Home » Modeling » EMF » [CDO] User password change with new security manager
|
Re: [CDO] User password change with new security manager [message #1240658 is a reply to message #1240624] |
Thu, 06 February 2014 22:45 |
|
Hi, Laurent,
The security model doesn't allow writing of the contents of a
UserPassword from a connected client; only the SecurityManager in the
server can do this, using its privileged operation facility.
The editor (both the usual EMF-style tree editor and the new form-based
editor) for the security model provides context-menu actions for
resetting user password (if you are an Administrator). Also, the
session object in the CDO Sessions view has a context-menu action for
changing your own password (that of the user as whom you are
connected). These make use of APIs in the CDOSession interface that
are new in 4.3; you can have a look at how the
CDOSession::changeCredentials() API is used by the
ChangePasswordAction, for example. This triggers an interactive dialog
with user that securely changes the password (with challenge for the
current password, of course).
HTH,
Christian
On 2014-02-06 21:38:29 +0000, Laurent Le Moux said:
> Hi all,
>
> I currently try to give my application users the possibility to change
> his / her password.
> Giving write access to /security gave me the possibility to change the
> default password (which is equal to the user Id) the first time.
> But, if I try to change it again, it then fails with the following message :
>
> No permission to access UserPassword@OID146:0v1
>
> Besides, I don't like it to give write access to /security for all my users...
>
> Hereafter the code that fails :
>
>
> CDOTransaction transaction = (CDOTransaction)
> context.get("openedCDOTransaction");
> CDOResource security = transaction.getResource("security");
> Realm realm = (Realm) security.getContents().get(0);
> User connectedUser = realm.getUser((String) context.get("user"));
> UserPassword password = connectedUser.getPassword();
> if (password == null) {
> password = SecurityFactory.eINSTANCE.createUserPassword();
> connectedUser.setPassword(password);
> }
> password.setEncrypted(newPasswordConfirmation.getText());
> transaction.commit();
>
>
> Any idea, what's wrong ? I'm using Kepler but I installed CDO Model
> Repository SDK 4.3.
>
> Regards,
>
> Laurent
|
|
| |
Re: [CDO] User password change with new security manager [message #1241281 is a reply to message #1241186] |
Fri, 07 February 2014 18:58 |
|
Hi, Laurent,
The protocol delegates the gathering of the new password to an
implementation of the IPasswordCredentialsUpdateProvider (a mix-in for
the IPasswordCredentialsProvider interface), registered in the
IManagedContainer. The default implementation provided by CDO is the
InteractiveCredentialsProvider, but you can substitute it with one that
is not interactive or that delegates to the interactive implementation
only when you want it to. I think that is, currently, the only way to
achieve what you are trying to do.
HTH,
Christian
On 2014-02-07 15:59:31 +0000, Laurent Le Moux said:
> Hi Christian,
>
> Thank you for the clarification. I realise there must be something
> wrong with my CDO 4.3 "upgrade" because my session object comes without
> the changeCredentials method...
>
> Anyway, according to the javadoc, changeCredentials is "possibly
> interactive". But, looking at your Papyrus ChangePasswordAction exemple
> as well as CDONet4jSessionImpl#changeCredentials,
> CDOClientProtocol#resquestChangeCredentials and the
> ChangeCredentialsRequest, it looks as if password change can only be
> interactive.
>
> Is there a way to change the credentials programmatically ?
> I was expecting something like changeCredentials(UserPassword
> myoldencryptedpwd, UserPassword thenewencryptedone) in the new
> CDOSession interface...
>
> Kind regards,
>
> Laurent
|
|
| | | |
Re: [CDO] User password change with new security manager [message #1472279 is a reply to message #1471873] |
Thu, 13 November 2014 19:00 |
Laurent Le Moux Messages: 184 Registered: September 2011 |
Senior Member |
|
|
Hi,
Sorry for my late answer. I forgot to register for notification on answers to my topic...
Additionaly to the topic previously quoted, here's a code extract from my login dialog :
...
IManagedContainer container = ContainerUtil.createContainer();
Net4jUtil.prepareContainer(container);
SSLUtil.prepareContainer(container);
container.activate();
connector = Net4jUtil.getConnector(container, cdoServerURI.substring(0, 3), cdoServerURI.substring(6));
CDONet4jSessionConfiguration sessionConfig = CDONet4jUtil.createNet4jSessionConfiguration();
sessionConfig.setConnector(connector);
sessionConfig.setRepositoryName((String) configuration.get("repository"));
IPasswordCredentialsProvider credentialsProvider = new InteractivePasswordChangeCredentialsProvider(user, password);
sessionConfig.setCredentialsProvider(credentialsProvider);
session = sessionConfig.openNet4jSession();
...
Along with the credentials provider :
private class InteractivePasswordChangeCredentialsProvider extends PasswordCredentialsProvider
implements IPasswordCredentialsUpdateProvider {
private final IPasswordCredentialsUpdateProvider delegate = new InteractiveCredentialsProvider();
public InteractivePasswordChangeCredentialsProvider(String user, String password) {
super(user, password);
}
@Override
public IPasswordCredentialsUpdate getCredentialsUpdate(String userID, CredentialsUpdateOperation operation) {
return getCredentialsUpdate(null, userID, operation);
}
@Override
public IPasswordCredentialsUpdate getCredentialsUpdate(String realm, String userID,
CredentialsUpdateOperation operation) {
return delegate.getCredentialsUpdate(realm, userID, operation);
}
}
Hope it helps even if late...
Regards,
Laurent
|
|
|
Goto Forum:
Current Time: Tue Apr 23 07:01:47 GMT 2024
Powered by FUDForum. Page generated in 0.04013 seconds
|