Re: [cf-dev] Access to authenticated client identity

[Julien Vermillard <jvermillard@xxxxxxxxx>]

Sounds good,

I suppose the identity would be the psk_identity or the public key or the x509 certificate depending of the ciphersuite used?

On Fri Oct 24 2014 at 09:36:39 Hudalla Kai <Kai.Hudalla@xxxxxxxxxxxx> wrote:

Hi,

 

I would like to take another attempt at introducing generic support for accessing the identity of an authenticated client within Californium J

 

I have seen that e.g. the leshan project uses Scandium’s DTLSConnector.getSessionByAddress() operation to get at the underlying DTLSSession for the client and then retrieves the client’s PskIdentity using DTLSSession.getPskIdentity(). This way, the client code (leshan) is exposed to the internal workings of the Californium stack and also seems to need to know whether the client has been authenticated by means of PSK or a certificate.

 

What I would like to propose instead is to introduce an operation org.eclipse.californium.core.coap.Request.getPrincipal() for accessing the authenticated client’s principal. Very much along the way the Java Servlet API does it where HttpServletRequest.getUserPrincipal() can be used to access the authenticated user prinicipal. This way, the client code would never need to bother, how and where the Principal was established for the CoAP client but can simply focus on using the identity.

 

I have done some prove-of-concept work around this approach involving some slight modifications of a handful of classes from element-connector, Scandium and Californium.

What do you think?

 

Regards,

Kai

 

_______________________________________________
cf-dev mailing list
cf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cf-dev