continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trygve Laugstøl <>
Subject Re: XML RPC security
Date Tue, 01 May 2007 11:48:33 GMT
Rahul Thakur wrote:
> Sounds good! Pointers would be great, if you have it handy :-)

If you're using the servlet way (which I'd recommend) you should be able 
to use Redback as a filter for that URL. Way easier that my hack.	


> TIA,
> Rahul
> ----- Original Message ----- From: "Trygve Laugstøl" <>
> To: <>
> Sent: Saturday, April 28, 2007 12:14 AM
> Subject: Re: XML RPC security
>> Rahul Thakur wrote:
>>> Hey guys,
>>> Some quick notes on the security for XML RPC interface. This is what 
>>> I am thinking...
>>> Have an AuthenticatedXmlRpcService component that services the xml 
>>> rpc requests. The first request from a client to the service is a 
>>> request for authentication. A successful authentication returns an 
>>> authentication Token, which is passed along with subsequent requests 
>>> by the client. A Token can go stale (configurable time period?) if 
>>> there were not requests detected for it. Also, we could have a 
>>> service that answers any polling requests and keeps a Token 'alive'.
>> How about using HTTP and Redback for security? We can make the XML-RPC 
>> server listen on localhost:8000 only and then make a servlet that is 
>> proxying to localhost:8000/xml-rpc.
>> The proxying servlet should come after a Redback security filter. I 
>> made a servlet like that once acting as a facade for a Subversion 
>> repository which I think I added to Plexus (aka the kitchen sink), if 
>> not I can dig it up for you.
>> -- 
>> Trygve 

View raw message