Re: [milo-dev] Restrict properties/method calls to particular users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [milo-dev] Restrict properties/method calls to particular users

From: Kevin Herron <kevinherron@xxxxxxxxx>
Date: Tue, 6 Dec 2016 07:01:01 -0800
Delivered-to: milo-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/milo-dev>
List-help: <mailto:milo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/milo-dev>, <mailto:milo-dev-request@eclipse.org?subject=unsubscribe>

> is it possible to restrict the retrieval of properties/variables to specific users?

The recently implemented AttributeDelegate concept makes this pretty easy. There's even an example of this use case. See https://github.com/eclipse/milo/blob/master/milo-examples/server-examples/src/main/java/org/eclipse/milo/examples/server/RestrictedAccessDelegate.java and its use here: https://github.com/eclipse/milo/blob/master/milo-examples/server-examples/src/main/java/org/eclipse/milo/examples/server/ExampleNamespace.java#L265-L298

> Same for methods being called? How can I check the requesting user within a method-call?

This seems to be a bit of an oversight. I'll have to augment the invocation handler stuff to include the Session that is calling. For now, you would have to override Namespace#call (MethodServices#call) where you get an CallContext which can be used to access the Session.

> While at it: What is the reason that CertificateManager has to find certificates by their SHA-1-hash? Is that coming from the protocol?

Yes, when the client opens a secure channel, it indicates the thumbprint of the server certificate in the security header. It's possible that a server is configured with multiple certificates.

On Tue, Dec 6, 2016 at 6:35 AM, Lothar Kimmeringer <job@xxxxxxxxxxxxxx> wrote:

Hi,

is it possible to restrict the retrieval of properties/variables
to specific users? Same for methods being called? How can I
check the requesting user within a method-call? I haven't found
any methods in CallMethodRequest or InvocationContext.

While at it: What is the reason that CertificateManager has to find
certificates by their SHA-1-hash? Is that coming from the OPC-
protocol? I had to add DB-columns to my table and do quite some
effort in filling it with the corresponding valuesbecause of this.

Thanks and cheers, Lothar
_______________________________________________
milo-dev mailing list
milo-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/milo-dev

Follow-Ups:
- Re: [milo-dev] Restrict properties/method calls to particular users
  - From: Lothar Kimmeringer

References:
- [milo-dev] Restrict properties/method calls to particular users
  - From: Lothar Kimmeringer

Prev by Date: [milo-dev] Restrict properties/method calls to particular users
Next by Date: Re: [milo-dev] Restrict properties/method calls to particular users
Previous by thread: [milo-dev] Restrict properties/method calls to particular users
Next by thread: Re: [milo-dev] Restrict properties/method calls to particular users
Index(es):
- Date
- Thread

Breadcrumbs