Google Git
Sign in
eclipse / gerrit / www.eclipse.org / hawk / 549d5d54f24ba6c9540600384d391b9af809ddec / . / server / api-security / index.html
blob: 6d45b6d5529cb1fec84e358c088ccfd9955ec463 [file] [log] [blame]
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.2">
<title>Thrift API security - Eclipse Hawk</title>
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
<meta name="theme-color" content="#7e57c2">
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../../assets/fonts/material-icons.css">
<link rel="manifest" href="../../assets/images/site.webmanifest">
<link rel="stylesheet" href="../../stylesheets/extra.css">
<!-- FAVICON -->
<link rel="apple-touch-icon" sizes="180x180" href="../../assets/images/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="../../assets/images/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="../../assets/images/favicon-16x16.png">
<link rel="mask-icon" href="../../assets/images/safari-pinned-tab.svg" color="#5bbad5">
<link rel="shortcut icon" href="../../assets/images/favicon.ico">
<meta name="msapplication-TileColor" content="#b91d47">
<meta name="msapplication-config" content="../../assets/images/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
</head>
<body dir="ltr" data-md-color-primary="deep-purple" data-md-color-accent="deep-purple">
<svg class="md-svg">
<defs>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="../.." title="Eclipse Hawk" class="md-header-nav__button md-logo">
<img src="../../assets/images/hawk-logo-white.svg" width="24" height="24">
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
Eclipse Hawk
</span>
<span class="md-header-nav__topic">
Thrift API security
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://git.eclipse.org/c/hawk/hawk.git/" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
Git repository @ Eclipse
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main" role="main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="../.." title="Eclipse Hawk" class="md-nav__button md-logo">
<img src="../../assets/images/hawk-logo-white.svg" width="48" height="48">
</a>
Eclipse Hawk
</label>
<div class="md-nav__source">
<a href="https://git.eclipse.org/c/hawk/hawk.git/" title="Go to repository" class="md-source" data-md-source="">
<div class="md-source__repository">
Git repository @ Eclipse
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." title="Home" class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2">
<label class="md-nav__link" for="nav-2">
Basic use
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-2">
Basic use
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../basic-use/installation/" title="Installation" class="md-nav__link">
Installation
</a>
</li>
<li class="md-nav__item">
<a href="../../basic-use/core-concepts/" title="Core concepts" class="md-nav__link">
Core concepts
</a>
</li>
<li class="md-nav__item">
<a href="../../basic-use/examples-xmi/" title="Examples (XMI)" class="md-nav__link">
Examples (XMI)
</a>
</li>
<li class="md-nav__item">
<a href="../../basic-use/examples-modelio/" title="Examples (Modelio)" class="md-nav__link">
Examples (Modelio)
</a>
</li>
<li class="md-nav__item">
<a href="../../basic-use/papyrus/" title="Papyrus UML support" class="md-nav__link">
Papyrus UML support
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-3" type="checkbox" id="nav-3">
<label class="md-nav__link" for="nav-3">
Advanced use
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-3">
Advanced use
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced-use/graph-as-emf/" title="Graph as EMF model" class="md-nav__link">
Graph as EMF model
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced-use/advanced-props/" title="Advanced properties" class="md-nav__link">
Advanced properties
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced-use/meta-queries/" title="Meta-level queries" class="md-nav__link">
Meta-level queries
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced-use/temporal-queries/" title="Temporal queries" class="md-nav__link">
Temporal queries
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced-use/oomph/" title="Oomph and Hawk" class="md-nav__link">
Oomph and Hawk
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-4" type="checkbox" id="nav-4" checked>
<label class="md-nav__link" for="nav-4">
Server
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-4">
Server
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../architecture/" title="Architecture" class="md-nav__link">
Architecture
</a>
</li>
<li class="md-nav__item">
<a href="../api/" title="Thrift API" class="md-nav__link">
Thrift API
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<a href="./" title="Thrift API security" class="md-nav__link md-nav__link--active">
Thrift API security
</a>
</li>
<li class="md-nav__item">
<a href="../deployment/" title="Deployment" class="md-nav__link">
Deployment
</a>
</li>
<li class="md-nav__item">
<a href="../cli/" title="Console client" class="md-nav__link">
Console client
</a>
</li>
<li class="md-nav__item">
<a href="../eclipse/" title="Eclipse client" class="md-nav__link">
Eclipse client
</a>
</li>
<li class="md-nav__item">
<a href="../file-config/" title="File-based configuration" class="md-nav__link">
File-based configuration
</a>
</li>
<li class="md-nav__item">
<a href="../logging/" title="Logging" class="md-nav__link">
Logging
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-5" type="checkbox" id="nav-5">
<label class="md-nav__link" for="nav-5">
Developers
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-5">
Developers
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../developers/run-from-source/" title="Run GUI from source" class="md-nav__link">
Run GUI from source
</a>
</li>
<li class="md-nav__item">
<a href="../../developers/server-from-source/" title="Run Server from source" class="md-nav__link">
Run Server from source
</a>
</li>
<li class="md-nav__item">
<a href="../../developers/plain-maven/" title="Build with plain Maven" class="md-nav__link">
Build with plain Maven
</a>
</li>
<li class="md-nav__item">
<a href="../../developers/website/" title="Work on the website" class="md-nav__link">
Work on the website
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-6" type="checkbox" id="nav-6">
<label class="md-nav__link" for="nav-6">
Community
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-6">
Community
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="https://www.eclipse.org/forums/index.php/f/442/" title="Forum" class="md-nav__link">
Forum
</a>
</li>
<li class="md-nav__item">
<a href="https://gitlab.eclipse.org/eclipse/hawk/hawk/-/issues/new" title="File a bug" class="md-nav__link">
File a bug
</a>
</li>
<li class="md-nav__item">
<a href="https://gitlab.eclipse.org/eclipse/hawk/hawk/-/issues" title="Open bugs" class="md-nav__link">
Open bugs
</a>
</li>
<li class="md-nav__item">
<a href="https://ci.eclipse.org/hawk/" title="Builds" class="md-nav__link">
Builds
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../additional-resources/" title="Additional resources" class="md-nav__link">
Additional resources
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<h1>Thrift API security</h1>
<p>In some cases, we may want to protect the API from unaccounted use, as clients would have access to potentially sensitive information. In order to provide this access control, the <a href="https://shiro.apache.org/">Apache Shiro</a> library has been integrated transparently as a filter for all incoming requests to the endpoints under <code>/thrift</code>. <code>/thrift-local</code> endpoints are not password-protected, as they only answer requests from other processes in the machine hosting the MONDO Server.</p>
<p>Apache Shiro protects these <code>/thrift</code> endpoints using standard HTTP Basic authentication, which is transparent to Thrift, avoiding the need to pollute the web API with access tokens in every single method. Industrial partners will be instructed to always use the authentication layer in combination with SSL, since HTTP Basic by itself is insecure.</p>
<p>One important advantage of Shiro is its configurability through a single <code>.ini</code> file, like this one:</p>
<div class="codehilite"><pre><span></span><code>[main]
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager
# Note: this should be set to true in production!
ssl.enabled = true
# Toggle to enable/disable authentication completely
authcBasic.enabled = true
# Use Hawk realm
mondoRealm = uk.ac.york.mondo.integration.server.users.servlet.shiro.UsersRealm
securityManager.realms = $mondoRealm
# We’re using SHA−512 for passwords, with 10k iterations
credentialsMatcher = org.apache.shiro.authc.credential.Sha512CredentialsMatcher
credentialsMatcher.hashIterations = 10000
mondoRealm.credentialsMatcher = $credentialsMatcher
[urls]
/thrift/** = ssl, authcBasic
</code></pre></div>
<p>Shiro is heavily componentized, making it easy to provide alternative implementations of certain pieces and reuse the default implementations for the rest. In the shown example, all requests to the <code>/thrift</code> endpoints go through the default <code>ssl</code> and <code>authcBasic</code> filters: when enabled, these filters enforce the use of SSL and HTTP Basic authentication respectively. Both filters should be enabled in production environments.</p>
<p>For the HTTP Basic authentication, the server provides its own implementation of a Shiro security realm, which is dedicated to storing and retrieving user details. The security realm uses an embedded <a href="http://www.mapdb.org/">MapDB</a> database to persist these user details, which are managed through the Users service (Section 5.2.4). An embedded database was used in order to prevent end users from having to set up a database just to store a small set of users. MapDB is distributed as a single <code>.jar</code> file, making it very simple to integrate. In any case, the realm could be replaced with another one if desired by editing <code>shiro.ini</code> on an installation.</p>
<p>Passwords for the MONDO realm are stored in a hashed and salted form, using 10000 iterations of SHA-512 and a random per-password salt.</p>
<p>As for the client side, the command-line based clients accept optional arguments for the required credentials when connecting to the Thrift endpoints. If the password is omitted, the command-line based clients will require it in a separate "silent" prompt that does not show the characters that are typed, preventing shoulder surfing attacks. Due to limitations in the Eclipse graphical user interface, these silent prompts are only available when running the command-line based clients from a proper terminal window and not from the Eclipse "Console" view.</p>
<p>The graphical clients connect to the Thrift endpoints using “lazy” credential providers: if authentication is required, they will attempt to retrieve previously used credentials from the Eclipse secure store and if no such credentials exist, they will show an authentication dialog asking for the username and password to be used. The Eclipse secure storage takes advantage of the access control and encryption capabilities of the underlying operating system as much as possible, and makes it possible to store passwords safely and conveniently. These stored MONDO server credentials can be managed from the "Hawk Servers" preference page.</p>
<p>Regarding the Artemis messaging queue, it has been secured with the same Shiro realm as the Thrift endpoints. The remote Hawk EMF abstraction (the only component that uses Artemis within the MONDO platform) will connect to Artemis with the same credentials that were used to connect to Thrift, if authentication was required.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../api/" title="Thrift API" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Thrift API
</span>
</div>
</a>
<a href="../deployment/" title="Deployment" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Deployment
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright © Eclipse Foundation, Inc. All Rights Reserved.
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">Material for MkDocs</a>
</div>
<div class="md-footer-copyright hawk-eclipse-links">
<ul>
<li><a href="https://www.eclipse.org/legal/privacy.php">Privacy Policy</a></li>
<li><a href="https://www.eclipse.org/legal/termsofuse.php">Terms of Use</a></li>
<li><a href="https://www.eclipse.org/legal/copyright.php">Copyright Agent</a></li>
</ul>
</div>
</div>
</div>
</footer>
</div>
<script src="../../assets/javascripts/application.c648116f.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>
</body>
</html>