[jbosstools-issues] [JBoss JIRA] (JBIDE-21043) Create a credentialing framework

Rob Stryker (JIRA) issues at jboss.org
Tue Nov 3 03:23:00 EST 2015 

     [ https://issues.jboss.org/browse/JBIDE-21043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rob Stryker updated JBIDE-21043:
--------------------------------
    Attachment: JBIDE-21043a.png
                JBIDE-21043.png


The credentials are securely stored in secure storage in a place that is accessible via API to other plugins. 

So, for example, if downloading a runtime requires a jboss.org credential, I can pre-load the text fields in the download-runtime by selecting a credential they've already set up in the preference page.  In this way, they won't need to retype their credential at all, but rather choose one of the already-saved username/password combinations.  

This will allow users to, for example, change their jboss.org password in only one spot, and not have to go update or retype in various locations.  

This will also allow users to pull from a combo box rather than have to retype their credentials each time, saving them time. 

This also allows the download-runtime dialog to, for example, show only credential combinations that are valid for that workflow.  (For example, imagine openshift.org being added to this list...  My "download-runtimes" dialog would not show openshift credentials, but only show jboss.org or redhat credentials.) 

Plugin writers using this API still may wish to allow their users to enter custom user/pass combinations at various locations but this API would encourage users to centrally store these credentials. 

It also makes sure that plugin-writers are not accidentally storing their credentials insecurely in their own framework, perhaps in plaintext.  By encouraging plugin-writers to add a domain to this preference page and allow users to store credentials in one place, we are limiting the risk of plugin-writers storing passwords in plaintext somewhere else. 

So tl;dr:   1) centrally located and easy to find for users,  2) can update passwords in one spot rather than many,  3) reduce risk of plugin-writers storing in plain-text, 4) Can speed up some existing workflows (such as downloadruntimes) which don't currently persist any credentials at all. 

> Create a credentialing framework
> --------------------------------
>
>                 Key: JBIDE-21043
>                 URL: https://issues.jboss.org/browse/JBIDE-21043
>             Project: Tools (JBoss Tools)
>          Issue Type: Feature Request
>          Components: common/jst/core
>    Affects Versions: 4.3.0.Final
>            Reporter: Rob Stryker
>         Attachments: JBIDE-21043.png, JBIDE-21043a.png
>
>
> There should be a unified framework for storing credentials to various domains. As of now, download runtimes (in astools) requires redhat or jboss credentials, and I've heard that others are also storing the credentials for some of those domains as well. 



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jbosstools-issues mailing list