On 02/12/2013 07:01 PM, Max Rydahl Andersen wrote:
> Assuming install of teiid tools (but not intending to use it), creation of a jboss
server will cause
> the adapter to try and create a TeiidServer model and add it to TeiidServerManager.
At shutdown,
> that server's settings will be stored in the XML file. Likewise, on loading that
server's settings
> will be restored accordingly.
Yikes - I hope such a TeiidServerManager has no big overhead ? Having to load Teiid
plugins just because
a server is created is not good.
The TeiidServer model in the designer plugins is a proxy for the real Teiid Server
installed in
JBoss. If the latter
does not have teiid installed then a TeiidServer model will never be created. So the
overhead should
be quite small.
> As I say, not ideal due to the duplication of the server settings
between jboss and the
> TeiidServerManager. However, I cannot really justify getting rid of it until the next
dev cycle...
Any chance it could at least not expose these secure passwords when Teiid is *not* used ?
Passwords are not exposed as they are stored in secure storage and never added to the XML
file.
/max
>
> Thanks for your time on this.
>
> Cheers
>
> PGR
>
>
> On 02/11/2013 06:16 PM, Max Rydahl Andersen wrote:
>>
>>> It is likely that some work could be done here as the current code is built
on the concepts of
>>> teiid's admin being on a separate port to that of jboss admin (teiid
7.7.x and jboss 5). Only in
>>> teiid 8.x and so Designer 8.x does the jboss admin password and port get
used.
>>
>> oooh - didn't consider this was also for previous JBoss versions - yes for
those servers it would happen/be needed.
>>
>>> However, the password and port are still taken from the jboss settings and
passed to a Teiid
>>> AdminFactory, which in turn creates a proxy of the teiid Admin interface.
Whether it is necessary
>>> for this interface to still require the password, is better answered by the
Teiid guys.
>>
>> hmm - so you are using some other interface...most likely the "pure"
http version which does not support
>> connecting locally without username/passwords ;(
>>
>>> Incidentally, the teiid server settings are stored separately as an historic
consequence of the
>>> TeiidServerManaager being saved to XML.
>>
>>> This should be removed but at the moment is too large a
>>> change for this development cycle. The upshot is that remove/local does not
matter, as the secure
>>> storage password dialog is displayed.
>>
>> Hmm - thats not great. We moved to secure storage for the server adapter since we
had a security concern reported to us.
>>
>> Is this username/password managed by TeiidServerManager a pure eclipse tooling
thing ? Is it only stored if you actually
>> use the teiid tools or does it happen just by having the teiid tools installed ?
>>
>> /max
>>
>>>
>>> Thx
>>>
>>> PGR
>>>
>>>
>>> On 02/11/2013 03:41 PM, Max Rydahl Andersen wrote:
>>>>> I take your points so considering an alternative that will address
the deficiencies of the current
>>>>> implementation. One point to address though ...
>>>>>
>>>>>> Btw. from what I can tell this dialog will only show up *once*
per machine and only when using Linux and in context of teiid/server adapter only if your
server is remote (i.e. it won't
>>>>>> need to ask when using local servers)
>>>>>
>>>>> The dialog (on linux) will always appear at the start of the session
asking for the secure storage
>>>>> password, due to the teiid runtime client needing the admin password
for communication with the
>>>>> teiid server.
>>>>
>>>> Doesn't Teiid use the connection jboss server adapter creates ? Thus
teiid should not need this unless the Teiid server is remote, right?
>>>>
>>>> Thus this issue (at least from Teiid perspective) is only for Linux with
the Teiid server being remote, right?
>>>>
>>>>> Looking into the fragment issue, it seems eclipse defies its own
extension by using a fragment for
>>>>> windows and macosx. The extension point provides a priority so that
multiple password providers can
>>>>> be offered yet the fragment does not use it. So ...
>>>>>
>>>>> I could separate out my code into a linux-only fragment, and remove
the specific references to JBoss
>>>>> and Teiid in the dialog messages, thereby 'genericising' it.
This would ensure that those users
>>>>> running linux, who are the only ones to see it, would get a dialog
with much more information
>>>>> regarding what the password is for - the primary purpose of
overriding the dialog in the first place.
>>>>
>>>> This sounds like a plausible idea.
>>>>
>>>> /max
>>>>
>>>
>>> --
>>> Paul Richardson
>>>
>>> * p.g.richardson(a)phantomjinx.co.uk
>>> * p.g.richardson(a)redhat.com
>>> * pgrichardson(a)linux.com
>>>
>>> "I know exactly who reads the papers ...
>>>
>>> * The Daily Mirror is read by people who think they run the country.
>>> * The Guardian is read by people who think they ought to run the country.
>>> * The Times is read by people who do actually run the country.
>>> * The Daily Mail is read by the wives of the people who run the country.
>>> * The Financial Times is read by the people who own the country.
>>> * The Morning Star is read by the people who think the country ought to be
run by another country.
>>> * The Daily Telegraph is read by the people who think it is."
>>>
>>> Jim Hacker, Yes Minister
>>>
>>
>
> --
> Paul Richardson
>
> * p.g.richardson(a)phantomjinx.co.uk
> * p.g.richardson(a)redhat.com
> * pgrichardson(a)linux.com
>
> "I know exactly who reads the papers ...
>
> * The Daily Mirror is read by people who think they run the country.
> * The Guardian is read by people who think they ought to run the country.
> * The Times is read by people who do actually run the country.
> * The Daily Mail is read by the wives of the people who run the country.
> * The Financial Times is read by the people who own the country.
> * The Morning Star is read by the people who think the country ought to be run by
another country.
> * The Daily Telegraph is read by the people who think it is."
>
> Jim Hacker, Yes Minister
>
--
Paul Richardson
* p.g.richardson(a)phantomjinx.co.uk
* p.g.richardson(a)redhat.com
* pgrichardson(a)linux.com
"I know exactly who reads the papers ...
* The Daily Mirror is read by people who think they run the country.
* The Guardian is read by people who think they ought to run the country.
* The Times is read by people who do actually run the country.
* The Daily Mail is read by the wives of the people who run the country.
* The Financial Times is read by the people who own the country.
* The Morning Star is read by the people who think the country ought to be run by
another country.
* The Daily Telegraph is read by the people who think it is."
Jim Hacker, Yes Minister