continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell" <jesse.mcconn...@gmail.com>
Subject Re: XML RPC security
Date Mon, 30 Apr 2007 14:10:47 GMT
I am hoping to get a couple of authn and authz web services running in
redback this week, once I finish up the role profile refactor and
clean up, I want to wack out a webservice and then start getting
continuum integrated to using the new redback setup.

sounds like that would work perfectly for this xml-rpc stuff in continuum.

rahul, planning on using xfire until the apache CXF stuff gets it
first release out of the incubator...that sound good?

jesse

On 4/30/07, Emmanuel Venisse <emmanuel@venisse.net> wrote:
> Maybe, but I can't find it.
>
> Emmanuel
>
> Rahul Thakur a écrit :
> > I thought there was something similar to this that exists in Redback?
> >
> > Rahul
> >
> > ----- Original Message ----- From: "Emmanuel Venisse"
> > <emmanuel@venisse.net>
> > To: <continuum-dev@maven.apache.org>
> > Sent: Saturday, April 28, 2007 12:37 AM
> > Subject: Re: XML RPC security
> >
> >
> >> I think it's best solution. With a token, we don't have login/password
> >> over the network for each request.
> >>
> >> XmlRpcService
> >>   String login( username, password ) //return a token
> >>   {
> >>       tokenManager.login( username, password );
> >>   }
> >>
> >>   Object method1( token, params ) //null token for guest user or a
> >> getGuestToken() method that will return it
> >>   {
> >>       User user = tokenManager.getUser( token );
> >>       ...
> >>   }
> >>   Object method2( token, params )
> >>   {
> >>       ...
> >>   }
> >>
> >> TokenManager
> >>   String login( username, password ); //return a token
> >>   User getUser( token )
> >>
> >> The TokenManager can be a plexus component with a default
> >> implementation for redback.
> >> wdyt?
> >>
> >> Emmanuel
> >>
> >> Emmanuel Venisse a écrit :
> >>> Hey guys,
> >>>
> >>> Some quick notes on the security for XML RPC interface. This is what I
> >>> am thinking...
> >>>
> >>> Have an AuthenticatedXmlRpcService component that services the xml rpc
> >>> requests. The first request from a client to the service is a request
> >>> for authentication. A successful authentication returns an
> >>> authentication Token, which is passed along with subsequent requests by
> >>> the client. A Token can go stale (configurable time period?) if there
> >>> were not requests detected for it. Also, we could have a service that
> >>> answers any polling requests and keeps a Token 'alive'.
> >>>
> >>> Thoughts?
> >>>
> >>> Rahul
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
> >
>
>


-- 
jesse mcconnell
jesse.mcconnell@gmail.com
Mime
View raw message