|
Re: [CDO/Net4j] How to properly authenticate [message #1614290 is a reply to message #1611344] |
Fri, 13 February 2015 06:29 |
|
Hi Maximilian,
On the server-side you need to register a factory for an authenticator that implements
org.eclipse.net4j.util.security.IAuthenticator or org.eclipse.net4j.util.security.IAuthenticator2 (please have a look at
the implementations that we provide). This can either be done programatically via
org.eclipse.emf.cdo.server.ISessionManager.setAuthenticator(IAuthenticator) or declaratively by contributing an
org.eclipse.net4j.util.security.AuthenticatorFactory to the server's IManagedContainer.
On the client-side you must use
org.eclipse.emf.cdo.session.CDOSessionConfiguration.setCredentialsProvider(IPasswordCredentialsProvider). Again, you can
extend our implementations or make your own.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Am 11.02.2015 um 15:46 schrieb Maximilian Kürth:
> Dear community,
>
> I want to use a Net4j TCP connection with authentication in my client-server-application. I wire container manually
> for more control, like that:
>
>
> IManagedContainer container = ContainerUtil.createContainer();
> Net4jUtil.prepareContainer(container);
> TCPUtil.prepareContainer(container);
>
>
> How do I plug a security mechanism in there? I tried some things with UserManager and ChallangeNegogiation but got no
> luck.
>
> I saw some documentation using post processing but I would like to have the authentication at connection time, not
> afterwards if possible.
>
> I also read some test which referred to internal implementations but there should be another way I think.
>
> Thanks in advance.
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
Re: [CDO/Net4j] How to properly authenticate [message #1632527 is a reply to message #1632512] |
Tue, 24 February 2015 10:24 |
|
Am 24.02.2015 um 11:12 schrieb Maximilian Kürth:
> Hi Eike,
>
> thanks for your response. The problem is that I do not use CDO at this stage of my application. I really like to put
> some more communication in one single container
I really don't understand what that all means.
> so i tried this one.
>
>
> container.registerFactory(new MyNegotiatorFactory());
In my first reply I told you how to configure CDO authentication. What you're trying nevertheless (i.e., Net4j-level
single-sign-on authentication) is kind of deprecated and will probably not work. Here's additional information:
https://wiki.eclipse.org/Use_CDO_Net4J_Authentification#CDO_3.0
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
>
>
> After that i took out the element like the IAcceptor before unless my factory would not be used.
>
>
> container.getElement("org.eclipse.net4j.Negotiators", "challenge", null);
>
>
> And my factory looks like this one.
>
>
> @Override
> public ChallengeNegotiator create(String description) throws productCreationException {
> System.out.println("negogiator plugged");
> users.addUser("peter", "kilometer".toCharArray());
> ChallengeNegotiator neg = new ChallengeNegotiator();
> neg.setUserManager(users);
> neg.setRandomizer(new Randomizer());
> return neg;
> }
>
>
> I simply extended the ChallengeNegotiatorFactory with the method above and it is really called and created (see the
> debug line, it is displayed).
>
> On the client side I currently changed nothing to test the authentication (which in my oppinion should result in a
> failure). I implemented a simple PING-PONG-protocol and it works like I had no negotiator.
>
> So beside CDO what should I change to allow only valid authenticated connections?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
|
|
|
|
|
Re: [CDO/Net4j] How to properly authenticate [message #1637181 is a reply to message #1632974] |
Thu, 26 February 2015 15:30 |
Maximilian Kürth Messages: 6 Registered: December 2014 |
Junior Member |
|
|
Ok, I did the following to get it working.
private void startServer() throws InterruptedException {
IManagedContainer container = ContainerUtil.createContainer();
Net4jUtil.prepareContainer(container);
TCPUtil.prepareContainer(container);
IBufferPool bPool = Net4jUtil.createBufferPool();
LifecycleUtil.activate(bPool);
UserManager uManager = new UserManager();
uManager.addUser("peter", "kilometer".toCharArray());
uManager.activate();
container.registerFactory(new RandomizerFactory());
container.registerFactory(new ChallengeNegotiatorFactory());
container.registerFactory(new ActivityServerProtocol.Factory());
container.activate();
ITCPAcceptor acceptor = null;
Randomizer randomizer = null;
ChallengeNegotiator negotiator = null;
try {
acceptor = (ITCPAcceptor) container.getElement("org.eclipse.net4j.acceptors", "tcp", "127.0.0.1:2036",
false);
randomizer = (Randomizer) container.getElement("org.eclipse.net4j.randomizers", "default", null);
negotiator = (ChallengeNegotiator) container.getElement("org.eclipse.net4j.Negotiators", "challenge", null,
false);
negotiator.setRandomizer(randomizer);
negotiator.setUserManager(uManager);
((TCPAcceptor) acceptor).getConfig().setBufferProvider(bPool);
((TCPAcceptor) acceptor).getConfig().setNegotiator(negotiator);
randomizer.activate();
negotiator.activate();
LifecycleUtil.activate(acceptor);
while (true) {
Thread.sleep(5000);
for (IConnector connector : acceptor.getAcceptedConnectors()) {
System.out.println(connector.openChannel().getUserID());
}
}
} finally {
if (randomizer != null) {
randomizer.deactivate();
}
if (negotiator != null) {
negotiator.deactivate();
}
if (acceptor != null) {
LifecycleUtil.deactivate(acceptor);
}
LifecycleUtil.deactivate(container);
uManager.deactivate();
LifecycleUtil.deactivate(bPool);
}
}
private void startClient() throws RemoteException, Exception {
IManagedContainer container = ContainerUtil.createContainer();
Net4jUtil.prepareContainer(container);
TCPUtil.prepareContainer(container);
PasswordCredentialsProvider credentials = new PasswordCredentialsProvider("peter", "kilometer");
LifecycleUtil.activate(credentials);
container.registerFactory(new ResponseNegotiatorFactory());
container.activate();
ITCPConnector connector = null;
ResponseNegotiator negotiator = null;
try {
connector = (ITCPConnector) container.getElement("org.eclipse.net4j.connectors", "tcp", "127.0.0.1:2036",
false);
negotiator = (ResponseNegotiator) container.getElement("org.eclipse.net4j.Negotiators", "response", null,
false);
negotiator.setCredentialsProvider(credentials);
((TCPConnector) connector).getConfig().setNegotiator(negotiator);
negotiator.activate();
LifecycleUtil.activate(connector);
while (connector != null) {
ActivityClientProtocol protocol = new ActivityClientProtocol(connector);
ActivityRequest request = new ActivityRequest(protocol, "Client Peter Kilometer requesting...");
String echo = request.send();
protocol.close();
if (!"OK".equals(echo)) {
throw new RuntimeException("Server is not there!");
}
System.out.println(echo + " " + connector.openChannel().getUserID());
Thread.sleep(5000);
}
} finally {
if (negotiator != null) {
negotiator.deactivate();
}
if (connector != null) {
LifecycleUtil.deactivate(connector);
}
LifecycleUtil.deactivate(container);
LifecycleUtil.deactivate(credentials);
}
}
However is there any possibility to configure the ITCPAcceptor and ITCPConnector correctly without accessing them through their implementations? Maybe something like ChallengeNegotiatorConfigurer though it is not sufficient at all. I really would like to prevent using restricted code.
|
|
|
|
Powered by
FUDForum. Page generated in 0.03334 seconds