Home » Modeling » EMF » [CDO] Setting Security : Authentication & Access control(Setting custom authentication & node access control in a CDO server)
|
Re: [CDO] Setting Security : Authentication & Access control [message #1005657 is a reply to message #1005629] |
Mon, 28 January 2013 05:19 |
|
Am 27.01.2013 19:35, schrieb Jean Rebillat:
> Hi.
> I work for a big french company, in a Research & Technology service. I am wanting to convince a project leader to
> switch from JCR Jackrabbit toward EMF/CDO.
> There are two particular points on which I must be sure of myself when presenting the solution : authentication with
> logins and access control on resources, using our own algorithms.
>
> I have searched the web since a week, trying to understand how to do this in CDO.
> I first tried to start the server with the XML configuration file, but at first I did not understand the way to add
> custom factories.
IFactories can be added to IPluginContainer.INSTANCE programmatically or via contribution to the extension point
org.eclipse.net4j.util.factories.
> I switched to hand-written server code, with almost the same results : it works until I want to add custom elements.
Can you give an example of what exactly you tried and how it failed?
> Falling back to XML configuration, I found this link : https://bugs.eclipse.org/bugs/show_bug.cgi?id=302775
> that works to add custom user management concerning authentication.
You may want to examine the newer ISecurityManager:
380629: Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Here's a diagram of the underlying Security model:
https://bugs.eclipse.org/bugs/attachment.cgi?id=221070
SecurityManager.java can serve as an example on how to use the low level hooks of an IRepository, in case you want to
plug in your own mechansim:
InternalSessionManager sessionManager = repository.getSessionManager();
sessionManager.setAuthenticator(authenticator);
sessionManager.setPermissionManager(permissionManager);
repository.addHandler(writeAccessHandler);
The security manager is comparingly new. I strongly recommend to try it out in the CDO 4.2 stream!
> My questions so far are :
> - Is the link above still up-to-date to add a user authentication mechanism ?
Yes, but it doesn't cover authorization.
> - Is there described somewhere the same mechanism for resource access control ?
See above.
> - Is there a better way to do all that ?
The security manager is the best way we ship. Additional requirements can be implemented with the low level hooks.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
| |
Re: [CDO] Setting Security : Authentication & Access control [message #1005791 is a reply to message #1005657] |
Mon, 28 January 2013 18:30 |
Jean Rebillat Messages: 14 Registered: December 2010 |
Junior Member |
|
|
Eike Stepper wrote on Mon, 28 January 2013 00:19
The security manager is the best way we ship. Additional requirements can be implemented with the low level hooks.
That is what I thought, but putting it in a real project is not that easy for me. The examples are always mixing client and server parts, and refers to things like RepositoryConfig.PROP_TEST_SECURITY_MANAGER that is only part of the example packages.
Using the Factories and the XML file is pretty easy, once I know which extension point to use.
My test base server code - just an aggregation of elements from the examples, to be properly written later - that works is :
public class Server
{
public static void main(String[] args) throws Exception
{
OMPlatform.INSTANCE.setDebugging(false);
OMPlatform.INSTANCE.addTraceHandler(PrintTraceHandler.CONSOLE);
OMPlatform.INSTANCE.addLogHandler(PrintLogHandler.CONSOLE);
Net4jUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the Net4j kernel
TCPUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the TCP support
CDONet4jServerUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the CDO server
String name = "alantea";
IStore store = createStore(name);
Map<String, String> properties = createProperties(name);
IRepository repository = CDOServerUtil.createRepository(name, store, properties);
CDOServerUtil.addRepository(IPluginContainer.INSTANCE, repository);
repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
Net4jUtil.getAcceptor(IPluginContainer.INSTANCE, "tcp", "0.0.0.0:2036");
Map<String, InternalRepository> maprepo = new HashMap<String, InternalRepository>();
maprepo.put("test", (InternalRepository) repository);
CDOServerBrowser br = new CDOServerBrowser(maprepo);
br.activate();
final String port = OMPlatform.INSTANCE.getProperty("org.eclipse.emf.cdo.server.browser.port");
System.out.println("port : "+port+ " "+ br.getPort());
while (System.in.available() == 0)
{
Thread.sleep(100);
}
LifecycleUtil.deactivate(repository);
LifecycleUtil.deactivate(IPluginContainer.INSTANCE);
}
private static IStore createStore(String name)
{
try
{
Class.forName("com.mysql.jdbc.jdbc2.optional.MysqlDataSource");
}
catch (ClassNotFoundException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
MysqlDataSource dts = new MysqlDataSource();
dts.setDatabaseName("cdo1");
dts.setCreateDatabaseIfNotExist(true);
dts.setServerName("localhost");
dts.setUser("cdo1");
dts.setPassword("cdo1");
IMappingStrategy mappingStrategy = CDODBUtil.createHorizontalMappingStrategy(true, true);
IDBAdapter dbAdapter = new MYSQLAdapter();
IDBConnectionProvider dbConnectionProvider = DBUtil.createConnectionProvider(dts);
return CDODBUtil.createStore(mappingStrategy, dbAdapter, dbConnectionProvider);
}
private static Map<String, String> createProperties(String name)
{
Map<String, String> props = new HashMap<String, String>();
props.put(IRepository.Props.OVERRIDE_UUID, name);
props.put(IRepository.Props.SUPPORTING_AUDITS, "true");
props.put(IRepository.Props.SUPPORTING_BRANCHES, "true");
return props;
}
}
I do not see - using the examples - where to add a SecurityManager in it.
|
|
| | |
Re: [CDO] Setting Security : Authentication &amp; Access control [message #1005797 is a reply to message #1005791] |
Mon, 28 January 2013 19:00 |
|
Am 28.01.2013 19:30, schrieb Jean Rebillat:
> Eike Stepper wrote on Mon, 28 January 2013 00:19
>> The security manager is the best way we ship. Additional requirements can be implemented with the low level hooks.
>
>
> That is what I thought, but putting it in a real project is not that easy for me. The examples are always mixing
> client and server parts, and refers to things like RepositoryConfig.PROP_TEST_SECURITY_MANAGER that is only part of
> the example packages.
That is correct if you replace "example" with "test" :P
> Using the Factories and the XML file is pretty easy, once I know which extension point to use.
>
> My test base server code - just an aggregation of elements from the examples, to be properly written later - that
> works is :
> public class Server
> {
> public static void main(String[] args) throws Exception
> {
> OMPlatform.INSTANCE.setDebugging(false);
> OMPlatform.INSTANCE.addTraceHandler(PrintTraceHandler.CONSOLE);
> OMPlatform.INSTANCE.addLogHandler(PrintLogHandler.CONSOLE);
>
> Net4jUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the Net4j kernel
> TCPUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the TCP support
> CDONet4jServerUtil.prepareContainer(IPluginContainer.INSTANCE); // Prepare the CDO server
>
> String name = "alantea";
> IStore store = createStore(name);
> Map<String, String> properties = createProperties(name);
>
> IRepository repository = CDOServerUtil.createRepository(name, store, properties);
> CDOServerUtil.addRepository(IPluginContainer.INSTANCE, repository);
> repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
>
>
> Net4jUtil.getAcceptor(IPluginContainer.INSTANCE, "tcp", "0.0.0.0:2036");
> Map<String, InternalRepository> maprepo = new HashMap<String, InternalRepository>();
> maprepo.put("test", (InternalRepository) repository);
> CDOServerBrowser br = new CDOServerBrowser(maprepo);
> br.activate();
> final String port = OMPlatform.INSTANCE.getProperty("org.eclipse.emf.cdo.server.browser.port");
> System.out.println("port : "+port+ " "+ br.getPort());
> while (System.in.available() == 0)
> {
> Thread.sleep(100);
> }
>
> LifecycleUtil.deactivate(repository);
> LifecycleUtil.deactivate(IPluginContainer.INSTANCE);
> }
>
> private static IStore createStore(String name)
> {
> try
> {
> Class.forName("com.mysql.jdbc.jdbc2.optional.MysqlDataSource");
> }
> catch (ClassNotFoundException e)
> {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
> MysqlDataSource dts = new MysqlDataSource();
> dts.setDatabaseName("cdo1");
> dts.setCreateDatabaseIfNotExist(true);
> dts.setServerName("localhost");
> dts.setUser("cdo1");
> dts.setPassword("cdo1");
> IMappingStrategy mappingStrategy = CDODBUtil.createHorizontalMappingStrategy(true, true);
> IDBAdapter dbAdapter = new MYSQLAdapter();
> IDBConnectionProvider dbConnectionProvider = DBUtil.createConnectionProvider(dts);
> return CDODBUtil.createStore(mappingStrategy, dbAdapter, dbConnectionProvider);
> }
>
> private static Map<String, String> createProperties(String name)
> {
> Map<String, String> props = new HashMap<String, String>();
> props.put(IRepository.Props.OVERRIDE_UUID, name);
> props.put(IRepository.Props.SUPPORTING_AUDITS, "true");
> props.put(IRepository.Props.SUPPORTING_BRANCHES, "true");
> return props;
> }
> }
>
> I do not see - using the examples - where to add a SecurityManager in it.
Please try this *before* you activate the repository:
ISecurityManager securityManager = SecurityManagerUtil.createSecurityManager("/security", getServerContainer());
securityManager.setRepository(repository);
LifecycleUtil.activate(securityManager);
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
| | |
Re: [CDO] Setting Security : Authentication & Access control [message #1006300 is a reply to message #1006146] |
Wed, 30 January 2013 18:01 |
Jean Rebillat Messages: 14 Registered: December 2010 |
Junior Member |
|
|
I have a strange problem with the above code.
It works fine, when the datbase already exists and is populated with Security tables.
I tried it a another computer, with an empty database, and it did not work as expected.
In fact, to initialize a database, the order of the calls shall be :
InternalSecurityManager securityManager = (InternalSecurityManager) SecurityManagerUtil.createSecurityManager("/security", IPluginContainer.INSTANCE);
securityManager.setRepository((InternalRepository) repository);
LifecycleUtil.activate(securityManager);
repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
but when restarting the server on an existing database, it must be :
repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
InternalSecurityManager securityManager = (InternalSecurityManager) SecurityManagerUtil.createSecurityManager("/security", IPluginContainer.INSTANCE);
securityManager.setRepository((InternalRepository) repository);
LifecycleUtil.activate(securityManager);
Using the second pattern on an empty database leads to :
org.eclipse.net4j.db.DBException: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'cdo1.Realm' doesn't exist
Strangely, using first pattern on a populated database does the same.
I must have missed something.
Or else, is there a way to know if a database exists before opening it ?
|
|
|
Re: [CDO] Setting Security : Authentication & Access control [message #1006364 is a reply to message #1006300] |
Thu, 31 January 2013 04:51 |
|
Am 30.01.2013 19:01, schrieb Jean Rebillat:
> I have a strange problem with the above code.
> It works fine, when the datbase already exists and is populated with Security tables.
> I tried it a another computer, with an empty database, and it did not work as expected.
>
> In fact, to initialize a database, the order of the calls shall be :
> InternalSecurityManager securityManager = (InternalSecurityManager)
> SecurityManagerUtil.createSecurityManager("/security", IPluginContainer.INSTANCE);
> securityManager.setRepository((InternalRepository) repository);
> LifecycleUtil.activate(securityManager);
>
> repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
You shouldn't need this call at all. I wonder, though, whether in standalone mode (no extension registry) we should
place this in the security manager:
static
{
SecurityPackage.eINSTANCE.getClass(); // Initialize package in standalone mode
}
Can you please try if this block solves your problem when placed in your main class?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
>
> but when restarting the server on an existing database, it must be :
> repository.getPackageRegistry().putEPackage(SecurityPackage.eINSTANCE);
>
> InternalSecurityManager securityManager = (InternalSecurityManager)
> SecurityManagerUtil.createSecurityManager("/security", IPluginContainer.INSTANCE);
> securityManager.setRepository((InternalRepository) repository);
> LifecycleUtil.activate(securityManager);
>
> Using the second pattern on an empty database leads to :
> org.eclipse.net4j.db.DBException: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Table 'cdo1.Realm'
> doesn't exist
>
> Strangely, using first pattern on a populated database does the same.
> I must have missed something.
> Or else, is there a way to know if a database exists before opening it ?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
| | |
Goto Forum:
Current Time: Thu Apr 25 11:52:07 GMT 2024
Powered by FUDForum. Page generated in 0.04499 seconds
|