Re: Fwd: Client Authentication in XML RPC

Manvendra Baghel Sun, 21 Aug 2005 05:40:54 -0700


hi Siegfried Goeschl,


 YES I  want to limit client-side access ONLY for file

upload/download NOT for the whole XML-RPC
communication 
    Can there be any wise use of addClient() method
for 
  it ??

  Thanks for help in advance....
  Manvendra Baghel





--- Siegfried Goeschl <[EMAIL PROTECTED]>
wrote:

> Hi Manav,
> 
> since I do not fully understand your problem ...
> 
> +) do you want to limit client-side access only for
> file upload/download 
> or for the whole XML-RPC communication? As you have
> already encountered 
> there is support for restricting access based on
> TCP/IP addresses
> +) usually your Turbine application is embedded in a
> servlet engine such 
> as Tomcat, i.e. you have additional security support
> & deployment 
> options there
> +) at the end of the day you can subclass the
> FileHandler to add 
> additional security constraints .... :-)
>  
> Cheers,
> 
> Siegfried Goeschl
> 
> PS: The secure server stuff is meant for SSL support
> 
> Manvendra Baghel wrote:
> 
> >Note: forwarded message attached.
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> >http://mail.yahoo.com 
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > Subject:
> > Client Authentication in XML RPC
> > From:
> > Manvendra Baghel <[EMAIL PROTECTED]>
> > Date:
> > Fri, 19 Aug 2005 07:03:26 -0700 (PDT)
> > To:
> > turbine
> <[EMAIL PROTECTED]>, 
> > [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> >
> > To:
> > turbine
> <[EMAIL PROTECTED]>, 
> > [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> >
> >
> >Hi friends,
> >I am working on Turbine 2.3 and velocity.
> >I am trying to implement xml rpc in Brihaspati e
> LMS
> >I am unable to decide how to go in for client
> >authentication.
> >Turbine xml-rpc service use file handler methods 
> >get/ send for handling files.But they are not
> secure
> >Any one can access files by them.
> > MY PROBLEM IS THIS:
> > I HAVE LIST OF IP ADDRESSES AND I WANT THAT ONLY
> THEY
> >SHOULD ACCESS MY FILES    .
> >   for that how to work with
> >TurbineResouces.properties
> >is not clear.
> >My property file is below
> >
> >services.XmlRpcService.handler.file =
> >org.apache.turbine.services.xmlrpc.util.FileHandler
> >services.XmlRpcService.handler.remote =
> >org.iitk.brihaspati.modules.utils.RemoteCourseUtil
> >services.XmlRpcService.handler.remote1 =
>
>org.iitk.brihaspati.modules.utils.RemoteCourseUtilServer
> >services.XmlRpcService.paranoid = true
> >services.XmlRpcService.acceptClient = 172.28.44.*
> >services.XmlRpcService.denyClient =
> >
> ># Do we want a secure server
> >
> >services.XmlRpcService.secure.server = false
> >
> ># Secure server options
> >
>
>services.XmlRpcService.secure.server.option.java.protocol.handler.pkgs
> >= \
> >    com.sun.net.ssl.internal.www.protocol
> >
>
>services.XmlRpcService.secure.server.option.security.provider
> >= \
> >    com.sun.net.ssl.internal.ssl.Provider
> >
>
>services.XmlRpcService.secure.server.option.security.protocol
> >= TLS
> >
> ># You probably want to keep your key stores and
> trust
> >stores
> ># clear out of your webapp.
> >
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.keyStore
> >= /tmp/keystore
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.keyStoreType
> >= jks
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.keyStorePassword
> >= password
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.trustStore
> >= /tmp/truststore
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.trustStoreType
> >= jks
>
>services.XmlRpcService.secure.server.option.javax.net.ssl.trustStorePassword
> >= password
> >
>
>services.XmlRpcService.secure.server.option.sun.ssl.keymanager.type
> >= SunX509
>
>services.XmlRpcService.secure.server.option.sun.ssl.trust.manager.type
> >= SunX509
> >
> ># These values should be set to 'all' for debugging
> >purposes.
> >
>
>services.XmlRpcService.secure.server.option.javax.net.debug
> >= all
>
>services.XmlRpcService.secure.server.option.java.security.debug
> >= all
> >
> >
> >ONE OF MY PROBLEM IS WHEN I SET
> >services.XmlRpcService.secure.server = true
> >
> >Xml rpc call  fails
> >
> >HOW TO USE SECURE SERVER OPTION......
> >
> >Thanks for help in advance
> >
> >cheers
> >Manav
> >
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> >http://mail.yahoo.com 
> >
> >  
> >
>
>------------------------------------------------------------------------
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Fwd: Client Authentication in XML RPC

Reply via email to