You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Justin Edelson (JIRA)" <ji...@apache.org> on 2010/03/16 22:26:28 UTC
[jira] Created: (SLING-1445) store the AuthenticationInfo object in
a request attribute
store the AuthenticationInfo object in a request attribute
----------------------------------------------------------
Key: SLING-1445
URL: https://issues.apache.org/jira/browse/SLING-1445
Project: Sling
Issue Type: Improvement
Components: Commons
Reporter: Justin Edelson
Assignee: Justin Edelson
Fix For: Commons Auth 1.0.0
called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896059#action_12896059 ]
Bertrand Delacretaz commented on SLING-1445:
--------------------------------------------
> Maybe we could add something like a copy() method to the resource resolver:
Would work for me, currently I'm getting the AuthenticationInfo from a request attribute in [1], as it's needed to create a new ResourceResolver with the same credentials as the current one.
[1] http://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/bgservlets/src/main/java/org/apache/sling/bgservlets/impl/BackgroundRequestExecutionJob.java
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12846148#action_12846148 ]
Justin Edelson commented on SLING-1445:
---------------------------------------
done in r923991 and added to Authentication page on wiki
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reassigned SLING-1445:
----------------------------------------
Assignee: Felix Meschberger (was: Justin Edelson)
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Felix Meschberger
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896499#action_12896499 ]
Justin Edelson commented on SLING-1445:
---------------------------------------
This looks ok to me.
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reopened SLING-1445:
--------------------------------------
Thinking about this, I come to the conclusion that this is a bad idea, because it makes the password readily available for requests to read ....
What is the use case for having the AuthenticationInfo object as a request attribute ?
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (SLING-1445) store the AuthenticationInfo object in
a request attribute
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger closed SLING-1445.
------------------------------------
This issue can now be closed.
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Felix Meschberger
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896210#action_12896210 ]
Justin Edelson commented on SLING-1445:
---------------------------------------
IIRC, my use case was to log into a different workspace using the same credentials. copy() obviously won't help for this. Apologies for not documenting the rationale.
I can probably get by with a combination of loginAdministrative and impersonate if you want to roll this back.
(Bertrand - as an aside, I briefly looked at the class linked to above and didn't see the ResourceResolver being closed. Maybe I just missed it, but I figured it was worth mentioning.)
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Edelson resolved SLING-1445.
-----------------------------------
Resolution: Fixed
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896481#action_12896481 ]
Felix Meschberger commented on SLING-1445:
------------------------------------------
What we could do is add a parameter to the ResourceResolver.copy() method:
ResourceResolver copy(Map mergingCredentials);
mergingCredentials may be null; if not null, the contents of the mergingCredentials are merged with the credential Map used to create the ResourceResolver.
Thus the mergingCredentials could contain a different workspace name (or even a different username/password combo) to login.
Implementation-wise the ResourceResolver might probably keep the original credentials privately to use it to implement the copy method.
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-1445.
--------------------------------------
Fix Version/s: (was: Commons Auth 1.0.0)
Resolution: Won't Fix
Reverted this change again, resolving this issue as won't fix.
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Felix Meschberger
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1445) store the AuthenticationInfo object
in a request attribute
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896054#action_12896054 ]
Carsten Ziegeler commented on SLING-1445:
-----------------------------------------
Maybe we could add something like a copy() method to the resource resolver:
ResourceResolver newRR = oldRR.copy();
> store the AuthenticationInfo object in a request attribute
> ----------------------------------------------------------
>
> Key: SLING-1445
> URL: https://issues.apache.org/jira/browse/SLING-1445
> Project: Sling
> Issue Type: Improvement
> Components: Commons
> Reporter: Justin Edelson
> Assignee: Justin Edelson
> Fix For: Commons Auth 1.0.0
>
>
> called org.apache.sling.commons.auth.spi.AuthenticationInfo
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.