[jbosstools-dev] Secure Storage default password dialog

phantomjinx p.g.richardson at phantomjinx.co.uk
Tue Feb 12 09:45:43 EST 2013 

Once a TeiidServer model is created in memory, it is added to the TeiidServerManager's server
collection.

At shutdown, the TeiidServerManager saves each model to the XML file. The properties include the
usernames, ports, display name. It no longer includes the passwords as I mirrored what JBT does and
save the passwords to secure storage (separate nodes to the jboss settings).

Assuming install of teiid tools (but not intending to use it), creation of a jboss server will cause
the adapter to try and create a TeiidServer model and add it to TeiidServerManager. At shutdown,
that server's settings will be stored in the XML file. Likewise, on loading that server's settings
will be restored accordingly.

As I say, not ideal due to the duplication of the server settings between jboss and the
TeiidServerManager. However, I cannot really justify getting rid of it until the next dev cycle...

Thanks for your time on this.

Cheers

PGR


On 02/11/2013 06:16 PM, Max Rydahl Andersen wrote:
> 
>> It is likely that some work could be done here as the current code is built on the concepts of
>> teiid's admin being on a separate port to that of jboss admin (teiid 7.7.x and jboss 5). Only in
>> teiid 8.x and so Designer 8.x does the jboss admin password and port get used.
> 
> oooh - didn't consider this was also for previous JBoss versions - yes for those servers it would happen/be needed.
> 
>> However, the password and port are still taken from the jboss settings and passed to a Teiid
>> AdminFactory, which in turn creates a proxy of the teiid Admin interface. Whether it is necessary
>> for this interface to still require the password, is better answered by the Teiid guys.
> 
> hmm - so you are using some other interface...most likely the "pure" http version which does not support
> connecting locally without username/passwords ;(
> 
>> Incidentally, the teiid server settings are stored separately as an historic consequence of the
>> TeiidServerManaager being saved to XML.
> 
>> This should be removed but at the moment is too large a
>> change for this development cycle. The upshot is that remove/local does not matter, as the secure
>> storage password dialog is displayed.
> 
> Hmm - thats not great. We moved to secure storage for the server adapter since we had a security concern reported to us.
> 
> Is this username/password managed by TeiidServerManager a pure eclipse tooling thing ? Is it only stored if you actually
> use the teiid tools or does it happen just by having the teiid tools installed ?
> 
> /max
> 
>>
>> Thx
>>
>> PGR
>>
>>
>> On 02/11/2013 03:41 PM, Max Rydahl Andersen wrote:
>>>> I take your points so considering an alternative that will address the deficiencies of the current
>>>> implementation. One point to address though ...
>>>>
>>>>> Btw. from what I can tell this dialog will only show up *once* per machine and only when using Linux and in context of teiid/server adapter only if your server is remote (i.e. it won't 
>>>>> need to ask when using local servers)
>>>>
>>>> The dialog (on linux) will always appear at the start of the session asking for the secure storage
>>>> password, due to the teiid runtime client needing the admin password for communication with the
>>>> teiid server.
>>>
>>> Doesn't Teiid use the connection jboss server adapter creates ? Thus teiid should not need this unless the Teiid server is remote, right?
>>>
>>> Thus this issue (at least from Teiid perspective) is only for Linux with the Teiid server being remote, right?
>>>
>>>> Looking into the fragment issue, it seems eclipse defies its own extension by using a fragment for
>>>> windows and macosx. The extension point provides a priority so that multiple password providers can
>>>> be offered yet the fragment does not use it. So ...
>>>>
>>>> I could separate out my code into a linux-only fragment, and remove the specific references to JBoss
>>>> and Teiid in the dialog messages, thereby 'genericising' it. This would ensure that those users
>>>> running linux, who are the only ones to see it, would get a dialog with much more information
>>>> regarding what the password is for - the primary purpose of overriding the dialog in the first place.
>>>
>>> This sounds like a plausible idea.
>>>
>>> /max
>>>
>>
>> -- 
>> Paul Richardson
>>
>>  * p.g.richardson at phantomjinx.co.uk
>>  * p.g.richardson at redhat.com
>>  * pgrichardson at linux.com
>>
>> "I know exactly who reads the papers ...
>>
>>  * The Daily Mirror is read by people who think they run the country.
>>  * The Guardian is read by people who think they ought to run the country.
>>  * The Times is read by people who do actually run the country.
>>  * The Daily Mail is read by the wives of the people who run the country.
>>  * The Financial Times is read by the people who own the country.
>>  * The Morning Star is read by the people who think the country ought to be run by another country.
>>  * The Daily Telegraph is read by the people who think it is."
>>
>> Jim Hacker, Yes Minister
>>
> 

-- 
Paul Richardson

  * p.g.richardson at phantomjinx.co.uk
  * p.g.richardson at redhat.com
  * pgrichardson at linux.com

"I know exactly who reads the papers ...

  * The Daily Mirror is read by people who think they run the country.
  * The Guardian is read by people who think they ought to run the country.
  * The Times is read by people who do actually run the country.
  * The Daily Mail is read by the wives of the people who run the country.
  * The Financial Times is read by the people who own the country.
  * The Morning Star is read by the people who think the country ought to be run by another country.
  * The Daily Telegraph is read by the people who think it is."

Jim Hacker, Yes Minister

More information about the jbosstools-dev mailing list