You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Eric Norman (Jira)" <ji...@apache.org> on 2021/02/26 23:34:00 UTC

[jira] [Created] (FELIX-6390) Refactor the default authentication mechanism of the webconsole to be a WebConsoleSecurityProvider2

Eric Norman created FELIX-6390:
----------------------------------

             Summary: Refactor the default authentication mechanism of the webconsole to be a WebConsoleSecurityProvider2
                 Key: FELIX-6390
                 URL: https://issues.apache.org/jira/browse/FELIX-6390
             Project: Felix
          Issue Type: Improvement
          Components: Web Console
            Reporter: Eric Norman
             Fix For: webconsole-4.6.2


To assist resolving SLING-10147 it would helpful if we could reasonably rely on there always being at least one WebConsoleSecurityProvider service available.

The use case is that a webconsole plugin needs to make http requests outside of the OsgiManager servlet to retrieve some information to display in the plugin UI.   The goal is that the security checking of that other endpoint would perform the same security checks that would be needed to access the webconsole itself.  Reusing the WebConsoleSecurityProvider service in both places would be ideal.

To make that the case, the proposal is to refactor the default "basic" authentication mechanism of the webconsole into a {{WebConsoleSecurityProvider}} class and expose it as a service.  A very low service.ranking of this last resort security provider should ensure that any other WebConsoleSecurityProvider component that exists would be used instead. 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)