Security features of XLLoop, for R server.

2011-03-05
2013-04-17
  • Nobody/Anonymous

    hello

    I was wondering if XLLoop has any built in security features that limits access?

    More specifically, I'm using the R version of the server.  I was able to get the server up and running using the instructions on http://xlloop.sourceforge.net/rserver.html

    I was wondering if there was any way to restrict client access by IP Address.  I've been trying but have been unsuccessful in getting the IP Address of the client from the socketConnection "con" object and restricting access based on IP Address.  Basically I want to get the IP Address of the client and check it against a list of valid IP Addresses and either process the request or return an error message if the IP Address is not allowed access.

    Any help you could provide would be much appreciated.  thanks.

     
  • Peter Smith

    Peter Smith - 2011-03-06

    Hi,

    There are a couple of "security" features at the moment.

    Set the INI key "send.user.info" to true and the addin will call the method "org.boris.xlloop.Initialize" when a new connection with a server is established
    Set the INI key "user.key" to any string value and that key will be sent along with the Initilalize method call

    Actually I'm not that familiar with R - the server was contributed by another user.

    Regards,
    Peter

     
  • Nobody/Anonymous

    Hmm, what class is the "org.boris.xlloop.Initialize" method in?  I don't see it in the javadocs.  http://xlloop.sourceforge.net/javadoc/index.html

    The XLLoop documentation says the "send.user.info" key is used to "send username/hostname to server when session initializes".  What is the "username" that the client sends to the server?

    Do you have the contact of the user that contributed the R code?  Maybe I can contact him.

     
  • Nobody/Anonymous

    These two client side INI file settings, "send.user.info" and "user.key", are they only supported by the Java version of the server?  I don't see anything in the R server code that supports these.

    I'm not sure how these parameters are accessed at the server if I'm running a Java server.  For example, let's say I set these values in the client side INI file:

    send.user.info=true
    user.key=foo

    When the client calls the server with a request?  Which java class and method is invoked with these parameter values and how can I access the values in my code.  I'm running the example Java server that starts by creating a FunctionServer

    FunctionServer fs = new FunctionServer();

    and ends with

    fs.run();

    After I start the FunctionServer, it seems to be out of my code's hands.  The FunctionServer handles all incoming requests and invokes any of the pre-registered methods added using the .addMethods method.  Do I need to create some sort of handler and register it with the FunctionServer in order to get these two parameter values from the client?  Once I receive the parameter values, can I restrict client access if they don't have the proper values?  Is there some way to tell the FunctionServer to deny the request?

     
  • Peter Smith

    Peter Smith - 2011-11-05

    Hi,

    Yes, you can register a callback method match that exact name. Take a look at the FunctionInformationHandler - it does exactly what is required but for the org.boris.xlloop.GetFunctions method.

    Here is a simple code snipet.

    public class InitializeHandler implements IFunctionHandler, IBuiltinFunctions
    {
        public XLoper execute(IFunctionContext context, String name, XLoper[] args) throws RequestException {
            // TODO: perform intiailization here
            return null;
        }
        public boolean hasFunction(String name) {
            return INITIALIZE.equals(name);
        }
    }
    

    Hope that helps.

    Thanks,
    Peter

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks