java - where to store the user credentials in an enterprise application(EAI)? -

-

background/context

we developing event notification service. application @ high level looks below: high level flow

our developene scope involves widget , ens.

"ens" acts central point of collection types of events of interest users. user wants know when these types of events occur registers ens, identifies events in order , matches notifications subscriptions.

the user wants subscibe should valid user of intergrated application(db, sap system etc)

the sequence of events:

enter image description here

now question is:

what best pracitces in storing users db, sap etc credentials.

edit how should user authenticated? should everytime messages delivered?(as @duffymo mentioned, if use strategy, affect source system)

additional info: ens web-services.

ens polls sap(and other applications) , problem becoming more complex. in sap there data-level authorization. not users allowed see events/data.

if sap has pushed data, along user info has authorized see, no issues @ all.

case 1: scheduler initiated ens

  1. user subscribes subscription. @ time of subscription, user checked authorization in sap system. if ok, allowed subscription.
  2. the scheduler runs @ scheduled time.
  3. the scheduler identifies users subscribed.
  4. the scheduler uses stored credentials of users(stroed in ens) poll if event occured.
  5. notify users if there changes.

disadvs here:

  • user credentials stored somewhere external - security team might not accept it
  • reduntant hits if more 1 user subscribed same piece of information

case 2: scheduler intitated widget. user creds stored in users local machine only. diadv:

  • if subscription daily, , if user system/widget not up. user might miss notifications happened on say, weekends.
  • reduntant hits server if more 1 user subscribed same piece of information.

usually it's application that's given credentials database, sap, etc. individual users have credentials stored in ldap or database; authentication , authorization handled cross-cutting concern application, eai server, or appliance siteminder.

incoming requests intercepted , checked authorization tokens. if token doesn't appear, check authentication , authorization. if allowed, create authorization token , cache it.

this usual scenario web applications. event notification situation yours it's more complicated. you'll have check authorization when user subscribes. should notify them right away if user unauthorized, because don't want have check credentials every time publish. there have association between user, subscribed event, , authorization credential.

i see 1 problem.

you may broadcast events unauthorized user if subscribe event, find out authorized, receive first broadcast, , become unauthorized reason. suggests you'll have check credentials each , every time broadcast subscribers. become onerous , slow app down.

have @ standards saml see if can you.

the caching issue hinges on comparison between time between events , between authorization changes. if time between events long compared authorization changes have check each time, because have no way know if authorization has been rescinded since last event.


Comments

Post a Comment

Popular posts from this blog

python - Scipy curvefit RuntimeError:Optimal parameters not found: Number of calls to function has reached maxfev = 1000 -

-
Image
i want make logharitmic fit. keep getting runtime error: optimal parameters not found: number of calls function has reached maxfev = 1000 i use following script. can tell me go wrong? use spyder still beginner. import math import matplotlib mpl scipy.optimize import curve_fit import numpy np #data f1=[735.0,696.0,690.0,683.0,680.0,678.0,679.0,675.0,671.0,669.0,668.0,664.0,664.0] t1=[1,90000.0,178200.0,421200.0,505800.0,592200.0,768600.0,1036800.0,1371600.0,1630800.0,1715400.0,2345400.0,2409012.0] f1n=np.array(f1) t1n=np.array(t1) plt.plot(t1,f1,'ro',label="original data") # curvefit def func(t,a,b): return a+b*np.log(t) t=np.linspace(0,3600*24*28,13) popt, pcov = curve_fit(func, t, f1n, maxfev=1000) plt.plot(t, func(t, *popt), label="fitted curve") plt.legend(loc='upper left') plt.show() your original data t1 , f1 . therefore curve_fit should given t1 second argument, not t . popt, pcov = curve_fit(func,
Read more

c# - How to add a new treeview at the selected node? -

-
i have treeview 4 levels; parent, child, grandchild, great-grandchild. selectednode @ grandchild level. what i'm trying create new "treeview" @ grandchild - no, dont wnat create new node "selectednode" (grandchild). should somelike this: parent child grandchild (new treeview) parent grandchild great-grandchild child great-grandchild child grandchild grandchild it similar parent table mother , father went off , had new childern different spouse other spouse of there existing children. private sub populaterootlevel() ' query find first round of parent populatenodes(dt, jcatreeview.nodes) end sub private sub populatenodes(byval dt datatable, byval nodes treenodecollection) each dr datarow in dt.rows dim tn new treenode() tn.text = dr("title").tostring()
Read more

java - netbeans "Please wait - classpath scanning in progress..." -

-
when try compile netbeans projects message/error : "please wait - classpath scanning in progress..." and nothing happens , have have wait enternity conmpile "hello world"... now first thing have moved new office building, laptop same. it's secure enviroment lot of "security", can't connect anywhere almost. have changed user dir in netbeans.conf save data in c:\program files\user any ideas how fix this? alrady tried reinstalling netbeans, changing save location between standart , newone... just ideas find problem look @ cpu - netbeans busy (100% on 1 core) or blocking (95% idle)? standard, ant or maven build? libraries , use absolute or relative paths? start simple "hello world" project (no dependencies), add 1 lib (log4j or similiar), located in project folder , - if works - move lib other locations (choose locations similiar libs on real classpath) there chance, don't have access rights folders/shares conta
Read more