2.3. Security

This chapter is split up into two sub-sections, explaining the process of authentication and authorization.

Before any further authorization can be performed the system needs to know who wants to perform an operation. Selecting a user and verifying the identity is the process called authentication.

Eclipse SCADA uses a simple TCP client/server communication concept with the NGP and NET protocol. After the TCP connection has been established the client side sends its user credentials to the server side. The server verifies and remembers the authenticated user for the lifetime of the TCP connection or closes the TCP connection immediately. Data subscription and control operation can only be performed after the user has been authenticated.

After the user has been authenticated it will be checked if the user has the right to connect to the server. See also the section "authorization".

There are two ways of authenticating a user in Eclipse SCADA. The first, simple, mechanism is used for connector modules (aka drivers). Each driver checks for a specific username and password combination during the logon process described above. The server checks for the system property org.eclipse.scada.core.server.common.ServiceCommon.password if is is set the value will be used as password. The user name is not relevant but will be remembered by the server. If the password is not set any user is allowed to connect to the service without authentication.

The second, more complex, way is used by OSGi based services (aka master server and hd server ). The server will scan for authentication services using OSGi. All registered services will be consulted in the order of their priority. When the first authentication service returns a valid user, this user will be used. If no service is found or no service accepted nor rejected the user the user information will be anonymous and accepted. Although the user might connect as anonymous during this step, access will be restricted by the authorization step afterwards where it is checked if the user is allowed to log on.

Eclipse SCADA has two different behaviors for connections to servers. One manual mode and one automatic mode. The decision is done by the application which mode to use. It cannot be configured in the connection string itself.

The easier version is the manual mode. Establishing the connection is manually triggered (e.g. by a user) and manually closed. If the connections breaks, it simply stays closed. This mode is, for example, used in the ESAC application. Connections are opened and closed on user request. If the connection breaks, an error message displayed to the user and the connection stays closed until the user re-opens.

In automatic mode the application simply decides weather the connection should stay open or stay closed. Eclipse SCADA manages then the connection state and will trigger connect and disconnect calls automatically. In most cases the application simply requests the connection to be open. This mode is primarily used by the master server or the normal end user client.

When the connection is requested to be opened, the appropriate call is made to the connection itself. If the connection break a re-connect will be triggered immediately. The time of this requested will be noted and the next action (connect or disconnect) will be delayed by the quiet period. The default quiet period is 10 seconds, but can be changed using the system property openscada.default.reconnect.delay which holds the time in milliseconds. So if the connection breaks and the first reconnect fails, the next reconnect will not be tried until the quiet period is over. After that the next connection attempt will be made.