Archived

This forum has been archived. Please start a new discussion on GitHub.

Simple password security

SteveHicks
SteveHicks
in Help Center
I'm looking at adding a simple user name / password security check to my Ice server (in Java), passing the credentials in the context for each call. Is there some way I can add the checking code in a generic way (in an interceptor or plugin), rather than having to put the same line at the start of each one of my implemented methods? Is there a way to hook in to e.g. the __dispatch method? Or can you recommend a better way to do password-based security (using SSL and certificates would be overkill)?

Cheers,

Steve

Comments

  • marc
    marc Florida
    Welcome to our forums. Can you please update your organization, and, if possible, also the project you are working on in your profile settings.
  • matthew
    matthew NL, Canada
    Doing access control in every method as you've discovered is a pretty difficult and inefficient way to go about doing things. Its far better to use some authentication method at a single point (for example, upon session creation) and then give the authenticated user access to the backend objects. You can look at the session demo to see how you might go about doing something like this. An alternative would be to use Glacier2 which already does this for you.
  • SimonMartin
    SimonMartin
    Connection authentication

    I'd like if possible to have any new connections authenticated by the server, and not have to worry about implementing session state in to my service.

    I am thinking something like Challenge/Response, so that on initial connection creation the server endpoint might even call back to the client to authenticate that the client is allowed to create connections.

    Is this achievable with ICE alone?

    Many thanks,
    Simon
  • matthew
    matthew NL, Canada
    It is possible, but you'll need to be very careful. In general, I don't recommend doing that. The problem that you'll encounter is that connections can be re-established transparently (due to retry, AMI and other reasons).

    Is using Glacier2 not an option for you? It brings many benefits other than the session state such as authentication and general protection for your backend servers.

Categories