continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Venisse <emman...@venisse.net>
Subject Re: XML RPC security
Date Mon, 30 Apr 2007 09:35:42 GMT
Maybe, but I can't find it.

Emmanuel

Rahul Thakur a écrit :
> I thought there was something similar to this that exists in Redback?
> 
> Rahul
> 
> ----- Original Message ----- From: "Emmanuel Venisse" 
> <emmanuel@venisse.net>
> To: <continuum-dev@maven.apache.org>
> Sent: Saturday, April 28, 2007 12:37 AM
> Subject: Re: XML RPC security
> 
> 
>> I think it's best solution. With a token, we don't have login/password 
>> over the network for each request.
>>
>> XmlRpcService
>>   String login( username, password ) //return a token
>>   {
>>       tokenManager.login( username, password );
>>   }
>>
>>   Object method1( token, params ) //null token for guest user or a 
>> getGuestToken() method that will return it
>>   {
>>       User user = tokenManager.getUser( token );
>>       ...
>>   }
>>   Object method2( token, params )
>>   {
>>       ...
>>   }
>>
>> TokenManager
>>   String login( username, password ); //return a token
>>   User getUser( token )
>>
>> The TokenManager can be a plexus component with a default 
>> implementation for redback.
>> wdyt?
>>
>> Emmanuel
>>
>> Emmanuel Venisse a écrit :
>>> Hey guys,
>>>
>>> Some quick notes on the security for XML RPC interface. This is what I
>>> am thinking...
>>>
>>> Have an AuthenticatedXmlRpcService component that services the xml rpc
>>> requests. The first request from a client to the service is a request
>>> for authentication. A successful authentication returns an
>>> authentication Token, which is passed along with subsequent requests by
>>> the client. A Token can go stale (configurable time period?) if there
>>> were not requests detected for it. Also, we could have a service that
>>> answers any polling requests and keeps a Token 'alive'.
>>>
>>> Thoughts?
>>>
>>> Rahul
>>>
>>>
>>>
>>>
>>
> 
> 
> 
> 


Mime
View raw message