java - Design question: Dynamically changing GUI -> sending implementation classes as soap attachments -
Here is a scenario: I have a Java Front End (RCP / SWT) app, which currently has no authentication support . I, however, have to add security to this application so that it is deployed in various enterprise environments. I have some approaches for which I thought I would share here with you and take your input. Please note that there is no strict requirement yet, so .. I would like to consider the typical and non-specific enterprise network security model.
Approach 1
- Create a 'security' webservice that will start the thick customer at startup.
- The customer asks for security for existing authentication mode and receives the implementation class of authentication as a soap attachment. In the received class, there will be no logic for the replacement, rather it describes the UI and describes the events present on the UI. (Customer can use a GUI Toolkit like Thinlet?)
- After class is loaded, a related to the current set authentication method is displayed on the end user < / Ul>
- This approach allows me to handle various certification plans. For example, if the app has to certify against the username and password stored in the database, then Username and Password A screen with the field will be sufficient. However, it is said that the user had to log on to a network that would include typing in the network name, the UI would include three fields if the security model on the client network determines NTLM / SSO based authentication, then the user will not see a UI . This will also leave the scope for future authentication methods - for example, to support a captcha-specific logon screen / biometric stuff.
- Username and Passwords are usually only two credentials needed for two certified methods?
- Ask the client for the web service and handle the webservice full authentication process.
Benefits:
approach 2
(Keepin in yes .., simple)
I am not sure how the above methods can be used? Appreciate your help.
I certainly do not recommend sending the definitions of class as SOAP attachments. A network classloader is more important, but still not necessary in your situation.
Put in the client who is there - many screen types are prepared on the UI client (such as defined in classes) and activate each of them based on the single value passed by the server. For example if the authentication type If the revolutionary
has been passed, then go to username / password if authentication. Simon Card is
- go for a smart card.
If you want to distribute the application and apply different etrin screens later, use it. Thus all customers will be guaranteed to run the latest version.
After knowing that some limitations apply to your needs, take a look.