View this PageEdit this PageAttachments to this PageHistory of this PageHomeRecent ChangesSearch the SwikiHelp Guide

4980 status

12/9/05

Demo working at home, not at the CoC. No UPnP sample programs work on these machines. I suspect a firewall issue, somehow.
Now using current Unix or NT credentials to authenticate with a device.
Owners now have access to their devices regardless of what the ACL says.

11/22/05

Attempted demo, not quite working yet.

11/15/05

Re-implemented permissions checking to use access control lists. Permissions are now based on access control lists for ports.
Next week: At least attempt a simple solution for getting owners and permissions into the profiles, probably hardcoded into the XML definition.

11/1/05

Mostly solved the problem of enumerating permissions
Next week: Finish (another) implementation of permissions checking. Begin solving the problem of getting the permissions into the system in a convenient way.

10/25/05

Wrote utility class for permissions checking. Permissions now stored and parsed much better.
Using new utility class in CommunicationManager.

10/20/05

Poster presentation

10/18/05

Fall break

10/11/05

Got news of poster presentation. Began planning poster.
Next week: Complete poster. Tues is a holiday...

10/4/05

Implemented permissions checking in communication manager
Next week: design permissions for individual device types/protocols

9/27/05

No new implementation yet, some design ideas for the user/permissions database added below.
Next week: Work on implementing permissions checking, investigate options for the database in more detail.


User/permissions

Uses current Unix or NT permissions, using JAAS. Config file is as follows:
uMiddle {
    com.sun.security.auth.module.UnixLoginModule Sufficient;
    com.sun.security.auth.module.NTLoginModule Sufficient;
};

And should be added to the java command line with "-Djava.security.auth.login.config=${UMIDDLE_HOME}/jaas.config"
Modifications to how authentication is performed should be made to this config file. For example, Kerberos support can be added.


Permissions format

Profiles now have a "default" access rule, if the user is not found in the list.
They also have an "allow" list and a "deny" list that contains a list of users who are allowed or denied access.

In the XML definition of a device, add the following block:
<permissions>
   <owner>username</owner>
   <default>allow</default>
   <allow>user1 user2 user3</allow>
   <deny>user4</deny>
</permissions>


These permissions should be defined per-port. As ports in uMiddle correspond directly to the capabilities of the device, this effectively creates access control lists for the various device capabilities.

Relevant new API calls

In EntityProfile:
String getOwner() - returns the owner of the profile
void setOwner(String newowner) - sets the owner of the profile
boolean getDefault() - returns the default access rule
void setDefault(boolean defaul) - sets the default accss rule
String getAllow() - returns the list of allowed users
void setAllow(String users) - sets the list of allowed users
String getDeny() - returns the list of denied users
void setDeny(String users) - sets the list of denied users
void setAttributes(Map attrib) - copies all of the entries from the parameter into the profile (pass the results from policy.getAttributes() for easy adding of permissions data)

AccessCheck (new utility class for checking access):
AccessCheck(EntityProfile profile) - creates a new AccessCheck for the given profile
boolean checkAccess(String user) - checks to see if the user has access for that profile
static String getCurrentUser() - returns the current username

AccessList (new utility class for adding, removing, and checking for users in a list):
AccessList(String str) - creates a new AccessList using the specified string
String toString() - compiles the list of users into a single string
void add(String s) - adds a user to the list
void remove(String s) - removes a user from the list
boolean contains(String s) - returns true if the user is present in the list

Link to this Page