[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ecf-dev] user authentication and user dependent services
- From: Peter Hermsdorf <peter.hermsdorf@xxxxxxxxx>
- Date: Mon, 29 Jun 2015 13:11:56 +0200
- Delivered-to: firstname.lastname@example.org
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
I have a use case, where a client/consumer needs to authenticate at the
server/provider and the actual service implementation on the server
needs the authentication information (at least the username) when called.
My current solution is to make the username part of the API. eg.
String myService(String username, String otherparameters);
But it would be nice to have access to the actual Authentication
information of the caller to use them.
I have implemented a custom HostContainerSelector which registers a
IConnectHandlerPolicy to handle to authentication. But I have no idea on
how to access them in my service implementation (probably I need to call
some ECF API....)
The use case is access control, eg. depending on your username/login you
can "see" different content. When making the username part of the API a
authenticated client could pretend being someone else by just calling
the service with a different username.
I could imagine a kind of wrapper code on server side which intercept
the service call and "substitutes" the username in the service call
before the actual service is called. This would have the benefit of
decoupling this authentication/user handling stuff from the actual
service implementation. (the service wouldn't need to know anything
about ECF and user management)
Thanks for any hints and ideas!