Hi Manav,
since I do not fully understand your problem ...
+) do you want to limit client-side access only for
file upload/download
or for the whole XML-RPC communication? As you have
already encountered
there is support for restricting access based on
TCP/IP addresses
+) usually your Turbine application is embedded in a
servlet engine such
as Tomcat, i.e. you have additional security support
& deployment
options there
+) at the end of the day you can subclass the
FileHandler to add
additional security constraints .... :-)
Cheers,
Siegfried Goeschl
PS: The secure server stuff is meant for SSL support
Manvendra Baghel wrote:
Note: forwarded message attached.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
Subject:
Client Authentication in XML RPC
From:
Manvendra Baghel <[EMAIL PROTECTED]>
Date:
Fri, 19 Aug 2005 07:03:26 -0700 (PDT)
To:
turbine
<[EMAIL PROTECTED]>,
[EMAIL PROTECTED],
[EMAIL PROTECTED]
To:
turbine
<[EMAIL PROTECTED]>,
[EMAIL PROTECTED],
[EMAIL PROTECTED]
Hi friends,
I am working on Turbine 2.3 and velocity.
I am trying to implement xml rpc in Brihaspati e
LMS
I am unable to decide how to go in for client
authentication.
Turbine xml-rpc service use file handler methods
get/ send for handling files.But they are not
secure
Any one can access files by them.
MY PROBLEM IS THIS:
I HAVE LIST OF IP ADDRESSES AND I WANT THAT ONLY
THEY
SHOULD ACCESS MY FILES .
for that how to work with
TurbineResouces.properties
is not clear.
My property file is below
services.XmlRpcService.handler.file =
org.apache.turbine.services.xmlrpc.util.FileHandler
services.XmlRpcService.handler.remote =
org.iitk.brihaspati.modules.utils.RemoteCourseUtil
services.XmlRpcService.handler.remote1 =
org.iitk.brihaspati.modules.utils.RemoteCourseUtilServer
services.XmlRpcService.paranoid = true
services.XmlRpcService.acceptClient = 172.28.44.*
services.XmlRpcService.denyClient =
# Do we want a secure server
services.XmlRpcService.secure.server = false
# Secure server options
services.XmlRpcService.secure.server.option.java.protocol.handler.pkgs
= \
com.sun.net.ssl.internal.www.protocol
services.XmlRpcService.secure.server.option.security.provider
= \
com.sun.net.ssl.internal.ssl.Provider
services.XmlRpcService.secure.server.option.security.protocol
= TLS
# You probably want to keep your key stores and
trust
stores
# clear out of your webapp.
services.XmlRpcService.secure.server.option.javax.net.ssl.keyStore
= /tmp/keystore
services.XmlRpcService.secure.server.option.javax.net.ssl.keyStoreType
= jks
services.XmlRpcService.secure.server.option.javax.net.ssl.keyStorePassword
= password
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStore
= /tmp/truststore
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStoreType
= jks
services.XmlRpcService.secure.server.option.javax.net.ssl.trustStorePassword
= password
services.XmlRpcService.secure.server.option.sun.ssl.keymanager.type
= SunX509
services.XmlRpcService.secure.server.option.sun.ssl.trust.manager.type
= SunX509
# These values should be set to 'all' for debugging
purposes.
services.XmlRpcService.secure.server.option.javax.net.debug
= all
services.XmlRpcService.secure.server.option.java.security.debug
= all
ONE OF MY PROBLEM IS WHEN I SET
services.XmlRpcService.secure.server = true
Xml rpc call fails
HOW TO USE SECURE SERVER OPTION......
Thanks for help in advance
cheers
Manav
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
