail: markus@emedia-solutions-wolf.de
> 22769 Hamburg pgp: http://wwwkeys.de.pgp.net
> +49 40 432 635 83 taxid: 57 / 126 / 16123
Re: Security [message #57568 is a reply to message #57445] Mon, 05 November 2007 09:44 Go to previous messageGo to next message
Benjamin Muskalla is currently offline Benjamin MuskallaFriend
Messages: 237
Registered: July 2009
Senior Member
Speaking about Security and JAAS, I think it's worth to take a look at
the efforts of Equinox about security. See
http://www.eclipse.org/equinox/incubator/security/

Greets
Benny

Markus Wolf wrote:
>> Does anyone have examples of implementing security in RAP?
> Have a look at eclipse Jaas. It's a project for implementing
> authentication + authorisation based on jaas for eclipse.
> I'm not sure if it could be used with rap, but it is easy to integrate
> with rcp.
>
> Markus
Re: Security [message #57685 is a reply to message #57568] Mon, 05 November 2007 13:43 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: fappel.innoopract.com

Hi,

just to get it right - are we talking about something like a user
authenticates himself to an application using username/password and after
that he has access to certain functionalities that meets the grants of the
roles assigned to him? So different users would have access to different
aspects of the application (e.g. some perspectives would only be available
to users with the correct grants).

If so, the equinox security unfortunately doesn't solve the problem with
RAP. To put it simple the security mechanisms works on application scope,
which is not sufficient for RAP applications which have to deal with
different user authentications per session. Activities are currently not
supported within RAP and even if so, this would probably face the same
problem and as Elias already pointed out this is not what activities were
created for.

An overall concept that helps with the problems mentioned above doesn't
exist neighter in RCP nor in RAP. So at the time beeing this is something
application developers have to deal with on their own. Without having a
deeper look at it, I could imagine that RAP applications that are developed
to be deployed on standard JEE servers still could use JAAS like other
webapplications do.

Ciao
Frank


"Benjamin Muskalla" <bmuskalla@innoopract.com> schrieb im Newsbeitrag
news:fgmori$8sj$1@build.eclipse.org...
> Speaking about Security and JAAS, I think it's worth to take a look at the
> efforts of Equinox about security. See
> http://www.eclipse.org/equinox/incubator/security/
>
> Greets
> Benny
>
> Markus Wolf wrote:
>>> Does anyone have examples of implementing security in RAP?
>> Have a look at eclipse Jaas. It's a project for implementing
>> authentication + authorisation based on jaas for eclipse.
>> I'm not sure if it could be used with rap, but it is easy to integrate
>> with rcp.
>>
>> Markus
Re: Security [message #57735 is a reply to message #57685] Mon, 05 November 2007 14:04 Go to previous messageGo to next message
Thomas Schindl is currently offline Thomas SchindlFriend
Messages: 6651
Registered: July 2009
Senior Member
Frank Appel schrieb:
> Hi,
>
> just to get it right - are we talking about something like a user
> authenticates himself to an application using username/password and after
> that he has access to certain functionalities that meets the grants of the
> roles assigned to him? So different users would have access to different
> aspects of the application (e.g. some perspectives would only be available
> to users with the correct grants).
>
> If so, the equinox security unfortunately doesn't solve the problem with
> RAP. To put it simple the security mechanisms works on application scope,
> which is not sufficient for RAP applications which have to deal with
> different user authentications per session. Activities are currently not
> supported within RAP and even if so, this would probably face the same
> problem and as Elias already pointed out this is not what activities were
> created for.
>
> An overall concept that helps with the problems mentioned above doesn't
> exist neighter in RCP nor in RAP. So at the time beeing this is something
> application developers have to deal with on their own. Without having a
> deeper look at it, I could imagine that RAP applications that are developed
> to be deployed on standard JEE servers still could use JAAS like other
> webapplications do.
>

There's ongoing work in RCP to provide an authentification system and
because you are supporting commands my solution which builds upon the
Expression-Framework could be implemented in RAP too [1].

Tom

[1]https://bugs.eclipse.org/bugs/show_bug.cgi?id=201052

--
B e s t S o l u t i o n . at
------------------------------------------------------------ --------
Tom Schindl JFace-Committer
------------------------------------------------------------ --------
Re: Security [message #57833 is a reply to message #57365] Tue, 06 November 2007 02:50 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: eclipse-dev.volanakis.de

Hi Mark,

a while ago I read an interesting print article about implementing a
custom authentication and authorization mechanism in an RCP App.
Unfortunately it is in German and not available on the net...

Berechtigungen in Rich Clients implementieren
Autorisierung in RCP-Anwendungen
Michael Buchholz
Eclipse Magazin, Vol 12 / III/2007

If I remember correctly (it has been a while) the spirit of the above
article was to have a central authorization manager (singleton; similar
to a security manager) and then to be "disciplined" to include calls to
that manager at the points where it matters; example
View.createControl() could return an empty UI when not authorized /
actions would check this in run() method etc. In the article they had
abstract classes that did that so that developers just had to subclass
those. Drawback of this approach is that it does not work very well when
you want to integrate 3rd-party views / actions / etc which you only
have in binary form.

Regards,
Elias.

Mark wrote:
> Elias,
>
> Thanks for input. Do you have suggestions on how to implement
> "Authorization" in RAP then? I have parts of the app that should
> probably on be available based on roles.
>
> As for modifying the plugin.xml, since it is on the server I doubt a
> use could modify it. They could with a standard RCP app.
>
>
>
>
> Elias Volanakis wrote:
>> Hi Mark,
>>
>> IMHO, the suggestion in this article is ill advised. The primary
>> intention of the capabilities / activities is to reveal UI elements as
>> the user becomes more proficient with an application. It can be used
>> for "security" but is very easy to bypass (for example by manually
>> modifying the plugin.xml files).
>>
>> Anyway, if you want to go down this path you should check if rap
>> supports the org.eclipse.ui.activities extension point.
>>
>> Just my 2 cents.
>>
>> Regards,
>> Elias
>>
>>
>> Mark wrote:
>>> Mark wrote:
>>>> Does anyone have examples of implementing security in RAP?
>>> Ok, I found the right keyword to search on. I found something here
>>> to help with "logon".
>>>
>>> I also found this -
>>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #57981 is a reply to message #57833] Tue, 06 November 2007 15:55 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: m.n.com

Hi Elias,
Thanks for you input. And thanks to everyone else!

Elias Volanakis wrote:
> Hi Mark,
>
> a while ago I read an interesting print article about implementing a
> custom authentication and authorization mechanism in an RCP App.
> Unfortunately it is in German and not available on the net...
>
> Berechtigungen in Rich Clients implementieren
> Autorisierung in RCP-Anwendungen
> Michael Buchholz
> Eclipse Magazin, Vol 12 / III/2007
>
> If I remember correctly (it has been a while) the spirit of the above
> article was to have a central authorization manager (singleton; similar
> to a security manager) and then to be "disciplined" to include calls to
> that manager at the points where it matters; example
> View.createControl() could return an empty UI when not authorized /
> actions would check this in run() method etc. In the article they had
> abstract classes that did that so that developers just had to subclass
> those. Drawback of this approach is that it does not work very well when
> you want to integrate 3rd-party views / actions / etc which you only
> have in binary form.
>
> Regards,
> Elias.
>
> Mark wrote:
>
>> Elias,
>>
>> Thanks for input. Do you have suggestions on how to implement
>> "Authorization" in RAP then? I have parts of the app that should
>> probably on be available based on roles.
>>
>> As for modifying the plugin.xml, since it is on the server I doubt a
>> use could modify it. They could with a standard RCP app.
>>
>>
>>
>>
>> Elias Volanakis wrote:
>>
>>> Hi Mark,
>>>
>>> IMHO, the suggestion in this article is ill advised. The primary
>>> intention of the capabilities / activities is to reveal UI elements
>>> as the user becomes more proficient with an application. It can be
>>> used for "security" but is very easy to bypass (for example by
>>> manually modifying the plugin.xml files).
>>>
>>> Anyway, if you want to go down this path you should check if rap
>>> supports the org.eclipse.ui.activities extension point.
>>>
>>> Just my 2 cents.
>>>
>>> Regards,
>>> Elias
>>>
>>>
>>> Mark wrote:
>>>
>>>> Mark wrote:
>>>>
>>>>> Does anyone have examples of implementing security in RAP?
>>>>
>>>> Ok, I found the right keyword to search on. I found something here
>>>> to help with "logon".
>>>>
>>>> I also found this -
>>>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html
Re: Security [message #64492 is a reply to message #57208] Tue, 04 December 2007 18:24 Go to previous message
Eclipse UserFriend
Originally posted by: just4lists.nospammail.net

We are using the OSGi User Admin service (org.eclipse.equinox.useradmin).

Joel Oliveira

"Mark" <m@n.com> escreveu na mensagem news:fgkoob$rtc$1@build.eclipse.org...
> Does anyone have examples of implementing security in RAP?
Previous Topic:Icons and Theming
Next Topic:Live app
Goto Forum:
  


Current Time: Thu Mar 28 21:20:26 GMT 2024

Powered by FUDForum. Page generated in 0.05046 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top