Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Security:Alert"
(→Overview) |
(→Design) |
||
| Line 9: | Line 9: | ||
;AlertContext | ;AlertContext | ||
| − | It contains all the information that Alert | + | It contains all the information that Alert UI needs to present to the user. An alert context will contain a IContentInfo and 0 or more IAlertStatus. |
;IContentInfo | ;IContentInfo | ||
Revision as of 16:56, 25 October 2007
Overview
Some use case has the requirements to use the same brandable alert UI pop-up dialog in the following situations: OSGI tries to load untrusted bundles, connecting to a https server that has untrusted server certificate, and a component within the system tries to delete files that has not permission. Below is our draft of UI mockup.
Design
The goal is to design a alert framework to fulfill the requirements mentioned as above. However, the design should be flexible enough to extend the functionality into different context. for example, executing Javascript at Java runtime requires user to grant. Below are the interfaces that we come up w/.
- AlertContext
It contains all the information that Alert UI needs to present to the user. An alert context will contain a IContentInfo and 0 or more IAlertStatus.
- IContentInfo
It contains the content information that is specific to each context. It also contains the overall icon for the context. The operation msg will indicate the operation (loadtime, runtime, ssl and etc) that is executing within the context.
- IAlertResponse
After a end user press 'Done' or 'Ok' on the alert UI dialog, the result will be turned into a IAlertResponse object will be handled to a appropriate IAlertResponseCallbackHandler.
- IAlertStatus
It represents a alert status within a context. Each instance contains 0 or more IAlertAction or IAlertOption. However, only one IalertAction can be selected and 0 or more IAlertOption can be selected.
- IAlertAction
It just model the alert action within a alert context. It contains a unique string representation of itself. An example of IAlertAction could be 'Allow' and 'Deny'.
- IAlertOption
It models the alert options that are associated with each IalertStatus. Some of the IAlertOption are like 'trust this bundle permanently' or 'trust this bundle for this session only.'
- IResponseCallbackHandler
An instance of this interface will know how to handle set AlertAction and AlertOption. Default LoadTimeStatusCallbackHandler will call the default LoadTime CertificateTrustAuthority for persisting the chain of Certificate.
- ISecurityPolicyEngine