Jump to: navigation, search

Difference between revisions of "CDO/Net4j Authentication"

< CDO
(IManagedContainer-Setup)
(IManagedContainer-Setup)
Line 63: Line 63:
 
     }
 
     }
 
   }
 
   }
 
and change the static block to
 
  
 
The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real authentication.
 
The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real authentication.

Revision as of 04:46, 3 October 2008

In most enterprise application a user has to authenticate against the webserver, CDO application are not different in this aspect. So naturally CDO and Net4J provide a possibility to authenticate. The source code shown in this section is part of a big example project exploiting RCP+EMF+Databinding features.

Server

Server configuration with cdo-server.xml

Property-File based Authentication

If you are configuring your server using cdo-server.xml and providing authentication against a simple text file is as simple as uncommenting the following lines:

<acceptor type="tcp" listenAddr="0.0.0.0" port="2036">
  <negotiator type="challenge" description="/tmp/users.db"/>
</acceptor>

The value is the path to the user/password-File the authentication is done against. In this simple case the file is a Property-File and looks like this:

tom=myverysecretpassword

Client

IManagedContainer-Setup

The standard code to retrieve the session in an IManagedContainer looks like this:

 public CDOSessionProvider {
   public CDOSession openSession(String id, String host, String port) {
     IConnector connector = TCPUtil.getConnector(IPluginContainer.INSTANCE, host + ":" + port );
     CDOSessionConfiguration configuration = CDOUtil.createSessionConfiguration();
     configuration.setConnector(connector);
     configuration.setRepositoryName(id);
   
     return configuration.openSession();
   }
 }

And use it in our code like this:

 CDOSessionProvider pv = new CDOSessionProvider();
 pv.openSession("MyRep","localhost","2036");

The authentication negotiation has to be configured before the connection to the server is establish which happens here in the TCPUtil.getConnector()-method. So we somehow have to configure the system in between the call.

The first thing we need to do is to register a PostProcessor for the IPluginContainer.INSTANCE. This has to done only once for a IManagedContainer so the best part is a static block in the CDOSessionProvider.

  static {
    IPluginContainer.INSTANCE.addPostProcessor(new AuthElementProcessor("tom","myverysecretpassword") { /* concrete impl see below */ })
  }

This ensures that we can enhance the configured connector and attach a so called INegotiator (in our case a special implementation for challenge/response based negotiation, see wikipedia, is available). The implementation to make this happen looks like this:

 private static class AuthElementProcessor implements IElementProcessor {
   private String username;
   private String password;
   
   public AuthElementProcessor(String username, String password) {
     this.username = username;
     this.password = password;
   }
   
   public Object process(IManagedContainer container,
                          String productGroup, String factoryType,
                          String description, Object element) {
     if( element instanceof InternalConnector ) {
       ResponseNegotiator rn = new ResponseNegotiator();
       ((InternalConnector)element).getConfig().setNegotiator(rn);
     }
     
     return element;
   }
 }

The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real authentication.

 if( element instanceof InternalConnector ) {
   ResponseNegotiator rn = new ResponseNegotiator();
   PasswordCredentialsProvider pw = new PasswordCredentialsProvider(new PasswordCredentials(username,password.toCharArray()));
   rn.setCredentialsProvider(pw);
   ((InternalConnector)element).getConfig().setNegotiator(rn);
 }

Now your client authenticates against your CDO-Server and you'll receive a "org.eclipse.net4j.connector.ConnectorException" if you try to access the session informations.