DataSourceSecurityFilter and RAP Client [message #1608187] |
Mon, 09 February 2015 10:39 |
|
Hello,
I tried to configure the DataSourceSecurityFilter in the RAP configi.ini and added the mysql driver to dependencies of the *-rap-dev.product.
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#realm=bbk Development
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=com.mysql.jdbc.Driver
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:mysql://127.0.0.1:3306/BFZ
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=admin
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=changeme
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT LOWER(username), id, countyid, seclevel FROM Users WHERE LOWER(username)=? AND PASSWORD=?
When starting the rap client i get the following exception:
HTTP ERROR: 500
Problem accessing /web. Reason:
javax.servlet.ServletException: com.mysql.jdbc.Driver cannot be found by org.eclipse.scout.rt.server.commons_4.3.0.20150112-1427
Powered by Jetty://
What am I missing?
Thanks,
Peter
|
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1608314 is a reply to message #1608302] |
Mon, 09 February 2015 12:26 |
|
Jeremie Bresson wrote on Mon, 09 February 2015 12:18Does your product file contain com.bsiag.scout.rt.server.jdbc.mysql5117 in the plugin list? ("Dependencies" Tab in the Product File Editor).
Is it started (when you launch the application)? No resolve product error at the startup.
Yes teh product file contains the mysql bundle... RAP Server is starting without any problems.
The error above shows up when accessing the webapp... I tried to add the mysql bundle to the rap project plugin xml too. But then the RAP server refuses to startup at all...
Peter
|
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1614499 is a reply to message #1608795] |
Fri, 13 February 2015 09:32 |
|
Hello Jeremie,
Jeremie Bresson wrote on Mon, 09 February 2015 19:21
I will try to test this case.
sorry for bothering you. But do you have any idea what I can do to fix this. Or better: which eclipse/scout bundles need to have the dependeny on the "com.bsiag.scout.rt.server.jdbc.mysql5117"?
I added the dependency to:
- at.bfzgruenbach.bbk.server: manifest.mf, bbk-rap.dev.product
- at.bfzgruenbach.bbk.target: bbk-target
- at.bfzgruenbach.bbk.ui.rap: bbk-rap-dev.product
When starting i get the follwoing log entries for "bbk-rap-dev.product":
com.mysql.jdbc.Driver cannot be found by org.eclipse.scout.rt.server.commons_4.3.0.20150112-1427
!STACK 0
java.lang.ClassNotFoundException: com.mysql.jdbc.Driver cannot be found by org.eclipse.scout.rt.server.commons_4.3.0.20150112-1427
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:439)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:352)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:344)
at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:160)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:191)
at org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter.createJdbcDirectConnection(DataSourceSecurityFilter.java:224)
at org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter.isValidUser(DataSourceSecurityFilter.java:164)
at org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter.negotiate(DataSourceSecurityFilter.java:126)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:120)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:106)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:106)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.ui.rap.servletfilter.LogoutFilter.doFilter(LogoutFilter.java:83)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.ServletFilterDelegate.delegateServiceMethod(ServletFilterDelegate.java:60)
at org.eclipse.scout.rt.ui.rap.internal.servletfilter.DelegateFilter.doFilter(DelegateFilter.java:48)
at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1142)
at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:110)
at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)
at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:70)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:487)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:442)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:228)
at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.processAlias(ProxyServlet.java:87)
at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.service(ProxyServlet.java:66)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.equinox.http.jetty.internal.HttpServerManager$InternalHttpServiceServlet.service(HttpServerManager.java:337)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:620)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:540)
at java.lang.Thread.run(Thread.java:745)
2015-02-13 10:29:51.447:WARN:oejs.ServletHandler:qtp564473555-20:
javax.servlet.ServletException: com.mysql.jdbc.Driver cannot be found by org.eclipse.scout.rt.server.commons_4.3.0.20150112-1427
at org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter.isValidUser(DataSourceSecurityFilter.java:171)
at org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter.negotiate(DataSourceSecurityFilter.java:126)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:120)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:106)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.security.AbstractChainableSecurityFilter.doFilter(AbstractChainableSecurityFilter.java:106)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.ui.rap.servletfilter.LogoutFilter.doFilter(LogoutFilter.java:83)
at org.eclipse.scout.rt.server.commons.internal.FilterChainImpl.doFilter(FilterChainImpl.java:41)
at org.eclipse.scout.rt.server.commons.servletfilter.ServletFilterDelegate.delegateServiceMethod(ServletFilterDelegate.java:60)
at org.eclipse.scout.rt.ui.rap.internal.servletfilter.DelegateFilter.doFilter(DelegateFilter.java:48)
at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1142)
at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:110)
at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)
at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:70)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:487)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:442)
at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl.doDispatch(HttpServiceRuntimeImpl.java:228)
at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.processAlias(ProxyServlet.java:87)
at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.service(ProxyServlet.java:66)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.equinox.http.jetty.internal.HttpServerManager$InternalHttpServiceServlet.service(HttpServerManager.java:337)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:800)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1125)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1059)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:248)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:620)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:540)
at java.lang.Thread.run(Thread.java:745)
Isn't the mysql driver included in the com.bsiag.scout.rt.server.jdbc.mysql5117 bundle?
Thanks Peter
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1614864 is a reply to message #1614499] |
Fri, 13 February 2015 14:51 |
Jeremie Bresson Messages: 1252 Registered: October 2011 |
Senior Member |
|
|
Ok I took some time on your problem.
Peter Pfeifer wrote on Fri, 13 February 2015 10:32Isn't the mysql driver included in the com.bsiag.scout.rt.server.jdbc.mysql5117 bundle
You can find out by doing CTRL+SHIFT+T and search for "com.mysql.jdbc.Driver".
The Editor show nothing but a "Source not found" error.
If you have clicked "Link with Editor" button (the one with the 2 yellow arrows) in the Package Explorer, you will find out where the class is.
=> com.mysql.jdbc_5117.fragment
You can add this fragment to the list ("Dependencies" Tab in the Product File Editor).
Peter Pfeifer wrote on Mon, 09 February 2015 13:26I tried to add the mysql bundle to the rap project plugin xml too. But then the RAP server refuses to startup at all...
If you do so, you will have a product validation problem (the dependencies declared in the MANIFEST.MF are not all fulfilled).
(I assume you have added the mysql bundle com.bsiag.scout.rt.server.jdbc.mysql5117 to the rap-dev product xml file. You can not add dependency to plugin.xml)
When you validate your product, you have a "missing requirement con" error, because com.bsiag.scout.rt.server.jdbc.mysql5117 has a dependency to:
* Package: com.mysql.jdbc [1]
* Bundle: org.eclipse.scout.rt.server [2]
You can fulfill the requirement [1] by adding the fragment " com.mysql.jdbc_5117.fragment " into the list. But you cannot fulfill requirement [2] because you do not have the server code in your rap project (it is the Scout client).
At the end if you look what is in the com.bsiag.scout.rt.server.jdbc.mysql5117 bundle you will notice that this is not necessary (You have for example AbstractMySqlSqlService that is not necessary).
On the dependency topic, I recommend you my forum post where I tried to explain target-platform, target-definition, product file...
----
If you look at DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) you will notice that the password parameter (passEncrypted) passed to DataSourceSecurityFilter.isValidUser(String, String) is the Base64 encryption of the Password entered by the in the login box.
Your statement should probabely look more like:
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT LOWER(username), id, countyid, seclevel FROM Users WHERE LOWER(username)=? AND TO_BASE64(PASSWORD)=?
----
I have asked my coworker what is the state of the art solution of your problem.
In our vision the RAP-Server (aka Scout Client) does not connect to the database.
The solution was presented at the EclipseCon Europe 2012. See the slides: 20121022_BahBah_Slides.pdf
On slide 23 you will see the overview:
The RAP-Scout-Client has a BasicForwardSecurity filter who will ask the "/auth" servlet on the Scout Server. This servlet is available without any password.
The Server will be responsible to log the user in. This way you have your Database configuration at one single point (the server) and the RAP-Scout-Client knows nothing the Database.
If you do not have a desktop client, you do not need the "/process" servlet in the server.
You can check the Bahbah Chat demo application where this is implemented.
[Updated on: Tue, 21 April 2015 08:58] Report message to a moderator
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1615935 is a reply to message #1614864] |
Sat, 14 February 2015 07:34 |
|
Hello Jeremie,
thanks for the explanations.
Jeremie Bresson wrote on Fri, 13 February 2015 14:51
I have asked my coworker what is the state of the art solution of your problem.
In our vision the RAP-Server (aka Scout Client) does not connect to the database.
The solution was presented at the EclipseCon Europe 2012. See the slides: 20121022_BahBah_Slides.pdf
On slide 23 you will see the overview:
The RAP-Scout-Client has a BasicForwardSecurity filter who will ask the "/auth" servlet on the Scout Server. This servlet is available without any password.
The Server will be responsible to log the user in. This way you have your Database configuration at one single point (the server) and the RAP-Scout-Client knows nothing the Database.
If you do not have a desktop client, you do not need the "/process" servlet in the server.
You can check the Bahbah Chat demo application where this is implemented.
Ok. I think I know what you mean. But I have to look further through the code. But if this is more or less the reference implementation of how to authenticate web users, wouldn't this be worth a wiki entry? Since there only securityfilters are mentioned?
Jeremie Bresson wrote on Fri, 13 February 2015 14:51
If you look at DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) you will notice that the password parameter (passEncrypted) passed to DataSourceSecurityFilter.isValidUser(String, String) is the Base64 encryption of the Password entered by the in the login box.
Your statement should probabely look more like:
org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT LOWER(username), id, countyid, seclevel FROM Users WHERE LOWER(username)=? AND TO_BASE64(PASSWORD)=?
This would mean that the password is stored as plain text in the database. I hope nobody is doing that
Thanks
Peter
[Updated on: Tue, 21 April 2015 08:58] by Moderator Report message to a moderator
|
|
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1636825 is a reply to message #1619277] |
Thu, 26 February 2015 11:45 |
Marco Dörfliger Messages: 46 Registered: January 2015 |
Member |
|
|
This is briefly covered by the DataSourceSecurityFilter section in the Security concepts wiki. DataSourceSecurityFilter.negotiate and DataSourceSecurityFilter.encryptPass use base64 encryption by default, so the default implementation would store base64 encrypted passwords in the database. Am I right in thinking that base64 encryption is reversible? That would mean passwords wouldn't actually be protected.
One question I wondered about recently is whether it's possible to implement password salting with the DataSourceSecurityFilter, and if a custom security filter was required how this mechanism might work.
[Updated on: Thu, 26 February 2015 11:50] Report message to a moderator
|
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1642818 is a reply to message #1636872] |
Sun, 01 March 2015 08:10 |
Marco Dörfliger Messages: 46 Registered: January 2015 |
Member |
|
|
Yeah, default implementation uses md5 hashes. I came up with something which (I think) is workable. I based my solution on the following article (which for anyone interested provides a fairly succinct all-you-need-to-know explanation of password security): https://crackstation.net/hashing-security.htm.
The first part of my solution is to copy a PBKDF2 hashing algorithm (PasswordHash.java) directly from the crackstation.net website. Other than a package declaration, it requires no modification.
The second part is the security filter implementation, which inherits heavily from DataSourceSecurityFilter:
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.rt.server.commons.servletfilter.FilterConfigInjection;
import org.eclipse.scout.rt.server.commons.servletfilter.security.DataSourceSecurityFilter;
/**
* @author Marco Dörfliger
*/
public class SaltedDataSourceSecurityFilter extends DataSourceSecurityFilter {
private static final IScoutLogger LOG = ScoutLogManager.getLogger(SaltedDataSourceSecurityFilter.class);
private String m_selectStatement;
@Override
public void init(FilterConfig config0) throws ServletException {
super.init(config0);
FilterConfigInjection.FilterConfig config = new FilterConfigInjection(config0, getClass()).getAnyConfig();
m_selectStatement = config.getInitParameter("selectUserPass");
if (m_selectStatement == null) {
throw new ServletException("Missing init-param with name 'selectUserPass'.");
}
}
@Override
protected String encryptPass(String pass) throws ServletException {
return pass;
}
/**
* The selectStatement parameter should be set to something like
* "SELECT PASSWORD FROM USERS WHERE ACCOUNT_LOCKED=0 AND LOWER(USERNAME)=?"
*/
@Override
protected boolean isValidUser(String username, String password, Connection connection) throws SQLException {
PreparedStatement stmt = null;
try {
stmt = connection.prepareStatement(m_selectStatement);
stmt.setString(1, username);
stmt.execute();
ResultSet resultSet = stmt.getResultSet();
return (resultSet.next() && PasswordHash.validatePassword(password, resultSet.getString(1)));
}
catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
LOG.error("Exception occurred validating password", e);
return false;
}
finally {
try {
if (stmt != null) {
stmt.close();
stmt = null;
}
}
catch (SQLException e) {
LOG.warn("Exception in close stmt!", e);
}
}
}
public static void main(String[] args) throws ServletException {
SaltedDataSourceSecurityFilter sdssf = new SaltedDataSourceSecurityFilter();
System.out.println("'sausages' encrypts to " + sdssf.encryptPass("sausages"));
}
}
The matching configuration lines in config.ini are as follows:
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#active=true
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#realm=development
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#jdbcDriverName=org.postgresql.Driver
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#jdbcMappingName=jdbc:postgresql://localhost:5432
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#jdbcUsername=appuser
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#jdbcPassword=dbpassword
com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter#selectUserPass=SELECT PASSWORD FROM USERS WHERE ACCOUNT_LOCKED=0 AND LOWER(USERNAME)=?
Finally, you need to update the extension in the server plugin.xml file, and replace the DataSourceSecurityFilter with the SaltedDataSourceSecurityFilter as follows:
<filter
aliases="/process /remotefiles /updatesite"
class="com.mycompany.myproject.server.services.common.security.SaltedDataSourceSecurityFilter"
ranking="40">
</filter>
Afaik the password is still sent "in the clear" from client to server which could be improved upon, but this is a step in the right direction I think.
[Updated on: Sun, 01 March 2015 08:14] Report message to a moderator
|
|
|
Re: DataSourceSecurityFilter and RAP Client [message #1642960 is a reply to message #1614864] |
Sun, 01 March 2015 09:47 |
|
Hi Jermie,
Today I found some time to look at the solution:
Jeremie Bresson wrote on Fri, 13 February 2015 14:51
I have asked my coworker what is the state of the art solution of your problem.
In our vision the RAP-Server (aka Scout Client) does not connect to the database.
The solution was presented at the EclipseCon Europe 2012. See the slides: 20121022_BahBah_Slides.pdf
I managed to add all the things as suggested. But what I didn't find is where I can enter a username and password when starting the RAP client. What did I miss here.
But as we already agreed, I'll wait for the hints and tips on form based login
Thanks
Peter
|
|
|
Powered by
FUDForum. Page generated in 0.04074 seconds