| [CDO] Security model [message #1063823] |
Fri, 14 June 2013 11:39  |
Eclipse User |
|
|
|
Hi,
I test the new security feature on master :
1. I launch the CDOServer launch config after changing the cdo-server.xml :
<?xml version="1.0" encoding="UTF-8"?>
<cdoServer>
<acceptor type="tcp" listenAddr="0.0.0.0" port="2036"/>
<repository name="repo1">
<property name="overrideUUID" value=""/>
<property name="supportingAudits" value="true"/>
<property name="supportingBranches" value="true"/>
<property name="ensureReferentialIntegrity" value="false"/>
<property name="allowInterruptRunningQueries" value="true"/>
<property name="idGenerationLocation" value="STORE"/>
<property name="serializeCommits" value="false"/>
<property name="optimisticLockingTimeout" value="10000"/>
<securityManager type="default" realmPath="/security"/>
<store type="db">
<property name="connectionKeepAlivePeriod" value="60"/>
<property name="readerPoolCapacity" value="20"/>
<property name="writerPoolCapacity" value="20"/>
<mappingStrategy type="horizontal"> <!-- callout -->
<property name="qualifiedNames" value="true"/>
</mappingStrategy>
<dbAdapter name="h2"/>
<dataSource class="org.h2.jdbcx.JdbcDataSource"
URL="jdbc:h2:database/repo1"/>
</store>
</repository>
</cdoServer>
2. I launch the CDOClient1 launch config, using the CDO Sessions view I
open a transaction to edit the security model, I add a user, I try to
create a UserPassword under this user but nothing appears, how can I
define password for this user?
Best Regards.
|
|
|
| Re: [CDO] Security model [message #1063828 is a reply to message #1063823] |
Fri, 14 June 2013 11:57  |
| Eclipse User |
|
|
|
Ok I have seen that the User.password property has been defined as not
editable in the genmodel.
Le 14/06/2013 13:39, Esteban DUGUEPEROUX a écrit :
> Hi,
>
> I test the new security feature on master :
> 1. I launch the CDOServer launch config after changing the cdo-server.xml :
>
> <?xml version="1.0" encoding="UTF-8"?>
> <cdoServer>
> <acceptor type="tcp" listenAddr="0.0.0.0" port="2036"/>
> <repository name="repo1">
> <property name="overrideUUID" value=""/>
> <property name="supportingAudits" value="true"/>
> <property name="supportingBranches" value="true"/>
> <property name="ensureReferentialIntegrity" value="false"/>
> <property name="allowInterruptRunningQueries" value="true"/>
> <property name="idGenerationLocation" value="STORE"/>
> <property name="serializeCommits" value="false"/>
> <property name="optimisticLockingTimeout" value="10000"/>
> <securityManager type="default" realmPath="/security"/>
> <store type="db">
> <property name="connectionKeepAlivePeriod" value="60"/>
> <property name="readerPoolCapacity" value="20"/>
> <property name="writerPoolCapacity" value="20"/>
> <mappingStrategy type="horizontal"> <!-- callout -->
> <property name="qualifiedNames" value="true"/>
> </mappingStrategy>
>
> <dbAdapter name="h2"/>
> <dataSource class="org.h2.jdbcx.JdbcDataSource"
> URL="jdbc:h2:database/repo1"/>
> </store>
> </repository>
> </cdoServer>
>
> 2. I launch the CDOClient1 launch config, using the CDO Sessions view I
> open a transaction to edit the security model, I add a user, I try to
> create a UserPassword under this user but nothing appears, how can I
> define password for this user?
>
> Best Regards.
>
>
|
|
|
| Re: [CDO] Security model [message #1063862 is a reply to message #1063823] |
Fri, 14 June 2013 14:38 |
| Eclipse User |
|
|
|
I see that with this new feature, the administrator can add
PackagePermission referencing EPackage available on administrator client
classpath and commit its security model changes while the referenced
EPackage is not available on CDO server classpath because CDO is
EPackage independant and this information are transfered from client to
server during commit.
But after restarting CDO server to take security model changes into
account and having standard users connecting to which the
PackagePermissions are applied I get the following exception because CDO
does not find the referenced EPackage :
org.eclipse.emf.cdo.common.util.CDOException: Generated packages locally
not available: CDOPackageUnit[id=http://www.cars.fr/1.0, state=PROXY,
type=UNKNOWN, originalType=NATIVE, timeStamp=2013-06-14 14:27:11.811]
at
org.eclipse.emf.internal.cdo.session.CDOSessionImpl.loadPackages(CDOSessionImpl.java:558)
at
org.eclipse.emf.cdo.internal.common.model.CDOPackageUnitImpl.load(CDOPackageUnitImpl.java:250)
at
org.eclipse.emf.cdo.internal.common.model.CDOPackageUnitImpl.load(CDOPackageUnitImpl.java:239)
at
org.eclipse.emf.cdo.internal.common.model.CDOPackageInfoImpl.doGetEPackage(CDOPackageInfoImpl.java:123)
at
org.eclipse.emf.cdo.internal.common.model.CDOPackageInfoImpl.getEPackage(CDOPackageInfoImpl.java:110)
at
org.eclipse.emf.cdo.internal.common.model.CDOPackageInfoImpl.getEPackage(CDOPackageInfoImpl.java:105)
at
org.eclipse.emf.ecore.impl.EPackageRegistryImpl.getEPackage(EPackageRegistryImpl.java:127)
at
org.eclipse.emf.ecore.resource.impl.ResourceSetImpl.delegatedGetResource(ResourceSetImpl.java:341)
at
org.eclipse.emf.ecore.resource.impl.ResourceSetImpl.getResource(ResourceSetImpl.java:388)
at
org.eclipse.emf.ecore.resource.impl.ResourceSetImpl.getEObject(ResourceSetImpl.java:220)
at
org.eclipse.emf.internal.cdo.view.AbstractCDOView.convertIDToObject(AbstractCDOView.java:1235)
at
org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertIDToObject(CDOStoreImpl.java:686)
at
org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertToEMF(CDOStoreImpl.java:654)
at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.get(CDOStoreImpl.java:190)
at
org.eclipse.emf.internal.cdo.CDOObjectImpl.dynamicGet(CDOObjectImpl.java:527)
at
org.eclipse.emf.ecore.impl.EStructuralFeatureImpl$InternalSettingDelegateSingleEObject.dynamicGet(EStructuralFeatureImpl.java:2574)
at
org.eclipse.emf.ecore.impl.BasicEObjectImpl.eGet(BasicEObjectImpl.java:1027)
at
org.eclipse.emf.ecore.impl.BasicEObjectImpl.eGet(BasicEObjectImpl.java:1011)
at
org.eclipse.emf.ecore.impl.BasicEObjectImpl.eGet(BasicEObjectImpl.java:1003)
at
org.eclipse.emf.cdo.security.impl.PackagePermissionImpl.getApplicablePackage(PackagePermissionImpl.java:65)
at
org.eclipse.emf.cdo.security.impl.PackagePermissionImpl.isApplicable(PackagePermissionImpl.java:84)
at
org.eclipse.emf.cdo.server.internal.security.SecurityManager.getPermission(SecurityManager.java:556)
at
org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager.getPermission(SecurityManager.java:631)
at
org.eclipse.emf.cdo.internal.server.Session.getPermission(Session.java:369)
at
org.eclipse.emf.cdo.spi.common.revision.BaseCDORevision.write(BaseCDORevision.java:223)
at
org.eclipse.emf.cdo.spi.common.protocol.CDODataOutputImpl.writeCDORevision(CDODataOutputImpl.java:381)
at
org.eclipse.emf.cdo.server.internal.net4j.protocol.LoadRevisionsIndication.responding(LoadRevisionsIndication.java:200)
at
org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerIndication.responding(CDOServerIndication.java:134)
at
org.eclipse.net4j.signal.IndicationWithResponse.doExtendedOutput(IndicationWithResponse.java:98)
at org.eclipse.net4j.signal.Signal.doOutput(Signal.java:298)
at
org.eclipse.net4j.signal.IndicationWithResponse.execute(IndicationWithResponse.java:67)
at
org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerReadIndication.execute(CDOServerReadIndication.java:36)
at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
at org.eclipse.net4j.signal.Signal.run(Signal.java:149)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:679)
To keep this nice advantage of having CDO independant of EPackage, we
could change the PackagePermission to have a nsURI string attribute
instead of a strong reference to the EPackage.
We could encouter the same issue with other Permission types like
ClassPermission could be a subtype of PackagePermission with a
EClassName attribute in addition to not have a strong reference.
Best Regards.
|
|
|
Powered by
FUDForum. Page generated in 0.04013 seconds
] 
Search
Help
Register
Login
Home
