Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 417103

Summary: [Security] Provide console command to add users with passwords
Product: [Modeling] EMF Reporter: Esteban DUGUEPEROUX <esteban.dugueperoux>
Component: cdo.coreAssignee: Eike Stepper <stepper>
Status: CLOSED FIXED QA Contact: Eike Stepper <stepper>
Severity: enhancement    
Priority: P3 CC: stepper
Version: 4.3   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard:
Bug Depends on: 417300    
Bug Blocks:    

Description Esteban DUGUEPEROUX CLA 2013-09-12 10:58:38 EDT
Hi,

I test the security manager, and I try to add a new User but the default created security model does not allow addition of new User. I see that the default created security model does not include ClassPermission for UserPassword, I see the need of hide user password but not for Administrator. For our use case we want allow Administrator to upload a local security model to replace the default one but we cannot because of this issue.
Comment 1 Eike Stepper CLA 2013-09-12 12:07:39 EDT
The security model and framework assume that write access always includes read access, as well. I think that's normally okay but the security model's own UserPassword class is a little different. Administrators should be able to write to it (ideally just reset it to a value which gets only known to the user, not the admin!) but never read it. As explained above we can't implement/declare this special access (write/no read) in the model. Rather we need to handle this case separately in the framework ;-(

I'm closing this bug as wontfix, but made the scope of bug 399306 broader instead.
Comment 2 Esteban DUGUEPEROUX CLA 2013-09-13 02:52:36 EDT
Ok I understand your point of view. Thanks.
Comment 3 Esteban DUGUEPEROUX CLA 2013-09-16 04:55:15 EDT
We have get around by using our own securityManager extending the default one and overriding createRealm(), thanks again :)
Comment 4 Eike Stepper CLA 2013-09-16 05:54:21 EDT
I'm working on a console command that may help in the meantime.
Comment 5 Eike Stepper CLA 2013-09-16 06:28:40 EDT
---CDO commands---
   cdo adduser <repository-name> <username> [<password>] - adds a user to the security realm of a repository
Comment 6 Eike Stepper CLA 2013-09-16 06:35:48 EDT
commit 60c44e19b2b7cd168e55948d7ad18c2fa65d91e0
Comment 7 Eike Stepper CLA 2020-12-11 10:28:51 EST
Closing.
Comment 8 Eike Stepper CLA 2020-12-11 10:35:43 EST
Closing.