Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF » [CDO] User password change with new security manager
[CDO] User password change with new security manager [message #1240624] Thu, 06 February 2014 21:38 Go to next message
Laurent Le Moux is currently offline Laurent Le MouxFriend
Messages: 184
Registered: September 2011
Senior Member
Hi all,

I currently try to give my application users the possibility to change his / her password.
Giving write access to /security gave me the possibility to change the default password (which is equal to the user Id) the first time.
But, if I try to change it again, it then fails with the following message :

No permission to access UserPassword@OID146:0v1


Besides, I don't like it to give write access to /security for all my users...

Hereafter the code that fails :

CDOTransaction transaction = (CDOTransaction) context.get("openedCDOTransaction");
CDOResource security = transaction.getResource("security");
Realm realm = (Realm) security.getContents().get(0);
User connectedUser = realm.getUser((String) context.get("user"));
UserPassword password = connectedUser.getPassword();
if (password == null) {
  password = SecurityFactory.eINSTANCE.createUserPassword();
  connectedUser.setPassword(password);
}
password.setEncrypted(newPasswordConfirmation.getText());
transaction.commit();


Any idea, what's wrong ? I'm using Kepler but I installed CDO Model Repository SDK 4.3.

Regards,

Laurent
Re: [CDO] User password change with new security manager [message #1240658 is a reply to message #1240624] Thu, 06 February 2014 22:45 Go to previous messageGo to next message
Christian W. Damus is currently offline Christian W. DamusFriend
Messages: 1195
Registered: July 2009
Location: Canada
Senior Member

Hi, Laurent,

The security model doesn't allow writing of the contents of a
UserPassword from a connected client; only the SecurityManager in the
server can do this, using its privileged operation facility.

The editor (both the usual EMF-style tree editor and the new form-based
editor) for the security model provides context-menu actions for
resetting user password (if you are an Administrator). Also, the
session object in the CDO Sessions view has a context-menu action for
changing your own password (that of the user as whom you are
connected). These make use of APIs in the CDOSession interface that
are new in 4.3; you can have a look at how the
CDOSession::changeCredentials() API is used by the
ChangePasswordAction, for example. This triggers an interactive dialog
with user that securely changes the password (with challenge for the
current password, of course).

HTH,

Christian


On 2014-02-06 21:38:29 +0000, Laurent Le Moux said:

> Hi all,
>
> I currently try to give my application users the possibility to change
> his / her password.
> Giving write access to /security gave me the possibility to change the
> default password (which is equal to the user Id) the first time.
> But, if I try to change it again, it then fails with the following message :
>
> No permission to access UserPassword@OID146:0v1
>
> Besides, I don't like it to give write access to /security for all my users...
>
> Hereafter the code that fails :
>
>
> CDOTransaction transaction = (CDOTransaction)
> context.get("openedCDOTransaction");
> CDOResource security = transaction.getResource("security");
> Realm realm = (Realm) security.getContents().get(0);
> User connectedUser = realm.getUser((String) context.get("user"));
> UserPassword password = connectedUser.getPassword();
> if (password == null) {
> password = SecurityFactory.eINSTANCE.createUserPassword();
> connectedUser.setPassword(password);
> }
> password.setEncrypted(newPasswordConfirmation.getText());
> transaction.commit();
>
>
> Any idea, what's wrong ? I'm using Kepler but I installed CDO Model
> Repository SDK 4.3.
>
> Regards,
>
> Laurent
Re: [CDO] User password change with new security manager [message #1241186 is a reply to message #1240658] Fri, 07 February 2014 15:59 Go to previous messageGo to next message
Laurent Le Moux is currently offline Laurent Le MouxFriend
Messages: 184
Registered: September 2011
Senior Member
Hi Christian,

Thank you for the clarification. I realise there must be something wrong with my CDO 4.3 "upgrade" because my session object comes without the changeCredentials method...

Anyway, according to the javadoc, changeCredentials is "possibly interactive". But, looking at your Papyrus ChangePasswordAction exemple as well as CDONet4jSessionImpl#changeCredentials, CDOClientProtocol#resquestChangeCredentials and the ChangeCredentialsRequest, it looks as if password change can only be interactive.

Is there a way to change the credentials programmatically ?
I was expecting something like changeCredentials(UserPassword myoldencryptedpwd, UserPassword thenewencryptedone) in the new CDOSession interface...

Kind regards,

Laurent
Re: [CDO] User password change with new security manager [message #1241281 is a reply to message #1241186] Fri, 07 February 2014 18:58 Go to previous messageGo to next message
Christian W. Damus is currently offline Christian W. DamusFriend
Messages: 1195
Registered: July 2009
Location: Canada
Senior Member

Hi, Laurent,

The protocol delegates the gathering of the new password to an
implementation of the IPasswordCredentialsUpdateProvider (a mix-in for
the IPasswordCredentialsProvider interface), registered in the
IManagedContainer. The default implementation provided by CDO is the
InteractiveCredentialsProvider, but you can substitute it with one that
is not interactive or that delegates to the interactive implementation
only when you want it to. I think that is, currently, the only way to
achieve what you are trying to do.

HTH,

Christian


On 2014-02-07 15:59:31 +0000, Laurent Le Moux said:

> Hi Christian,
>
> Thank you for the clarification. I realise there must be something
> wrong with my CDO 4.3 "upgrade" because my session object comes without
> the changeCredentials method...
>
> Anyway, according to the javadoc, changeCredentials is "possibly
> interactive". But, looking at your Papyrus ChangePasswordAction exemple
> as well as CDONet4jSessionImpl#changeCredentials,
> CDOClientProtocol#resquestChangeCredentials and the
> ChangeCredentialsRequest, it looks as if password change can only be
> interactive.
>
> Is there a way to change the credentials programmatically ?
> I was expecting something like changeCredentials(UserPassword
> myoldencryptedpwd, UserPassword thenewencryptedone) in the new
> CDOSession interface...
>
> Kind regards,
>
> Laurent
Re: [CDO] User password change with new security manager [message #1244053 is a reply to message #1241281] Tue, 11 February 2014 21:10 Go to previous messageGo to next message
Laurent Le Moux is currently offline Laurent Le MouxFriend
Messages: 184
Registered: September 2011
Senior Member
Hi Christian,

Many thanks for your help, I choose your second option : delegate to an InteractiveCredentialsProvider instance (like in the Papyrus DialogCredentialsProviderFactory class...).
And it now works great !

Regards,

Laurent
Re: [CDO] User password change with new security manager [message #1248555 is a reply to message #1244053] Mon, 17 February 2014 11:47 Go to previous messageGo to next message
Kuldeep Yadav is currently offline Kuldeep YadavFriend
Messages: 12
Registered: January 2014
Junior Member
Can you please share code for setting password programmatically. Smile
Re: [CDO] User password change with new security manager [message #1471873 is a reply to message #1248555] Thu, 13 November 2014 12:06 Go to previous messageGo to next message
Vitaliy Chernenko is currently offline Vitaliy ChernenkoFriend
Messages: 4
Registered: November 2014
Junior Member
Please check this thread: https://www.eclipse.org/forums/index.php/t/635718/ . I had a problem similar to your and the thread was really helpful.
Re: [CDO] User password change with new security manager [message #1472279 is a reply to message #1471873] Thu, 13 November 2014 19:00 Go to previous message
Laurent Le Moux is currently offline Laurent Le MouxFriend
Messages: 184
Registered: September 2011
Senior Member
Hi,

Sorry for my late answer. I forgot to register for notification on answers to my topic...
Additionaly to the topic previously quoted, here's a code extract from my login dialog :
...
		IManagedContainer container = ContainerUtil.createContainer();
		Net4jUtil.prepareContainer(container);
		SSLUtil.prepareContainer(container);
		container.activate();
		    
		connector = Net4jUtil.getConnector(container, cdoServerURI.substring(0, 3), cdoServerURI.substring(6));

		CDONet4jSessionConfiguration sessionConfig = CDONet4jUtil.createNet4jSessionConfiguration();
		sessionConfig.setConnector(connector);
		sessionConfig.setRepositoryName((String) configuration.get("repository"));
		IPasswordCredentialsProvider credentialsProvider = new InteractivePasswordChangeCredentialsProvider(user, password);
		sessionConfig.setCredentialsProvider(credentialsProvider);
		session = sessionConfig.openNet4jSession();
...

Along with the credentials provider :
	private class InteractivePasswordChangeCredentialsProvider extends PasswordCredentialsProvider
		implements IPasswordCredentialsUpdateProvider {

		private final IPasswordCredentialsUpdateProvider delegate = new InteractiveCredentialsProvider();
		
        public InteractivePasswordChangeCredentialsProvider(String user, String password) {
			super(user, password);
		}

		@Override
        public IPasswordCredentialsUpdate getCredentialsUpdate(String userID, CredentialsUpdateOperation operation) {
			return getCredentialsUpdate(null, userID, operation);
        }

        @Override
        public IPasswordCredentialsUpdate getCredentialsUpdate(String realm, String userID,
        		CredentialsUpdateOperation operation) {
        	return delegate.getCredentialsUpdate(realm, userID, operation);
        }
	}

Hope it helps even if late...

Regards,

Laurent
Previous Topic:How to Reload the Data with ECP Renderers in the Properties View
Next Topic:Sharing a resource between transactional editing domains
Goto Forum:
  


Current Time: Fri Aug 23 22:18:16 GMT 2019

Powered by FUDForum. Page generated in 0.02505 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top