Eclipse RCP is rapidly gaining popularity as a framework for corporate desktop applications. These applications are often developed bespoke or in-house, and are the gateways to critical business functions. As such they must be secured: we must know exactly who each user is (i.e. they must be authenticated), and we must prevent users from performing tasks that they do not have the authority to perform (i.e. they must have authorization).
Eclipse RCP is an excellent base on which to build secure applications. Through plugins and extensions, we can offer a far cleaner experience for users by simply hiding the functions for which they are not authorized, instead of constantly showing "Access Denied" errors. Using OSGi we can even dynamically grant or deny access to functionality while the application is running.
Yet, frustratingly, RCP stops short of supplying "out-of-the-box" support for authentication and authorization, so this support must be added on. In this talk we discuss the principle techniques required; what the most common business requirements are for security, and how to achieve them; and how to integrate with existing technologies such as JAAS or Kerberos.
To conclude we will solicit feedback from the audience on the security requirements they would like to see made available through the base platform, in the hope of influencing future releases.
Neil is a Java developer and consultant specialising in Eclipse RCP and OSGi, in particular their use in large enterprise settings. Recently he has helped a number of financial institutions with their adoption of RCP and evangelises the use of the RCP/OSGi technology platform for both client and server-side development.