PasswordSafe and multiple users

Answered

I'm using PasswordSafe in my plugin to store the authentication details for user connections to a database. The service name for the settings are currently keyed to the hostname:port so users with the same username will not clash.

The issue I'm running into is that PasswordSafe is only storing the password for a single user. That is, if I use the same hostname:port, but with different user names then when creating/editing details for one, the password for the other gets removed.

When getting the password, I'm using:

    val credentialAttributes = CredentialAttributes(serviceName, username)
return PasswordSafe.instance.get(credentialAttributes)?.getPasswordAsString()

and when setting the password, I'm using:

    val credentialAttributes = CredentialAttributes(serviceName, username)
PasswordSafe.instance.set(credentialAttributes, password?.let { Credentials(username, it) })

Do I need to remove the username from the CredentialAttributes object? Should I be including the username in the service name?

If I remove the username from the CredentialAttributes object, will I need to support the current code for compatibility with existing credential store details?

Thanks in advance,

Reece

4 comments
Comment actions Permalink

Sorry this got lost.

 

What about com.intellij.credentialStore.CredentialAttributes#userName?

0
Comment actions Permalink

Thanks for the reply. -- My issue is not trying to get the username for the credentials, but connecting to the same service with different users.

My serviceName looks like this: "uk.co.reecedunn.intellij.plugin.processor: $hostname:$databasePort" e.g. http://localhost:8001. These are identifying the configured XQuery database location (e.g. MarkLogic or eXist-db).

I'm then passing the username for an account on that database and using the password safe to securely store the associated password. This works for a single user (e.g. "admin"), but if I configure multiple users (e.g. "admin", and "guest"), the passwords are not remembered.

That is, it looks like IntelliJ is only using the serverName as the key and not including the username when resolving the password.

Note: the users here are users on the database, not users of the computer or IntelliJ.

0
Comment actions Permalink

Sorry, I do not quite understand. Do you provide CredentialAttributes#userName now or not? Could you please link the actual code if possible?

 

0
Comment actions Permalink

The code is located at https://github.com/rhdunn/xquery-intellij-plugin/blob/master/src/plugin-api/main/uk/co/reecedunn/intellij/plugin/processor/query/connection/ConnectionSettings.kt. -- That is the code that is calling PasswordSafe.

I'm using that ConnectionSettings class in https://github.com/rhdunn/xquery-intellij-plugin/blob/master/src/plugin-api/main/uk/co/reecedunn/intellij/plugin/processor/query/http/HttpConnection.kt#L43 to connect to an XQuery database in order to run XQuery code on it.

The ConnectionSettings object holds the details for a database connection. I'm storing the username in that class and am using the PasswordSafe and CredentialsAttributes to manage the password (so it is stored securely and not as part of a configuration XML file).

A user could have multiple ConnectionSettings to the same database (and thus the same service name) for different users on that database. For example:

1. ConnectionSettings(hostname="localhost", databasePort=8000, username="admin-user")

2. ConnectionSettings(hostname="localhost", databasePort=8000, username="limited-access-user")

This results in the password being empty when requested from the PasswordSafe, where it should return the password set for the corresponding user (here either "admin-user" or "limited-access-user").

If the connection settings have a different hostname or databasePort (i.e. a diferrent serviceName) then the password is saved correctly.

0

Please sign in to leave a comment.