Home Help Center

Simple password security

SteveHicksSteveHicks Member Steve HicksOrganization: KBC FPProject: Ice Java
I'm looking at adding a simple user name / password security check to my Ice server (in Java), passing the credentials in the context for each call. Is there some way I can add the checking code in a generic way (in an interceptor or plugin), rather than having to put the same line at the start of each one of my implemented methods? Is there a way to hook in to e.g. the __dispatch method? Or can you recommend a better way to do password-based security (using SSL and certificates would be overkill)?

Cheers,

Steve

Comments

  • marcmarc FloridaAdministrators, ZeroC Staff Marc LaukienOrganization: ZeroC, Inc.Project: The Internet Communications Engine ZeroC Staff
    Welcome to our forums. Can you please update your organization, and, if possible, also the project you are working on in your profile settings.
  • matthewmatthew NL, CanadaMember Matthew NewhookOrganization: ZeroC, Inc.Project: Internet Communications Engine ✭✭✭
    Doing access control in every method as you've discovered is a pretty difficult and inefficient way to go about doing things. Its far better to use some authentication method at a single point (for example, upon session creation) and then give the authenticated user access to the backend objects. You can look at the session demo to see how you might go about doing something like this. An alternative would be to use Glacier2 which already does this for you.
  • SimonMartinSimonMartin Member Simon MartinOrganization: RBSProject: FX
    Connection authentication

    I'd like if possible to have any new connections authenticated by the server, and not have to worry about implementing session state in to my service.

    I am thinking something like Challenge/Response, so that on initial connection creation the server endpoint might even call back to the client to authenticate that the client is allowed to create connections.

    Is this achievable with ICE alone?

    Many thanks,
    Simon
  • matthewmatthew NL, CanadaMember Matthew NewhookOrganization: ZeroC, Inc.Project: Internet Communications Engine ✭✭✭
    It is possible, but you'll need to be very careful. In general, I don't recommend doing that. The problem that you'll encounter is that connections can be re-established transparently (due to retry, AMI and other reasons).

    Is using Glacier2 not an option for you? It brings many benefits other than the session state such as authentication and general protection for your backend servers.
Sign In or Register to comment.