Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian W. Damus2013-10-29 01:02:32 +0000
committerEike Stepper2013-11-06 07:15:23 +0000
commitf61eb9d90cf4076baab01072c005e9cbf0fecdce (patch)
tree511b51bde08711094b795882a5c29caeee2aad4f /plugins/org.eclipse.emf.cdo.server
parentc91aa2d8d8c0c7d97e62a69f081333dbd22eafe2 (diff)
downloadcdo-f61eb9d90cf4076baab01072c005e9cbf0fecdce.tar.gz
cdo-f61eb9d90cf4076baab01072c005e9cbf0fecdce.tar.xz
cdo-f61eb9d90cf4076baab01072c005e9cbf0fecdce.zip
[418454] [Admin] Client API and UI for managing repositories in a server
https://bugs.eclipse.org/bugs/show_bug.cgi?id=418454 Implementation of the server-side CDOAdmin, including a new Repository Configuration Manager implemented in a repository dedicated to server administration. It provides local storage of XML configurations files for repositories added via the admin protocol and an app extension to find and start them on CDO server start-up. It also provides server-wide authentication of the repository administration functions (create/delete repository) via its Administrator account. Includes some refactorings: - pull up abstract authentication signal from CDO protocol into Net4j layer (includes pulling up NotAuthenticatedException and deprecating the API from CDO Common) - pull up authentication protocol from internal CDO protocol - add authentication challenge to CDO Admin protocol Also distinguish between repositories that can and cannot be deleted because they are permanently configured in the server's XML configuration file. On top of the revised CDOAdmin protocol are built some UI actions for - deletion of a repository, including confirmation dialog and error handling - creation of a repository (two-step wizard) Both actions require authorization by providing the credentials of the admin repository's administrator user. Change-Id: Iedf26e20c2a379553295806250d63227f0e0a35f Signed-off-by: Eike Stepper <stepper@esc-net.de>
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server')
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/SessionManager.java22
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/AuthenticationUtil.java93
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAppExtension2.java27
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAuthenticationProtocol.java46
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/ISessionProtocol.java16
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/InternalSessionManager.java18
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/RepositoryConfigurator.java37
7 files changed, 235 insertions, 24 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/SessionManager.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/SessionManager.java
index 55a37a517b..fe39211de2 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/SessionManager.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/SessionManager.java
@@ -10,6 +10,7 @@
* Simon McDuff - bug 201266
* Simon McDuff - bug 202725
* Christian W. Damus (CEA LIST) - bug 399306
+ * Christian W. Damus (CEA LIST) - bug 418454
*/
package org.eclipse.emf.cdo.internal.server;
@@ -21,12 +22,12 @@ import org.eclipse.emf.cdo.common.id.CDOID;
import org.eclipse.emf.cdo.common.lock.CDOLockChangeInfo;
import org.eclipse.emf.cdo.common.protocol.CDOProtocol.CommitNotificationInfo;
import org.eclipse.emf.cdo.common.protocol.CDOProtocolConstants;
-import org.eclipse.emf.cdo.common.util.NotAuthenticatedException;
import org.eclipse.emf.cdo.internal.server.bundle.OM;
import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.ISession;
import org.eclipse.emf.cdo.session.remote.CDORemoteSessionMessage;
import org.eclipse.emf.cdo.spi.common.branch.InternalCDOBranch;
+import org.eclipse.emf.cdo.spi.server.IAuthenticationProtocol;
import org.eclipse.emf.cdo.spi.server.ISessionProtocol;
import org.eclipse.emf.cdo.spi.server.InternalRepository;
import org.eclipse.emf.cdo.spi.server.InternalSession;
@@ -394,7 +395,7 @@ public class SessionManager extends Container<ISession> implements InternalSessi
OM.LOG.warn("A problem occured while notifying session " + session, t);
}
- protected String authenticateUser(ISessionProtocol protocol) throws SecurityException
+ public String authenticateUser(IAuthenticationProtocol protocol) throws SecurityException
{
if (protocol == null)
{
@@ -412,7 +413,7 @@ public class SessionManager extends Container<ISession> implements InternalSessi
Response response = protocol.sendAuthenticationChallenge(challenge);
if (response == null)
{
- throw new NotAuthenticatedException();
+ throw notAuthenticated();
}
ByteArrayInputStream baos = new ByteArrayInputStream(authenticationServer.handleResponse(response));
@@ -440,17 +441,17 @@ public class SessionManager extends Container<ISession> implements InternalSessi
}
}
- public void changeUserCredentials(ISessionProtocol sessionProtocol, String userID)
+ public void changeUserCredentials(IAuthenticationProtocol sessionProtocol, String userID)
{
changeUserCredentials(sessionProtocol, userID, CredentialsUpdateOperation.CHANGE_PASSWORD);
}
- public void resetUserCredentials(ISessionProtocol sessionProtocol, String userID)
+ public void resetUserCredentials(IAuthenticationProtocol sessionProtocol, String userID)
{
changeUserCredentials(sessionProtocol, userID, CredentialsUpdateOperation.RESET_PASSWORD);
}
- protected void changeUserCredentials(ISessionProtocol sessionProtocol, String userID,
+ protected void changeUserCredentials(IAuthenticationProtocol sessionProtocol, String userID,
CredentialsUpdateOperation operation)
{
@@ -475,7 +476,7 @@ public class SessionManager extends Container<ISession> implements InternalSessi
Response response = sessionProtocol.sendCredentialsChallenge(challenge, userID, operation);
if (response == null)
{
- throw new NotAuthenticatedException();
+ throw notAuthenticated();
}
ByteArrayInputStream baos = new ByteArrayInputStream(authenticationServer.handleResponse(response));
@@ -555,4 +556,11 @@ public class SessionManager extends Container<ISession> implements InternalSessi
super.doDeactivate();
}
+
+ @SuppressWarnings("deprecation")
+ private SecurityException notAuthenticated()
+ {
+ // Existing clients may expect this deprecated exception type
+ return new org.eclipse.emf.cdo.common.util.NotAuthenticatedException();
+ }
}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/AuthenticationUtil.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/AuthenticationUtil.java
new file mode 100644
index 0000000000..459eb13fed
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/AuthenticationUtil.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Christian W. Damus (CEA LIST) - initial API and implementation
+ */
+package org.eclipse.emf.cdo.spi.server;
+
+import java.util.concurrent.Callable;
+
+/**
+ * @author Christian W. Damus (CEA LIST)
+ *
+ * @since 4.3
+ */
+public final class AuthenticationUtil
+{
+ private static final ThreadLocal<IAuthenticationProtocol> AUTHENTICATION_PROTOCOL = new ThreadLocal<IAuthenticationProtocol>();
+
+ // Not instantiable by clients.
+ private AuthenticationUtil()
+ {
+ }
+
+ /**
+ * Obtains the authentication protocol, if any, on which the current thread should
+ * authenticate administrative operations in handling incoming signals.
+ *
+ * @return the authentication protocol to use, or {@code null} if authentication is not required
+ */
+ public static IAuthenticationProtocol getAuthenticationProtocol()
+ {
+ return AUTHENTICATION_PROTOCOL.get();
+ }
+
+ /**
+ * Wrap an {@code operation} to make an authentication protocol {@linkplain #getAuthenticationProtocol() available}
+ * to the thread that invokes it, for the duration of the {@code operation}'s execution.
+ */
+ public static <V> Callable<V> authenticatingOperation(IAuthenticationProtocol authenticationProtocol,
+ final Callable<V> operation)
+ {
+ return new AuthenticatingOperation<V>(authenticationProtocol)
+ {
+ @Override
+ protected V doCall() throws Exception
+ {
+ return operation.call();
+ }
+ };
+ }
+
+ /**
+ * Encapsulation of an administrative operation requiring (potentially) client
+ * authentication to authorize the operation.
+ *
+ * @author Christian W. Damus (CEA LIST)
+ *
+ * @since 4.3
+ */
+ public static abstract class AuthenticatingOperation<V> implements Callable<V>
+ {
+ private final IAuthenticationProtocol authenticationProtocol;
+
+ public AuthenticatingOperation(IAuthenticationProtocol authenticationProtocol)
+ {
+ this.authenticationProtocol = authenticationProtocol;
+ }
+
+ public final V call() throws Exception
+ {
+ V result;
+
+ try
+ {
+ AuthenticationUtil.AUTHENTICATION_PROTOCOL.set(authenticationProtocol);
+ result = doCall();
+ }
+ finally
+ {
+ AuthenticationUtil.AUTHENTICATION_PROTOCOL.remove();
+ }
+
+ return result;
+ }
+
+ protected abstract V doCall() throws Exception;
+ }
+}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAppExtension2.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAppExtension2.java
new file mode 100644
index 0000000000..0c3245a08f
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAppExtension2.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Christian W. Damus - initial API and implementation
+ */
+package org.eclipse.emf.cdo.spi.server;
+
+import java.io.Reader;
+
+/**
+ * An optional extension of the {@link IAppExtension} interface for app extensions that support invocation
+ * on the XML configurations of dynamically-managed repositories. These may be instantiated multiple
+ * times, will only be given repository configurations (not Net4j acceptors etc.) and are stopped if and
+ * when their associated repositories are deleted.
+ *
+ * @author Christian W. Damus (CEA LIST)
+ * @since 4.3
+ */
+public interface IAppExtension2 extends IAppExtension
+{
+ public void startDynamic(Reader xmlConfigReader) throws Exception;
+}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAuthenticationProtocol.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAuthenticationProtocol.java
new file mode 100644
index 0000000000..afbcb5e345
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/IAuthenticationProtocol.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ * Christian W. Damus (CEA LIST) - bug 418454: factored out authentication from ISessionProtocol
+ */
+package org.eclipse.emf.cdo.spi.server;
+
+import org.eclipse.net4j.util.security.CredentialsUpdateOperation;
+import org.eclipse.net4j.util.security.DiffieHellman.Client.Response;
+import org.eclipse.net4j.util.security.DiffieHellman.Server.Challenge;
+
+/**
+ * @author Eike Stepper
+ *
+ * @since 4.3
+ * @noextend This interface is not intended to be extended by clients.
+ * @noimplement This interface is not intended to be implemented by clients.
+ */
+public interface IAuthenticationProtocol
+{
+ /**
+ * Sends a challenge to the client to authenticate the user attempting to
+ * or already connected.
+ *
+ * @since 4.2
+ */
+ public Response sendAuthenticationChallenge(Challenge challenge) throws Exception;
+
+ /**
+ * Sends a challenge to the client to change the authenticated user's credentials.
+ * This is an optional operation; implementators may simply throw
+ * {@link UnsupportedOperationException}.
+ *
+ * @since 4.3
+ *
+ * @throws UnsupportedOperationException if credentials change is not supported
+ */
+ public Response sendCredentialsChallenge(Challenge challenge, String userID, CredentialsUpdateOperation operation)
+ throws Exception;
+}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/ISessionProtocol.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/ISessionProtocol.java
index b70749cd09..7ded592a9e 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/ISessionProtocol.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/ISessionProtocol.java
@@ -8,6 +8,7 @@
* Contributors:
* Eike Stepper - initial API and implementation
* Christian W. Damus (CEA LIST) - bug 399306
+ * Christian W. Damus (CEA LIST) - bug 418454
*/
package org.eclipse.emf.cdo.spi.server;
@@ -19,8 +20,6 @@ import org.eclipse.emf.cdo.common.protocol.CDOProtocol;
import org.eclipse.emf.cdo.session.remote.CDORemoteSessionMessage;
import org.eclipse.emf.cdo.spi.common.branch.InternalCDOBranch;
-import org.eclipse.net4j.util.security.CredentialsUpdateOperation;
-import org.eclipse.net4j.util.security.DiffieHellman.Client.Response;
import org.eclipse.net4j.util.security.DiffieHellman.Server.Challenge;
/**
@@ -31,7 +30,7 @@ import org.eclipse.net4j.util.security.DiffieHellman.Server.Challenge;
* @noextend This interface is not intended to be extended by clients.
* @noimplement This interface is not intended to be implemented by clients.
*/
-public interface ISessionProtocol extends CDOProtocol
+public interface ISessionProtocol extends CDOProtocol, IAuthenticationProtocol
{
/**
* @since 4.0
@@ -41,17 +40,6 @@ public interface ISessionProtocol extends CDOProtocol
public org.eclipse.emf.cdo.spi.common.CDOAuthenticationResult sendAuthenticationChallenge(byte[] randomToken)
throws Exception;
- /**
- * @since 4.2
- */
- public Response sendAuthenticationChallenge(Challenge challenge) throws Exception;
-
- /**
- * @since 4.3
- */
- public Response sendCredentialsChallenge(Challenge challenge, String userID,
- CredentialsUpdateOperation operation) throws Exception;
-
public void sendRepositoryTypeNotification(CDOCommonRepository.Type oldType, CDOCommonRepository.Type newType)
throws Exception;
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/InternalSessionManager.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/InternalSessionManager.java
index f6c574a149..cdbfaa9c05 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/InternalSessionManager.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/InternalSessionManager.java
@@ -8,6 +8,7 @@
* Contributors:
* Eike Stepper - initial API and implementation
* Christian W. Damus (CEA LIST) - bug 399306
+ * Christian W. Damus (CEA LIST) - bug 418454
*/
package org.eclipse.emf.cdo.spi.server;
@@ -70,7 +71,7 @@ public interface InternalSessionManager extends ISessionManager
*
* @since 4.3
*/
- public void changeUserCredentials(ISessionProtocol sessionProtocol, String userID);
+ public void changeUserCredentials(IAuthenticationProtocol sessionProtocol, String userID);
/**
* Initiates the administrative reset-credentials protocol with the client and
@@ -78,7 +79,20 @@ public interface InternalSessionManager extends ISessionManager
*
* @since 4.3
*/
- public void resetUserCredentials(ISessionProtocol sessionProtocol, String userID);
+ public void resetUserCredentials(IAuthenticationProtocol sessionProtocol, String userID);
+
+ /**
+ * Challenges the connected user to authenticate the connection.
+ *
+ * @param sessionProtocol the authenticatable session protocol
+ * @return the user ID with which the user authenticated herself, or {@code null}
+ * if the server does not require authentication for this connection
+ *
+ * @throws SecurityException on failure to authenticate
+ *
+ * @since 4.3
+ */
+ public String authenticateUser(IAuthenticationProtocol sessionProtocol) throws SecurityException;
/**
* @since 4.1
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/RepositoryConfigurator.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/RepositoryConfigurator.java
index 99cae04170..e906c3703d 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/RepositoryConfigurator.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/RepositoryConfigurator.java
@@ -8,6 +8,7 @@
* Contributors:
* Eike Stepper - initial API and implementation
* Lothar Werzinger - support for configuring user managers
+ * Christian W. Damus (CEA LIST) - bug 418454
*/
package org.eclipse.emf.cdo.spi.server;
@@ -40,6 +41,7 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
@@ -48,6 +50,7 @@ import javax.xml.parsers.ParserConfigurationException;
import java.io.File;
import java.io.IOException;
+import java.io.Reader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -102,8 +105,30 @@ public class RepositoryConfigurator
TRACER.trace("Configuring CDO server from " + configFile.getAbsolutePath()); //$NON-NLS-1$
}
+ return configure(getDocument(configFile));
+ }
+
+ /**
+ * @since 4.3
+ */
+ public IRepository[] configure(Reader configReader) throws ParserConfigurationException, SAXException, IOException,
+ CoreException
+ {
+ if (TRACER.isEnabled())
+ {
+ TRACER.trace("Configuring CDO server from dynamic configuration"); //$NON-NLS-1$
+ }
+
+ return configure(getDocument(configReader));
+ }
+
+ /**
+ * @since 4.3
+ */
+ protected IRepository[] configure(Document document) throws ParserConfigurationException, SAXException, IOException,
+ CoreException
+ {
List<IRepository> repositories = new ArrayList<IRepository>();
- Document document = getDocument(configFile);
NodeList elements = document.getElementsByTagName("repository"); //$NON-NLS-1$
for (int i = 0; i < elements.getLength(); i++)
{
@@ -127,6 +152,16 @@ public class RepositoryConfigurator
return builder.parse(configFile);
}
+ /**
+ * @since 4.3
+ */
+ protected Document getDocument(Reader configReader) throws ParserConfigurationException, SAXException, IOException
+ {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(new InputSource(configReader));
+ }
+
protected IRepositoryFactory getRepositoryFactory(String type) throws CoreException
{
IRepositoryFactory factory = repositoryFactories.get(type);

Back to the top