Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF » [CDO/Net4j] How to properly authenticate
[CDO/Net4j] How to properly authenticate [message #1611344] Wed, 11 February 2015 09:59 Go to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
Dear community,

I want to use a Net4j TCP connection with authentication in my client-server-application. I wire container manually for more control, like that:

IManagedContainer container = ContainerUtil.createContainer();
Net4jUtil.prepareContainer(container);
TCPUtil.prepareContainer(container);


How do I plug a security mechanism in there? I tried some things with UserManager and ChallangeNegogiation but got no luck.

I saw some documentation using post processing but I would like to have the authentication at connection time, not afterwards if possible.

I also read some test which referred to internal implementations but there should be another way I think.

Thanks in advance.
Re: [CDO/Net4j] How to properly authenticate [message #1614290 is a reply to message #1611344] Fri, 13 February 2015 06:29 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Hi Maximilian,

On the server-side you need to register a factory for an authenticator that implements
org.eclipse.net4j.util.security.IAuthenticator or org.eclipse.net4j.util.security.IAuthenticator2 (please have a look at
the implementations that we provide). This can either be done programatically via
org.eclipse.emf.cdo.server.ISessionManager.setAuthenticator(IAuthenticator) or declaratively by contributing an
org.eclipse.net4j.util.security.AuthenticatorFactory to the server's IManagedContainer.

On the client-side you must use
org.eclipse.emf.cdo.session.CDOSessionConfiguration.setCredentialsProvider(IPasswordCredentialsProvider). Again, you can
extend our implementations or make your own.

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper




Am 11.02.2015 um 15:46 schrieb Maximilian Kürth:
> Dear community,
>
> I want to use a Net4j TCP connection with authentication in my client-server-application. I wire container manually
> for more control, like that:
>
>
> IManagedContainer container = ContainerUtil.createContainer();
> Net4jUtil.prepareContainer(container);
> TCPUtil.prepareContainer(container);
>
>
> How do I plug a security mechanism in there? I tried some things with UserManager and ChallangeNegogiation but got no
> luck.
>
> I saw some documentation using post processing but I would like to have the authentication at connection time, not
> afterwards if possible.
>
> I also read some test which referred to internal implementations but there should be another way I think.
>
> Thanks in advance.


Re: [CDO/Net4j] How to properly authenticate [message #1632512 is a reply to message #1614290] Tue, 24 February 2015 10:12 Go to previous messageGo to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
Hi Eike,

thanks for your response. The problem is that I do not use CDO at this stage of my application. I really like to put some more communication in one single container so i tried this one.

container.registerFactory(new MyNegotiatorFactory());


After that i took out the element like the IAcceptor before unless my factory would not be used.

container.getElement("org.eclipse.net4j.Negotiators", "challenge", null);


And my factory looks like this one.

@Override
public ChallengeNegotiator create(String description) throws productCreationException {
	System.out.println("negogiator plugged");
	users.addUser("peter", "kilometer".toCharArray());
	ChallengeNegotiator neg = new ChallengeNegotiator();
	neg.setUserManager(users);
	neg.setRandomizer(new Randomizer());
	return neg;
}


I simply extended the ChallengeNegotiatorFactory with the method above and it is really called and created (see the debug line, it is displayed).

On the client side I currently changed nothing to test the authentication (which in my oppinion should result in a failure). I implemented a simple PING-PONG-protocol and it works like I had no negotiator.

So beside CDO what should I change to allow only valid authenticated connections?
Re: [CDO/Net4j] How to properly authenticate [message #1632527 is a reply to message #1632512] Tue, 24 February 2015 10:24 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Am 24.02.2015 um 11:12 schrieb Maximilian Kürth:
> Hi Eike,
>
> thanks for your response. The problem is that I do not use CDO at this stage of my application. I really like to put
> some more communication in one single container
I really don't understand what that all means.

> so i tried this one.
>
>
> container.registerFactory(new MyNegotiatorFactory());
In my first reply I told you how to configure CDO authentication. What you're trying nevertheless (i.e., Net4j-level
single-sign-on authentication) is kind of deprecated and will probably not work. Here's additional information:
https://wiki.eclipse.org/Use_CDO_Net4J_Authentification#CDO_3.0

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper



>
>
> After that i took out the element like the IAcceptor before unless my factory would not be used.
>
>
> container.getElement("org.eclipse.net4j.Negotiators", "challenge", null);
>
>
> And my factory looks like this one.
>
>
> @Override
> public ChallengeNegotiator create(String description) throws productCreationException {
> System.out.println("negogiator plugged");
> users.addUser("peter", "kilometer".toCharArray());
> ChallengeNegotiator neg = new ChallengeNegotiator();
> neg.setUserManager(users);
> neg.setRandomizer(new Randomizer());
> return neg;
> }
>
>
> I simply extended the ChallengeNegotiatorFactory with the method above and it is really called and created (see the
> debug line, it is displayed).
>
> On the client side I currently changed nothing to test the authentication (which in my oppinion should result in a
> failure). I implemented a simple PING-PONG-protocol and it works like I had no negotiator.
>
> So beside CDO what should I change to allow only valid authenticated connections?


Re: [CDO/Net4j] How to properly authenticate [message #1632547 is a reply to message #1632527] Tue, 24 February 2015 10:38 Go to previous messageGo to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
Ok, I try some more detail.

I work on a RCP application which should be extenden in communication aspects. We use CDO as model repository and I would like to get a startup sequence like described like that:

- start client
- connect to server using authentication
- handle a permanent pinging connection (like client is alive)
- handle some security/licensing stuff
- establish cdo connection (after all other tasks already successfully done)
- -> work on client

Currently CDO is treated as an option beside some other stores so I tried to handle the essential network stuff using only Net4J.

I hope I could describe the situation.
Re: [CDO/Net4j] How to properly authenticate [message #1632572 is a reply to message #1632547] Tue, 24 February 2015 10:55 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Am 24.02.2015 um 11:38 schrieb Maximilian Kürth:
> Ok, I try some more detail.
>
> I work on a RCP application which should be extenden in communication aspects. We use CDO as model repository and I
> would like to get a startup sequence like described like that:
>
> - start client
> - connect to server using authentication
> - handle a permanent pinging connection (like client is alive)
> - handle some security/licensing stuff
> - establish cdo connection (after all other tasks already successfully done)
> - -> work on client
>
> Currently CDO is treated as an option beside some other stores so I tried to handle the essential network stuff using
> only Net4J.
Maybe it helps to compare your solution with the code in org.eclipse.net4j.util.tests.SecurityTest.

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper


Re: [CDO/Net4j] How to properly authenticate [message #1632573 is a reply to message #1632572] Tue, 24 February 2015 10:58 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Am 24.02.2015 um 11:55 schrieb Eike Stepper:
> Maybe it helps to compare your solution with the code in org.eclipse.net4j.util.tests.SecurityTest.
Probably more realistic: org.eclipse.net4j.tests.TCPConnectorTest

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper


Re: [CDO/Net4j] How to properly authenticate [message #1632844 is a reply to message #1632573] Tue, 24 February 2015 14:17 Go to previous messageGo to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
I will try to dig a bit more into that but as I mentioned in the first comment there seems to be a lot of internal code usage. Anyway you will hear from me.
Re: [CDO/Net4j] How to properly authenticate [message #1632886 is a reply to message #1632844] Tue, 24 February 2015 14:46 Go to previous messageGo to next message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Am 24.02.2015 um 15:17 schrieb Maximilian Kürth:
> I will try to dig a bit more into that but as I mentioned in the first comment there seems to be a lot of internal
> code usage.
What internal code usage? Where is it mentioned?

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper


Re: [CDO/Net4j] How to properly authenticate [message #1632974 is a reply to message #1632886] Tue, 24 February 2015 15:52 Go to previous messageGo to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
Ok, I think internal is the wrong word. I would consider restricted code to be better.

Examples are TCPConnector and TCPAcceptor.
Re: [CDO/Net4j] How to properly authenticate [message #1637181 is a reply to message #1632974] Thu, 26 February 2015 15:30 Go to previous messageGo to next message
Maximilian Kürth is currently offline Maximilian KürthFriend
Messages: 6
Registered: December 2014
Junior Member
Ok, I did the following to get it working.

private void startServer() throws InterruptedException {
	IManagedContainer container = ContainerUtil.createContainer();
	Net4jUtil.prepareContainer(container);
	TCPUtil.prepareContainer(container);

	IBufferPool bPool = Net4jUtil.createBufferPool();
	LifecycleUtil.activate(bPool);

	UserManager uManager = new UserManager();
	uManager.addUser("peter", "kilometer".toCharArray());
	uManager.activate();

	container.registerFactory(new RandomizerFactory());
	container.registerFactory(new ChallengeNegotiatorFactory());
	container.registerFactory(new ActivityServerProtocol.Factory());
	container.activate();

	ITCPAcceptor acceptor = null;
	Randomizer randomizer = null;
	ChallengeNegotiator negotiator = null;
	try {
		acceptor = (ITCPAcceptor) container.getElement("org.eclipse.net4j.acceptors", "tcp", "127.0.0.1:2036",
				false);
		randomizer = (Randomizer) container.getElement("org.eclipse.net4j.randomizers", "default", null);
		negotiator = (ChallengeNegotiator) container.getElement("org.eclipse.net4j.Negotiators", "challenge", null,
				false);

		negotiator.setRandomizer(randomizer);
		negotiator.setUserManager(uManager);

		((TCPAcceptor) acceptor).getConfig().setBufferProvider(bPool);
		((TCPAcceptor) acceptor).getConfig().setNegotiator(negotiator);

		randomizer.activate();
		negotiator.activate();
		LifecycleUtil.activate(acceptor);

		while (true) {
			Thread.sleep(5000);

			for (IConnector connector : acceptor.getAcceptedConnectors()) {
				System.out.println(connector.openChannel().getUserID());
			}
		}
	} finally {
		if (randomizer != null) {
			randomizer.deactivate();
		}
		if (negotiator != null) {
			negotiator.deactivate();
		}
		if (acceptor != null) {
			LifecycleUtil.deactivate(acceptor);
		}
		LifecycleUtil.deactivate(container);
		uManager.deactivate();
		LifecycleUtil.deactivate(bPool);
	}
}

private void startClient() throws RemoteException, Exception {
	IManagedContainer container = ContainerUtil.createContainer();
	Net4jUtil.prepareContainer(container);
	TCPUtil.prepareContainer(container);

	PasswordCredentialsProvider credentials = new PasswordCredentialsProvider("peter", "kilometer");
	LifecycleUtil.activate(credentials);

	container.registerFactory(new ResponseNegotiatorFactory());
	container.activate();

	ITCPConnector connector = null;
	ResponseNegotiator negotiator = null;
	try {
		connector = (ITCPConnector) container.getElement("org.eclipse.net4j.connectors", "tcp", "127.0.0.1:2036",
				false);
		negotiator = (ResponseNegotiator) container.getElement("org.eclipse.net4j.Negotiators", "response", null,
				false);
		negotiator.setCredentialsProvider(credentials);

		((TCPConnector) connector).getConfig().setNegotiator(negotiator);

		negotiator.activate();
		LifecycleUtil.activate(connector);

		while (connector != null) {
			ActivityClientProtocol protocol = new ActivityClientProtocol(connector);
			ActivityRequest request = new ActivityRequest(protocol, "Client Peter Kilometer requesting...");
			String echo = request.send();
			protocol.close();

			if (!"OK".equals(echo)) {
				throw new RuntimeException("Server is not there!");
			}
			System.out.println(echo + " " + connector.openChannel().getUserID());
			Thread.sleep(5000);
		}
	} finally {
		if (negotiator != null) {
			negotiator.deactivate();
		}
		if (connector != null) {
			LifecycleUtil.deactivate(connector);
		}
		LifecycleUtil.deactivate(container);
		LifecycleUtil.deactivate(credentials);
	}
}


However is there any possibility to configure the ITCPAcceptor and ITCPConnector correctly without accessing them through their implementations? Maybe something like ChallengeNegotiatorConfigurer though it is not sufficient at all. I really would like to prevent using restricted code.
Re: [CDO/Net4j] How to properly authenticate [message #1637189 is a reply to message #1637181] Thu, 26 February 2015 15:37 Go to previous message
Eike Stepper is currently offline Eike StepperFriend
Messages: 6682
Registered: July 2009
Senior Member
Am 26.02.2015 um 16:30 schrieb Maximilian Kürth:
> Ok, I did the following to get it working.
Very good ;-)

> However is there any possibility to configure the ITCPAcceptor and ITCPConnector correctly without accessing them
> through their implementations? Maybe something like ChallengeNegotiatorConfigurer though it is not sufficient at all.
> I really would like to prevent using restricted code.
You should cast to ITransportConfigAware.

Cheers
/Eike

----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper


Previous Topic:[CDO] 2 clients / 2 JVM/ 1 collection / multiple set -> Java.lang.IllegalStateException
Next Topic:[Compare] Understanding the comparison panes
Goto Forum:
  


Current Time: Thu Mar 28 12:33:20 GMT 2024

Powered by FUDForum. Page generated in 0.02426 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top