eclipseauthenticationeclipse-emfcdo-emf

How to configure server-side authentication in CDO 3.0 or above?


Standalone CDO servers are configured using the cdo-server.xml configuration file, as explained on the CDO Wiki. A separate wiki page has further information about configuring server-side CDO/Net4j authentication, but it is outdated as of version 3.0, as noted on the page:

[...] Note that in CDO 3.0 we have an additional, superior athentication mechanism per CDOSession (not only on Net4j IConnector level). [...]

Neither new authentication mechanism, nor its usage are explained. How do I configure server-side authentication in CDO 3.0 or above?


Solution

  • The new authentication mechanism introduced in CDO 3.0 is configured using the userManager element in your cdo-server.xml, for example:

    <repository name="MyRepo">
        <userManager type="file" description="absolute-path-to-users-file"/>  
        ...
    </repository>
    

    The above example is using the built-in FileUserManager, which has a factory registered with the type "file". This user manager implementation authenticates users against a list of usernames and passwords stored in a flat file at the location specified in the description attribute. This file should contain the users and their passwords in the following format:

    user1:pwd1
    user2:pwd2
    

    Some background on implementing you own UserManager and how this configuration mechanism was implemented is available in the Eclipse Bugzilla issue Allow configuration of authentication in cdo-server.xml.