You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Christopher Elkins (JIRA)" <ji...@apache.org> on 2008/08/05 00:14:47 UTC
[jira] Created: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Add support for authentication/authorization methods in servlet request API
---------------------------------------------------------------------------
Key: SLING-599
URL: https://issues.apache.org/jira/browse/SLING-599
Project: Sling
Issue Type: Improvement
Components: Engine
Reporter: Christopher Elkins
Priority: Minor
Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Christopher Elkins (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher Elkins closed SLING-599.
------------------------------------
Verified with build of trunk at r682946.
Thanks for the quick resolution.
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Assignee: Felix Meschberger
> Priority: Minor
> Fix For: Engine 2.0.4
>
> Attachments: SlingHttpServletRequestImpl.java-2.patch, SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Christopher Elkins (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620017#action_12620017 ]
Christopher Elkins commented on SLING-599:
------------------------------------------
Ah, yes, I see that now. My code uses getUserPrincipal(), so I must've suffered from some tunnel vision.
An updated patch is forthcoming.
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Christopher Elkins (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher Elkins updated SLING-599:
-------------------------------------
Attachment: SlingHttpServletRequestImpl.java-2.patch
Updated patch that implements only the methods not already covered by the OSGi Http Service spec
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java-2.patch, SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Christopher Elkins (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christopher Elkins updated SLING-599:
-------------------------------------
Attachment: SlingHttpServletRequestImpl.java.patch
Adds support for authentication/authorization methods in HttpServletRequest by adapting the attributes prescribed by HttpContext and set by SlingAuthenticator.
Note: The UserPrincipal class was borrowed as-is from <http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/UserPrincipal.java>.
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620027#action_12620027 ]
Felix Meschberger commented on SLING-599:
-----------------------------------------
Great. Thanks for the patch, which looks good and ready to apply.
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Assignee: Felix Meschberger
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java-2.patch, SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619806#action_12619806 ]
Felix Meschberger commented on SLING-599:
-----------------------------------------
Thanks for submitting this patch, which looks good.
Just let me add a comment regarding the ..remote.user and ..authentication.type attributes: As I read the OSGi Http Service spec, the HttpService implementation must provide the values of the ..remote.user and ..authentication.type request attributes as the return values of the getRemoteUser() and getAuthenticationType() calls on the request objects. This is how the Apache Felix http.jetty and Pax Web Service implementations are done. In this sense, I would say, that we might want to not add the getRemoteUser() and getAuthenticationType() methods to the SlingHttpServletRequestImpl class.
I agree with the rest of the patch.
WDYT ?
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reassigned SLING-599:
---------------------------------------
Assignee: Felix Meschberger
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Assignee: Felix Meschberger
> Priority: Minor
> Attachments: SlingHttpServletRequestImpl.java-2.patch, SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-599) Add support for
authentication/authorization methods in servlet request API
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-599.
-------------------------------------
Resolution: Fixed
Fix Version/s: Engine 2.0.4
Committed slightly modified patch in Rev. 682946 and deployed SNAPSHOT version 2.0.3-incubator-20080805.210203-4.
The modification concerns the import of the useradmin package which I marked as resolution:=optional and moving the inner class to the end of the class file.
Please close this issue, if this is ok for you. Thanks.
> Add support for authentication/authorization methods in servlet request API
> ---------------------------------------------------------------------------
>
> Key: SLING-599
> URL: https://issues.apache.org/jira/browse/SLING-599
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Christopher Elkins
> Assignee: Felix Meschberger
> Priority: Minor
> Fix For: Engine 2.0.4
>
> Attachments: SlingHttpServletRequestImpl.java-2.patch, SlingHttpServletRequestImpl.java.patch
>
>
> Although SlingAuthenticator does populate some authentication state in the request, it does so in an non-portable way (from a Servlet API perspective). For example, it sets the remote user identifier as a request attribute whereas one familiar with the Servlet API would expect to obtain it by calling getRemoteUser().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.