Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [leshan-dev] Authorization and Authentication

Hi,

  I think this is not really in the scope of leshan-server-demo. This web UI is mainly an example of the Leshan API and also an easy way to test devices against a LWM2M server.
  Adding a login step could be counterproductive. I mean this will make the code more complex to understand and testing more difficult.

  In a word, you can develop this kind of feature for your own purpose (or maybe create a more productive ready open source web UI on top of Leshan), but I prefer to let you know that this will probably not be integrated in leshan-server-demo.

Simon


Le 20/12/2016 à 02:10, Ching Shi a écrit :
Hi

I am thinking about adding a login page before the client list of the server or adding a login page after the client list for each client when viewing each clients details. Out of these two what would you recommend? The authentication method is not decided yet. Also i am planning on implementing SSO for the leshan server.

Thanks

Ching Tien Shi
Department of Computer Engineering
Faculty Of Engineering
University Of Peradeniya - Sri Lanka


On Mon, Dec 19, 2016 at 6:44 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:
Hi,
   Could you described what you have in mind ?
Thx


Le 19/12/2016 à 12:25, Ching Shi a écrit :
Hi All,

I am planning on implementing authentication and authorization to the leshan demo server. Any advice would be helpful. 

Thanks



On Wed, Dec 7, 2016 at 3:18 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:

Oups sorry I mean : "leshan-server-demo is just a demo."


Le 07/12/2016 à 10:46, Simon Bernard a écrit :

if you are talking about the leshan-server-demo. This is not just a demo.

See the readme[1] :

Leshan provides libraries which help people to develop their own Lightweight M2M server and client.
The project also provides a client, a server and a bootstrap server demonstration as an example of the Leshan API and for testing purpose.

[1]https://github.com/eclipse/leshan/blob/master/README.md

Le 07/12/2016 à 10:21, Ching Shi a écrit :
Hi All,

I am in a bit of a confusion here. When there are multiple clients connected to the leshan server, i can view each clients details without the requirement of any credentials. Isn't there a security vulnerability here? Because each client could view other clients details. Could someone please this to me.

Thanks



Ching Tien Shi
Department of Computer Engineering
Faculty Of Engineering
University Of Peradeniya - Sri Lanka


On Tue, Dec 6, 2016 at 9:29 AM, Ching Shi <ctienshi@xxxxxxxxx> wrote:
Thank you for the information

Ching Tien Shi
Department of Computer Engineering
Faculty Of Engineering
University Of Peradeniya - Sri Lanka


On Mon, Dec 5, 2016 at 4:14 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:

We use DTLS authentication (Scandium implementation).

Authorization is done by Leshan (see SecurityInfo[1] and RegistrationHandler[2]). We will also provide a way to hook you own authorization rules.

[1]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/security/SecurityInfo.java
[2]https://github.com/eclipse/leshan/blob/master/leshan-server-core/src/main/java/org/eclipse/leshan/server/registration/RegistrationHandler.java#L144


Le 05/12/2016 à 06:52, Ching Shi a écrit :

Hi All,

Could I please know how the Leshan Server handles authorization and authentication when multiple clients are connected to the server?

Thank You


_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________ leshan-dev mailing list leshan-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/leshan-dev
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

Back to the top