Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF » [CDO] Best practices for managing users
[CDO] Best practices for managing users [message #1828172] Wed, 03 June 2020 08:51 Go to next message
Robert Schulk is currently offline Robert SchulkFriend
Messages: 114
Registered: July 2015
Senior Member
We are administrating users directly within our application (and not via the Eclipse IDE). So a client with admin privileges can add/remove users.

Now, what we do is very simple:
* Open the realm in a transaction
* Add a user by calling realm.addUser
* Remove a user by calling realm.removeUser

The user removal seems wrong to me. because we need to always catch a NoPermissionException. The exception states, that the password is inaccessible.

There exists the class SecurityManager, but as far as I can see, it is only meant for server-side usage?
Re: [CDO] Best practices for managing users [message #1834223 is a reply to message #1828172] Thu, 05 November 2020 09:56 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6566
Registered: July 2009
Senior Member
The occurs because of this code in SecurityManager:

    @Override
    public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, ISession session)
    {
      String userID = session.getUserID();
      if (SYSTEM_USER_ID.equals(userID))
      {
        return CDOPermission.WRITE;
      }

      if (revision.getEClass() == SecurityPackage.Literals.USER_PASSWORD)
      {
        return CDOPermission.NONE;
      }

     ...


The SecurityManager is only accessible to (trusted) code in the server instance. The special handling of the UserPassword object is because the object-level CDO protocol does not support to encrypt specific object values. But the session-level protocol includes a sub protocol for secure key exchange (see org.eclipse.net4j.util.security.DiffieHellman). You can initiate this protocol by calling either of these methods:

1) org.eclipse.emf.cdo.session.CDOSession.changeCredentials();
2) org.eclipse.emf.spi.cdo.InternalCDOSession.resetCredentials(String userID);


Re: [CDO] Best practices for managing users [message #1834267 is a reply to message #1834223] Fri, 06 November 2020 09:51 Go to previous messageGo to next message
Robert Schulk is currently offline Robert SchulkFriend
Messages: 114
Registered: July 2015
Senior Member
We use these methods to change a user's password, which works fine.
But I am not sure how this can help during user removals.

Do I need to set the user's password to null before removing the user?
Re: [CDO] Best practices for managing users [message #1834303 is a reply to message #1834267] Fri, 06 November 2020 17:44 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6566
Registered: July 2009
Senior Member
Now I see what you mean. See how a stack trace would have helped my slow mind! :P

I suggest you submit abugzilla and I'll resolve the issue for you...


Re: [CDO] Best practices for managing users [message #1834385 is a reply to message #1834303] Mon, 09 November 2020 13:14 Go to previous message
Robert Schulk is currently offline Robert SchulkFriend
Messages: 114
Registered: July 2015
Senior Member
Alright! I created this ticket:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568642
Previous Topic:Getting Content is not allowed in prolog
Next Topic:[CDO] Some observations after upgrading to the current integration build
Goto Forum:
  


Current Time: Fri May 14 02:14:08 GMT 2021

Powered by FUDForum. Page generated in 0.01654 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top