View this PageEdit this PageAttachments to this PageHistory of this PageHomeRecent ChangesSearch the SwikiHelp Guide

4980 status


Demo working at home, not at the CoC. No UPnP sample programs work on these machines. I suspect a firewall issue, somehow.
Now using current Unix or NT credentials to authenticate with a device.
Owners now have access to their devices regardless of what the ACL says.


Attempted demo, not quite working yet.


Re-implemented permissions checking to use access control lists. Permissions are now based on access control lists for ports.
Next week: At least attempt a simple solution for getting owners and permissions into the profiles, probably hardcoded into the XML definition.


Mostly solved the problem of enumerating permissions
Next week: Finish (another) implementation of permissions checking. Begin solving the problem of getting the permissions into the system in a convenient way.


Wrote utility class for permissions checking. Permissions now stored and parsed much better.
Using new utility class in CommunicationManager.


Poster presentation


Fall break


Got news of poster presentation. Began planning poster.
Next week: Complete poster. Tues is a holiday...


Implemented permissions checking in communication manager
Next week: design permissions for individual device types/protocols


No new implementation yet, some design ideas for the user/permissions database added below.
Next week: Work on implementing permissions checking, investigate options for the database in more detail.


Uses current Unix or NT permissions, using JAAS. Config file is as follows:
uMiddle { Sufficient; Sufficient;

And should be added to the java command line with "${UMIDDLE_HOME}/jaas.config"
Modifications to how authentication is performed should be made to this config file. For example, Kerberos support can be added.

Permissions format

Profiles now have a "default" access rule, if the user is not found in the list.
They also have an "allow" list and a "deny" list that contains a list of users who are allowed or denied access.

In the XML definition of a device, add the following block:
   <allow>user1 user2 user3</allow>

These permissions should be defined per-port. As ports in uMiddle correspond directly to the capabilities of the device, this effectively creates access control lists for the various device capabilities.

Relevant new API calls

In EntityProfile:
String getOwner() - returns the owner of the profile
void setOwner(String newowner) - sets the owner of the profile
boolean getDefault() - returns the default access rule
void setDefault(boolean defaul) - sets the default accss rule
String getAllow() - returns the list of allowed users
void setAllow(String users) - sets the list of allowed users
String getDeny() - returns the list of denied users
void setDeny(String users) - sets the list of denied users
void setAttributes(Map attrib) - copies all of the entries from the parameter into the profile (pass the results from policy.getAttributes() for easy adding of permissions data)

AccessCheck (new utility class for checking access):
AccessCheck(EntityProfile profile) - creates a new AccessCheck for the given profile
boolean checkAccess(String user) - checks to see if the user has access for that profile
static String getCurrentUser() - returns the current username

AccessList (new utility class for adding, removing, and checking for users in a list):
AccessList(String str) - creates a new AccessList using the specified string
String toString() - compiles the list of users into a single string
void add(String s) - adds a user to the list
void remove(String s) - removes a user from the list
boolean contains(String s) - returns true if the user is present in the list

Link to this Page