Assuming install of teiid tools (but not intending to use it),
creation of a jboss server will cause
the adapter to try and create a TeiidServer model and add it to TeiidServerManager. At
shutdown,
that server's settings will be stored in the XML file. Likewise, on loading that
server's settings
will be restored accordingly.
Yikes - I hope such a TeiidServerManager has no big overhead ? Having to load Teiid
plugins just because
a server is created is not good.
As I say, not ideal due to the duplication of the server settings
between jboss and the
TeiidServerManager. However, I cannot really justify getting rid of it until the next dev
cycle...
Any chance it could at least not expose these secure passwords when Teiid is *not* used ?
/max
Thanks for your time on this.
Cheers
PGR
On 02/11/2013 06:16 PM, Max Rydahl Andersen wrote:
>
>> It is likely that some work could be done here as the current code is built on
the concepts of
>> teiid's admin being on a separate port to that of jboss admin (teiid 7.7.x
and jboss 5). Only in
>> teiid 8.x and so Designer 8.x does the jboss admin password and port get used.
>
> oooh - didn't consider this was also for previous JBoss versions - yes for those
servers it would happen/be needed.
>
>> However, the password and port are still taken from the jboss settings and passed
to a Teiid
>> AdminFactory, which in turn creates a proxy of the teiid Admin interface. Whether
it is necessary
>> for this interface to still require the password, is better answered by the Teiid
guys.
>
> hmm - so you are using some other interface...most likely the "pure" http
version which does not support
> connecting locally without username/passwords ;(
>
>> Incidentally, the teiid server settings are stored separately as an historic
consequence of the
>> TeiidServerManaager being saved to XML.
>
>> This should be removed but at the moment is too large a
>> change for this development cycle. The upshot is that remove/local does not
matter, as the secure
>> storage password dialog is displayed.
>
> Hmm - thats not great. We moved to secure storage for the server adapter since we had
a security concern reported to us.
>
> Is this username/password managed by TeiidServerManager a pure eclipse tooling thing
? Is it only stored if you actually
> use the teiid tools or does it happen just by having the teiid tools installed ?
>
> /max
>
>>
>> Thx
>>
>> PGR
>>
>>
>> On 02/11/2013 03:41 PM, Max Rydahl Andersen wrote:
>>>> I take your points so considering an alternative that will address the
deficiencies of the current
>>>> implementation. One point to address though ...
>>>>
>>>>> Btw. from what I can tell this dialog will only show up *once* per
machine and only when using Linux and in context of teiid/server adapter only if your
server is remote (i.e. it won't
>>>>> need to ask when using local servers)
>>>>
>>>> The dialog (on linux) will always appear at the start of the session
asking for the secure storage
>>>> password, due to the teiid runtime client needing the admin password for
communication with the
>>>> teiid server.
>>>
>>> Doesn't Teiid use the connection jboss server adapter creates ? Thus
teiid should not need this unless the Teiid server is remote, right?
>>>
>>> Thus this issue (at least from Teiid perspective) is only for Linux with the
Teiid server being remote, right?
>>>
>>>> Looking into the fragment issue, it seems eclipse defies its own
extension by using a fragment for
>>>> windows and macosx. The extension point provides a priority so that
multiple password providers can
>>>> be offered yet the fragment does not use it. So ...
>>>>
>>>> I could separate out my code into a linux-only fragment, and remove the
specific references to JBoss
>>>> and Teiid in the dialog messages, thereby 'genericising' it. This
would ensure that those users
>>>> running linux, who are the only ones to see it, would get a dialog with
much more information
>>>> regarding what the password is for - the primary purpose of overriding
the dialog in the first place.
>>>
>>> This sounds like a plausible idea.
>>>
>>> /max
>>>
>>
>> --
>> Paul Richardson
>>
>> * p.g.richardson(a)phantomjinx.co.uk
>> * p.g.richardson(a)redhat.com
>> * pgrichardson(a)linux.com
>>
>> "I know exactly who reads the papers ...
>>
>> * The Daily Mirror is read by people who think they run the country.
>> * The Guardian is read by people who think they ought to run the country.
>> * The Times is read by people who do actually run the country.
>> * The Daily Mail is read by the wives of the people who run the country.
>> * The Financial Times is read by the people who own the country.
>> * The Morning Star is read by the people who think the country ought to be run by
another country.
>> * The Daily Telegraph is read by the people who think it is."
>>
>> Jim Hacker, Yes Minister
>>
>
--
Paul Richardson
* p.g.richardson(a)phantomjinx.co.uk
* p.g.richardson(a)redhat.com
* pgrichardson(a)linux.com
"I know exactly who reads the papers ...
* The Daily Mirror is read by people who think they run the country.
* The Guardian is read by people who think they ought to run the country.
* The Times is read by people who do actually run the country.
* The Daily Mail is read by the wives of the people who run the country.
* The Financial Times is read by the people who own the country.
* The Morning Star is read by the people who think the country ought to be run by
another country.
* The Daily Telegraph is read by the people who think it is."
Jim Hacker, Yes Minister