Eclipse Community Forums: Remote Application Platform (RAP)

Home

Home » Eclipse Projects » Remote Application Platform (RAP) » Security

Security [message #57208]

Sun, 04 November 2007 10:33

Eclipse User

Originally posted by: m.n.com

Does anyone have examples of implementing security in RAP?

Re: Security [message #57261 is a reply to message #57208]

Sun, 04 November 2007 11:01

Eclipse User

Originally posted by: m.n.com

Mark wrote:
> Does anyone have examples of implementing security in RAP?
Ok, I found the right keyword to search on. I found something here to
help with "logon".

I also found this -
http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #57314 is a reply to message #57261]

Sun, 04 November 2007 16:25

Eclipse User

Originally posted by: eclipse-dev.volanakis.de

Hi Mark,

IMHO, the suggestion in this article is ill advised. The primary
intention of the capabilities / activities is to reveal UI elements as
the user becomes more proficient with an application. It can be used for
"security" but is very easy to bypass (for example by manually modifying
the plugin.xml files).

Anyway, if you want to go down this path you should check if rap
supports the org.eclipse.ui.activities extension point.

Just my 2 cents.

Regards,
Elias

Mark wrote:
> Mark wrote:
>> Does anyone have examples of implementing security in RAP?
> Ok, I found the right keyword to search on. I found something here to
> help with "logon".
>
> I also found this -
> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #57365 is a reply to message #57314]

Sun, 04 November 2007 20:44

Eclipse User

Originally posted by: m.n.com

Elias,

Thanks for input. Do you have suggestions on how to implement
"Authorization" in RAP then? I have parts of the app that should
probably on be available based on roles.

As for modifying the plugin.xml, since it is on the server I doubt a
use could modify it. They could with a standard RCP app.

Elias Volanakis wrote:
> Hi Mark,
>
> IMHO, the suggestion in this article is ill advised. The primary
> intention of the capabilities / activities is to reveal UI elements as
> the user becomes more proficient with an application. It can be used for
> "security" but is very easy to bypass (for example by manually modifying
> the plugin.xml files).
>
> Anyway, if you want to go down this path you should check if rap
> supports the org.eclipse.ui.activities extension point.
>
> Just my 2 cents.
>
> Regards,
> Elias
>
>
> Mark wrote:
>> Mark wrote:
>>> Does anyone have examples of implementing security in RAP?
>> Ok, I found the right keyword to search on. I found something here to
>> help with "logon".
>>
>> I also found this -
>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #57394 is a reply to message #57261]

Sun, 04 November 2007 20:46

Eclipse User

Originally posted by: m.n.com

I did find this
-http://www.ibm.com/developerworks/lotus/library/expeditor-e clipse/

Not sure how it could help with RAP.

Mark wrote:
> Mark wrote:
>> Does anyone have examples of implementing security in RAP?
> Ok, I found the right keyword to search on. I found something here to
> help with "logon".
>
> I also found this -
> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #57445 is a reply to message #57208]

Mon, 05 November 2007 03:03

Eclipse User

> Does anyone have examples of implementing security in RAP?
Have a look at eclipse Jaas. It's a project for implementing
authentication + authorisation based on jaas for eclipse.
I'm not sure if it could be used with rap, but it is easy to integrate
with rcp.

Markus
--
> emedia-solutions wolf web: http://www.emedia-solutions-wolf.de
> Eimsbüttler Straße 115 mail: markus@emedia-solutions-wolf.de
> 22769 Hamburg pgp: http://wwwkeys.de.pgp.net
> +49 40 432 635 83 taxid: 57 / 126 / 16123

Re: Security [message #57568 is a reply to message #57445]

Mon, 05 November 2007 04:44

Eclipse User

Speaking about Security and JAAS, I think it's worth to take a look at
the efforts of Equinox about security. See
http://www.eclipse.org/equinox/incubator/security/

Greets
Benny

Markus Wolf wrote:
>> Does anyone have examples of implementing security in RAP?
> Have a look at eclipse Jaas. It's a project for implementing
> authentication + authorisation based on jaas for eclipse.
> I'm not sure if it could be used with rap, but it is easy to integrate
> with rcp.
>
> Markus

Re: Security [message #57685 is a reply to message #57568]

Mon, 05 November 2007 08:43

Eclipse User

Originally posted by: fappel.innoopract.com

Hi,

just to get it right - are we talking about something like a user
authenticates himself to an application using username/password and after
that he has access to certain functionalities that meets the grants of the
roles assigned to him? So different users would have access to different
aspects of the application (e.g. some perspectives would only be available
to users with the correct grants).

If so, the equinox security unfortunately doesn't solve the problem with
RAP. To put it simple the security mechanisms works on application scope,
which is not sufficient for RAP applications which have to deal with
different user authentications per session. Activities are currently not
supported within RAP and even if so, this would probably face the same
problem and as Elias already pointed out this is not what activities were
created for.

An overall concept that helps with the problems mentioned above doesn't
exist neighter in RCP nor in RAP. So at the time beeing this is something
application developers have to deal with on their own. Without having a
deeper look at it, I could imagine that RAP applications that are developed
to be deployed on standard JEE servers still could use JAAS like other
webapplications do.

Ciao
Frank

"Benjamin Muskalla" <bmuskalla@innoopract.com> schrieb im Newsbeitrag
news:fgmori$8sj$1@build.eclipse.org...
> Speaking about Security and JAAS, I think it's worth to take a look at the
> efforts of Equinox about security. See
> http://www.eclipse.org/equinox/incubator/security/
>
> Greets
> Benny
>
> Markus Wolf wrote:
>>> Does anyone have examples of implementing security in RAP?
>> Have a look at eclipse Jaas. It's a project for implementing
>> authentication + authorisation based on jaas for eclipse.
>> I'm not sure if it could be used with rap, but it is easy to integrate
>> with rcp.
>>
>> Markus

Re: Security [message #57735 is a reply to message #57685]

Mon, 05 November 2007 09:04

Eclipse User

Frank Appel schrieb:
> Hi,
>
> just to get it right - are we talking about something like a user
> authenticates himself to an application using username/password and after
> that he has access to certain functionalities that meets the grants of the
> roles assigned to him? So different users would have access to different
> aspects of the application (e.g. some perspectives would only be available
> to users with the correct grants).
>
> If so, the equinox security unfortunately doesn't solve the problem with
> RAP. To put it simple the security mechanisms works on application scope,
> which is not sufficient for RAP applications which have to deal with
> different user authentications per session. Activities are currently not
> supported within RAP and even if so, this would probably face the same
> problem and as Elias already pointed out this is not what activities were
> created for.
>
> An overall concept that helps with the problems mentioned above doesn't
> exist neighter in RCP nor in RAP. So at the time beeing this is something
> application developers have to deal with on their own. Without having a
> deeper look at it, I could imagine that RAP applications that are developed
> to be deployed on standard JEE servers still could use JAAS like other
> webapplications do.
>

There's ongoing work in RCP to provide an authentification system and
because you are supporting commands my solution which builds upon the
Expression-Framework could be implemented in RAP too [1].

Tom

[1]https://bugs.eclipse.org/bugs/show_bug.cgi?id=201052

--
B e s t S o l u t i o n . at
------------------------------------------------------------ --------
Tom Schindl JFace-Committer
------------------------------------------------------------ --------

Re: Security [message #57833 is a reply to message #57365]

Mon, 05 November 2007 21:50

Eclipse User

Originally posted by: eclipse-dev.volanakis.de

Hi Mark,

a while ago I read an interesting print article about implementing a
custom authentication and authorization mechanism in an RCP App.
Unfortunately it is in German and not available on the net...

Berechtigungen in Rich Clients implementieren
Autorisierung in RCP-Anwendungen
Michael Buchholz
Eclipse Magazin, Vol 12 / III/2007

If I remember correctly (it has been a while) the spirit of the above
article was to have a central authorization manager (singleton; similar
to a security manager) and then to be "disciplined" to include calls to
that manager at the points where it matters; example
View.createControl() could return an empty UI when not authorized /
actions would check this in run() method etc. In the article they had
abstract classes that did that so that developers just had to subclass
those. Drawback of this approach is that it does not work very well when
you want to integrate 3rd-party views / actions / etc which you only
have in binary form.

Regards,
Elias.

Mark wrote:
> Elias,
>
> Thanks for input. Do you have suggestions on how to implement
> "Authorization" in RAP then? I have parts of the app that should
> probably on be available based on roles.
>
> As for modifying the plugin.xml, since it is on the server I doubt a
> use could modify it. They could with a standard RCP app.
>
>
>
>
> Elias Volanakis wrote:
>> Hi Mark,
>>
>> IMHO, the suggestion in this article is ill advised. The primary
>> intention of the capabilities / activities is to reveal UI elements as
>> the user becomes more proficient with an application. It can be used
>> for "security" but is very easy to bypass (for example by manually
>> modifying the plugin.xml files).
>>
>> Anyway, if you want to go down this path you should check if rap
>> supports the org.eclipse.ui.activities extension point.
>>
>> Just my 2 cents.
>>
>> Regards,
>> Elias
>>
>>
>> Mark wrote:
>>> Mark wrote:
>>>> Does anyone have examples of implementing security in RAP?
>>> Ok, I found the right keyword to search on. I found something here
>>> to help with "logon".
>>>
>>> I also found this -
>>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #57981 is a reply to message #57833]

Tue, 06 November 2007 10:55

Eclipse User

Originally posted by: m.n.com

Hi Elias,
Thanks for you input. And thanks to everyone else!

Elias Volanakis wrote:
> Hi Mark,
>
> a while ago I read an interesting print article about implementing a
> custom authentication and authorization mechanism in an RCP App.
> Unfortunately it is in German and not available on the net...
>
> Berechtigungen in Rich Clients implementieren
> Autorisierung in RCP-Anwendungen
> Michael Buchholz
> Eclipse Magazin, Vol 12 / III/2007
>
> If I remember correctly (it has been a while) the spirit of the above
> article was to have a central authorization manager (singleton; similar
> to a security manager) and then to be "disciplined" to include calls to
> that manager at the points where it matters; example
> View.createControl() could return an empty UI when not authorized /
> actions would check this in run() method etc. In the article they had
> abstract classes that did that so that developers just had to subclass
> those. Drawback of this approach is that it does not work very well when
> you want to integrate 3rd-party views / actions / etc which you only
> have in binary form.
>
> Regards,
> Elias.
>
> Mark wrote:
>
>> Elias,
>>
>> Thanks for input. Do you have suggestions on how to implement
>> "Authorization" in RAP then? I have parts of the app that should
>> probably on be available based on roles.
>>
>> As for modifying the plugin.xml, since it is on the server I doubt a
>> use could modify it. They could with a standard RCP app.
>>
>>
>>
>>
>> Elias Volanakis wrote:
>>
>>> Hi Mark,
>>>
>>> IMHO, the suggestion in this article is ill advised. The primary
>>> intention of the capabilities / activities is to reveal UI elements
>>> as the user becomes more proficient with an application. It can be
>>> used for "security" but is very easy to bypass (for example by
>>> manually modifying the plugin.xml files).
>>>
>>> Anyway, if you want to go down this path you should check if rap
>>> supports the org.eclipse.ui.activities extension point.
>>>
>>> Just my 2 cents.
>>>
>>> Regards,
>>> Elias
>>>
>>>
>>> Mark wrote:
>>>
>>>> Mark wrote:
>>>>
>>>>> Does anyone have examples of implementing security in RAP?
>>>>
>>>> Ok, I found the right keyword to search on. I found something here
>>>> to help with "logon".
>>>>
>>>> I also found this -
>>>> http://www.ibm.com/developerworks/library/os-ecl-rcpsec/inde x.html

Re: Security [message #64492 is a reply to message #57208]

Tue, 04 December 2007 13:24

Eclipse User

Originally posted by: just4lists.nospammail.net

We are using the OSGi User Admin service (org.eclipse.equinox.useradmin).

Joel Oliveira

"Mark" <m@n.com> escreveu na mensagem news:fgkoob$rtc$1@build.eclipse.org...
> Does anyone have examples of implementing security in RAP?

Previous Topic:	Icons and Theming
Next Topic:	Live app

Goto Forum:

-=] Back to Top [=-

Current Time: Thu May 01 20:54:19 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter