continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Thakur" <rahul.thakur.x...@gmail.com>
Subject Re: XML RPC security
Date Sun, 29 Apr 2007 07:05:14 GMT
I thought there was something similar to this that exists in Redback?

Rahul

----- Original Message ----- 
From: "Emmanuel Venisse" <emmanuel@venisse.net>
To: <continuum-dev@maven.apache.org>
Sent: Saturday, April 28, 2007 12:37 AM
Subject: Re: XML RPC security


>I think it's best solution. With a token, we don't have login/password 
>over the network for each request.
>
> XmlRpcService
>   String login( username, password ) //return a token
>   {
>       tokenManager.login( username, password );
>   }
>
>   Object method1( token, params ) //null token for guest user or a 
> getGuestToken() method that will return it
>   {
>       User user = tokenManager.getUser( token );
>       ...
>   }
>   Object method2( token, params )
>   {
>       ...
>   }
>
> TokenManager
>   String login( username, password ); //return a token
>   User getUser( token )
>
> The TokenManager can be a plexus component with a default 
> implementation for redback.
> wdyt?
>
> Emmanuel
>
> Emmanuel Venisse a écrit :
>> Hey guys,
>>
>> Some quick notes on the security for XML RPC interface. This is what 
>> I
>> am thinking...
>>
>> Have an AuthenticatedXmlRpcService component that services the xml 
>> rpc
>> requests. The first request from a client to the service is a request
>> for authentication. A successful authentication returns an
>> authentication Token, which is passed along with subsequent requests 
>> by
>> the client. A Token can go stale (configurable time period?) if there
>> were not requests detected for it. Also, we could have a service that
>> answers any polling requests and keeps a Token 'alive'.
>>
>> Thoughts?
>>
>> Rahul
>>
>>
>>
>>
> 


Mime
View raw message