Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "CDO/Net4j Authentication"
(→IManagedContainer-Setup) |
|||
| Line 1: | Line 1: | ||
| − | In most enterprise application a user has to | + | In most enterprise application a user has to authenticate against the webserver, CDO application are not different in this aspect. So naturally CDO and Net4J provide a possibility to authenticate. The source code shown in this section is part of a big [http://tom-eclipse-dev.blogspot.com/2008/09/exploring-new-technologies-part-of.html example project] exploiting RCP+EMF+Databinding features. |
==Server== | ==Server== | ||
===Server configuration with cdo-server.xml=== | ===Server configuration with cdo-server.xml=== | ||
| − | ====Property-File based | + | ====Property-File based Authentication==== |
| − | If you are configuring your server using cdo-server.xml and providing | + | If you are configuring your server using cdo-server.xml and providing authentication against a simple text file is as simple as uncommenting the following lines: |
<acceptor type="tcp" listenAddr="0.0.0.0" port="2036"> | <acceptor type="tcp" listenAddr="0.0.0.0" port="2036"> | ||
| Line 10: | Line 10: | ||
</acceptor> | </acceptor> | ||
| − | The value is the path to the user/password-File the | + | The value is the path to the user/password-File the authentication is done against. In this simple case the file is a Property-File and looks like this: |
tom=myverysecretpassword | tom=myverysecretpassword | ||
| Line 27: | Line 27: | ||
} | } | ||
| − | The | + | The authentication negotiation has to be configured before the connection to the server is establish which happens here in the TCPUtil.getConnector()-method. So we somehow have to configure the system in between the call. |
The first thing we need to do is to register a PostProcessor for the IPluginContainer.INSTANCE like this: | The first thing we need to do is to register a PostProcessor for the IPluginContainer.INSTANCE like this: | ||
| Line 58: | Line 58: | ||
} | } | ||
| − | The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real | + | The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real authentication. |
if( element instanceof InternalConnector ) { | if( element instanceof InternalConnector ) { | ||
| Line 67: | Line 67: | ||
} | } | ||
| − | Now your client | + | Now your client authenticates against your CDO-Server and you'll receive a "org.eclipse.net4j.connector.ConnectorException" if you try to access the session informations. |
Revision as of 04:33, 3 October 2008
In most enterprise application a user has to authenticate against the webserver, CDO application are not different in this aspect. So naturally CDO and Net4J provide a possibility to authenticate. The source code shown in this section is part of a big example project exploiting RCP+EMF+Databinding features.
Contents
Server
Server configuration with cdo-server.xml
Property-File based Authentication
If you are configuring your server using cdo-server.xml and providing authentication against a simple text file is as simple as uncommenting the following lines:
<acceptor type="tcp" listenAddr="0.0.0.0" port="2036"> <negotiator type="challenge" description="/tmp/users.db"/> </acceptor>
The value is the path to the user/password-File the authentication is done against. In this simple case the file is a Property-File and looks like this:
tom=myverysecretpassword
Client
IManagedContainer-Setup
The standard code to retrieve the session in an IManagedContainer looks like this:
public CDOSession openSession(String id, String host, String port) {
IConnector connector = TCPUtil.getConnector(IPluginContainer.INSTANCE, host + ":" + port );
CDOSessionConfiguration configuration = CDOUtil.createSessionConfiguration();
configuration.setConnector(connector);
configuration.setRepositoryName(id);
return configuration.openSession();
}
The authentication negotiation has to be configured before the connection to the server is establish which happens here in the TCPUtil.getConnector()-method. So we somehow have to configure the system in between the call.
The first thing we need to do is to register a PostProcessor for the IPluginContainer.INSTANCE like this:
public CDOSession openSession(String id, String host, String port) {
IPluginContainer.INSTANCE.addPostProcessor(new IElementProcessor() { /* concrete impl see below */ })
}
This ensures that we can enhance the configured connector and attach a so called INegotiator (in our case a special implementation for challenge/response based negotiation, see wikipedia, is available). The implementation to make this happen looks like this:
private class AuthElementProcessor implements IElementProcessor {
private String username;
private String password;
public AuthElementProcessor(String username, String password) {
this.username = username;
this.password = password;
}
public Object process(IManagedContainer container,
String productGroup, String factoryType,
String description, Object element) {
if( element instanceof InternalConnector ) {
ResponseNegotiator rn = new ResponseNegotiator();
((InternalConnector)element).getConfig().setNegotiator(rn);
}
return element;
}
}
The last step is to configure the ResponseNegotiator and provide PasswordCredentials for it used to do the real authentication.
if( element instanceof InternalConnector ) {
ResponseNegotiator rn = new ResponseNegotiator();
PasswordCredentialsProvider pw = new PasswordCredentialsProvider(new PasswordCredentials(username,password.toCharArray()));
rn.setCredentialsProvider(pw);
((InternalConnector)element).getConfig().setNegotiator(rn);
}
Now your client authenticates against your CDO-Server and you'll receive a "org.eclipse.net4j.connector.ConnectorException" if you try to access the session informations.