Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Communications Framework (ECF) » Securing OSGi Remote Services implemented using ECF
Securing OSGi Remote Services implemented using ECF [message #1406443] Sun, 10 August 2014 03:08 Go to next message
Timothy Vogel is currently offline Timothy VogelFriend
Messages: 76
Registered: July 2009
Member
The OSGi Spec chapter 13.6 on remote services is a couple of paragraphs long basically stating that security is important but is up to the implementer. CXF DOSGi uses web services and has the full WS* protocols available to provide this security implementation.

How does ECF address securing services that are deployed from an OSGi server? Are there any working examples?

Thanks for taking the time to read my question!
Timothy Vogel
Re: Securing OSGi Remote Services implemented using ECF [message #1406478 is a reply to message #1406443] Sun, 10 August 2014 05:54 Go to previous messageGo to next message
Scott Lewis is currently offline Scott LewisFriend
Messages: 1030
Registered: July 2009
Senior Member
Timothy Vogel wrote on Sat, 09 August 2014 23:08
The OSGi Spec chapter 13.6 on remote services


I believe for R5 and R6 you must mean chapter 100 (Remote Services) and chapter 122 (Remote Service Admin) in the enterprise specification. I believe these were moved from chapter 13 in the OSGi 4.2 specification.

Quote:

is a couple of paragraphs long basically stating that security is important but is up to the implementer. CXF DOSGi uses web services and has the full WS* protocols available to provide this security implementation.

How does ECF address securing services that are deployed from an OSGi server?


ECF has a provider architecture, which allows multiple distribution providers to exist and provides several open APIs (e.g. the org.eclipse.ecf.remoteservice api) to support the relatively easy creation of new providers. As per the OSGi specification, each provider is responsible for it's security.

For some providers (e.g. the ecf generic) ssl or some other transport-level mechanism can be used to secure the remote service consumer -> host connection. The ecf generic provider can also be configured to require credentials upon client connection.

There are existing distribution providers based upon JMS, MQTT, Restlet/JAXRS and xmlrpc, as well as specific APIs for creating rest (xml or json), and/ soap-based providers. For access to some of these other provider see

https://github.com/ECF

In addition to the ECF repositories at Eclipse:

http://git.eclipse.org/c/ecf/org.eclipse.ecf.git

There are also ECF distribution providers based upon http or https, that like CXF can provide security based upon web protocols, and of course custom providers can be constructed that use whatever is desired for security. We have even contemplated creating a provider from CXF, JAX itself, but have not had the resources to do so without contributions from those more knowledgeable about CXF internals.

Quote:


Are there any working examples?



Yes, there are some. Here is an example created to show how to setup and use password-based authentication for the ecf generic provider

https://bugs.eclipse.org/bugs/show_bug.cgi?id=439577

Here is a tutorial describing how to implement a custom http/servet-based provider here

https://wiki.eclipse.org/Tutorial:_Creating_a_RESTful_Remote_Service_Provider

If you have specific needs WRT security for an existing provider, or would like assistance creating a new provider, then please either open an enhancement request, bring upon on the ecf-dev mailing list

https://dev.eclipse.org/mailman/listinfo/ecf-dev

and/or contact one of the committers directly for professional support. We are open to providing contracted support and development efforts, focused on either configuring/customizing/modifying an existing provider, or creating a new provider (in open source or not).

Quote:

Thanks for taking the time to read my question!
Timothy Vogel


No problem. Thanks for using ECF.
Re: Securing OSGi Remote Services implemented using ECF [message #1406954 is a reply to message #1406478] Mon, 11 August 2014 14:03 Go to previous messageGo to next message
Timothy Vogel is currently offline Timothy VogelFriend
Messages: 76
Registered: July 2009
Member
Scott,
Thanks for the information!

I had the old version of the spec open when I quoted the wrong chapter. Embarrassed

The provider based architecture will work and means I can evaluate now and add on security in an incremental way. I will look over the examples and source code.

The use case is an remote RCP application connecting to read/write data. The user base is limited so I'm thinking of using a certificate to provide identification and encrypt the tunnel/data.

I am not particularly interested in a CXF provider, just using it as a comparison to ECF.

Does ECF have a startup list for the bundles? I'm also evaluating Virgo and a list of the required bundles in the proper order would help.
Re: Securing OSGi Remote Services implemented using ECF [message #1481284 is a reply to message #1406954] Thu, 20 November 2014 22:49 Go to previous messageGo to next message
Wim Jongman is currently offline Wim JongmanFriend
Messages: 432
Registered: July 2009
Senior Member

I know that org.eclipse.ecf.osgi.services.distribution needs to be started to get the whole machine in action. This can be done at will and does not need to be done at startup per se.

Cheers,

Wim
Re: Securing OSGi Remote Services implemented using ECF [message #1699125 is a reply to message #1406954] Sun, 21 June 2015 17:08 Go to previous message
Ragnar Nevries is currently offline Ragnar NevriesFriend
Messages: 2
Registered: June 2015
Junior Member
Hello Timothy,

Quote:
The use case is an remote RCP application connecting to read/write data. The user base is limited so I'm thinking of using a certificate to provide identification and encrypt the tunnel/data.

I am not particularly interested in a CXF provider, just using it as a comparison to ECF.


I am facing a comparable situation (E4 Client shall communicate with business logic), so I am very interested which technique you chose and what your experiences are.

In particular, a secure communication is important for me since one option is to run the communication directly in WWW rather in VPN Shocked.

Thanks for some enlightening words
Ragnar
Previous Topic:ClassCastException in JUnit integration tests
Next Topic:ECF 3.10/Mars Released
Goto Forum:
  


Current Time: Thu Nov 15 17:45:19 GMT 2018

Powered by FUDForum. Page generated in 0.01955 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top