You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/03/16 22:26:28 UTC

[jira] Created: (SLING-1445) store the AuthenticationInfo object in a request attribute

store the AuthenticationInfo object in a request attribute
----------------------------------------------------------

                 Key: SLING-1445
                 URL: https://issues.apache.org/jira/browse/SLING-1445
             Project: Sling
          Issue Type: Improvement
          Components: Commons
            Reporter: Justin Edelson
            Assignee: Justin Edelson
             Fix For: Commons Auth 1.0.0


called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896059#action_12896059 ] 

Bertrand Delacretaz commented on SLING-1445:
--------------------------------------------

> Maybe we could add something like a copy() method to the resource resolver: 

Would work for me, currently I'm getting the AuthenticationInfo from a request attribute in [1], as it's needed to create a new ResourceResolver with the same credentials as the current one.

[1] http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/bgservlets/src/main/java/org/apache/sling/bgservlets/impl/BackgroundRequestExecutionJob.java

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12846148#action_12846148 ] 

Justin Edelson commented on SLING-1445:
---------------------------------------

done in r923991 and added to Authentication page on wiki

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger reassigned SLING-1445:
----------------------------------------

    Assignee: Felix Meschberger  (was: Justin Edelson)

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Felix Meschberger
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896499#action_12896499 ] 

Justin Edelson commented on SLING-1445:
---------------------------------------

This looks ok to me. 

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Reopened: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger reopened SLING-1445:
--------------------------------------


Thinking about this, I come to the conclusion that this is a bad idea, because it makes the password readily available for requests to read ....

What is the use case for having the AuthenticationInfo object as a request attribute ?

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger closed SLING-1445.
------------------------------------


This issue can now be closed.

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Felix Meschberger
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896210#action_12896210 ] 

Justin Edelson commented on SLING-1445:
---------------------------------------

IIRC, my use case was to log into a different workspace using the same credentials. copy() obviously won't help for this. Apologies for not documenting the rationale.

I can probably get by with a combination of loginAdministrative and impersonate if you want to roll this back.

(Bertrand - as an aside, I briefly looked at the class linked to above and didn't see the ResourceResolver being closed. Maybe I just missed it, but I figured it was worth mentioning.)

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Justin Edelson resolved SLING-1445.
-----------------------------------

    Resolution: Fixed

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896481#action_12896481 ] 

Felix Meschberger commented on SLING-1445:
------------------------------------------

What we could do is add a parameter to the ResourceResolver.copy() method:

     ResourceResolver copy(Map mergingCredentials);

mergingCredentials may be null; if not null, the contents of the mergingCredentials are merged with the credential Map used to create the ResourceResolver.

Thus the mergingCredentials could contain a different workspace name (or even a different username/password combo) to login.

Implementation-wise the ResourceResolver might probably keep the original credentials privately to use it to implement the copy method.

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-1445.
--------------------------------------

    Fix Version/s:     (was: Commons Auth 1.0.0)
       Resolution: Won't Fix

Reverted this change again, resolving this issue as won't fix.

> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Felix Meschberger
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-1445) store the AuthenticationInfo object in a request attribute

Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896054#action_12896054 ] 

Carsten Ziegeler commented on SLING-1445:
-----------------------------------------

Maybe we could add something like a copy() method to the resource resolver:

ResourceResolver newRR = oldRR.copy();



> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
>                 Key: SLING-1445
>                 URL: https://issues.apache.org/jira/browse/SLING-1445
>             Project: Sling
>          Issue Type: Improvement
>          Components: Commons
>            Reporter: Justin Edelson
>            Assignee: Justin Edelson
>             Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.