You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Bertrand Delacretaz (JIRA)" <ji...@apache.org> on 2008/03/13 17:08:25 UTC

[jira] Created: (SLING-327) SingAuthenticator: improve Repository sanity check

SingAuthenticator: improve Repository sanity check
--------------------------------------------------

                 Key: SLING-327
                 URL: https://issues.apache.org/jira/browse/SLING-327
             Project: Sling
          Issue Type: Improvement
            Reporter: Bertrand Delacretaz
            Priority: Minor


Currently the SlingAuthenticator sometimes behaves in funny ways if the Repository is not available, or not accepting logins for some reason. If anonymous access is allowed, for example, a login box might appear if the repository becomes unavailable, which makes things confusing.

The attached patch improves the situation by verifying that an admin session can be obtained from the Repository, and throws MissingRepositoryException if not.

This should allow better handling of Repository problems in higher application layers.

I'm not sure about all the implications - can we assume that an admin session is required for things to work?

Please review the patch before I apply it, or feel free to apply it, as I'll be mostly offline until after Easter

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-327) SingAuthenticator: improve Repository sanity check

Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bertrand Delacretaz resolved SLING-327.
---------------------------------------

    Resolution: Fixed

Thanks, this works for me.

In revision 638335 I have made the 500 and 503 error messages slightly more explicit, to make it easier to find out where the problems come from.

> SingAuthenticator: improve Repository sanity check
> --------------------------------------------------
>
>                 Key: SLING-327
>                 URL: https://issues.apache.org/jira/browse/SLING-327
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>         Attachments: SLING-327.patch
>
>
> Currently the SlingAuthenticator sometimes behaves in funny ways if the Repository is not available, or not accepting logins for some reason. If anonymous access is allowed, for example, a login box might appear if the repository becomes unavailable, which makes things confusing.
> The attached patch improves the situation by verifying that an admin session can be obtained from the Repository, and throws MissingRepositoryException if not.
> This should allow better handling of Repository problems in higher application layers.
> I'm not sure about all the implications - can we assume that an admin session is required for things to work?
> Please review the patch before I apply it, or feel free to apply it, as I'll be mostly offline until after Easter

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-327) SingAuthenticator: improve Repository sanity check

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578625#action_12578625 ] 

Felix Meschberger commented on SLING-327:
-----------------------------------------

I agree, that showing a login box when anonymous login is actually allowed is a bad thing - the intent is to send a UNAVAILABLE.

So rather than trying to login as admin we should find out, what is going on in certain situations when login is not possible ... Looking at the SlingAuthenticator.getAnonymousSession, the solution is quite clear: This method catches and logs exceptions but then fallsback to requesting authentication. This is probably not really the best of all known solutions. The real solution would probably be to act in the same way as when trying to normally login:

    * request authentication on LoginException
    * send 503/SERVICE UNAVAILABLE on TooManySessionsException
    * send 500/INTERNAL SERVER ERROR on RepositoryException

Also, I think creating an admin session on each request is quite hefty (but yes, Sling basically assumes admin access works).

> SingAuthenticator: improve Repository sanity check
> --------------------------------------------------
>
>                 Key: SLING-327
>                 URL: https://issues.apache.org/jira/browse/SLING-327
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>         Attachments: SLING-327.patch
>
>
> Currently the SlingAuthenticator sometimes behaves in funny ways if the Repository is not available, or not accepting logins for some reason. If anonymous access is allowed, for example, a login box might appear if the repository becomes unavailable, which makes things confusing.
> The attached patch improves the situation by verifying that an admin session can be obtained from the Repository, and throws MissingRepositoryException if not.
> This should allow better handling of Repository problems in higher application layers.
> I'm not sure about all the implications - can we assume that an admin session is required for things to work?
> Please review the patch before I apply it, or feel free to apply it, as I'll be mostly offline until after Easter

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SLING-327) SingAuthenticator: improve Repository sanity check

Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bertrand Delacretaz updated SLING-327:
--------------------------------------

    Attachment: SLING-327.patch

> SingAuthenticator: improve Repository sanity check
> --------------------------------------------------
>
>                 Key: SLING-327
>                 URL: https://issues.apache.org/jira/browse/SLING-327
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>         Attachments: SLING-327.patch
>
>
> Currently the SlingAuthenticator sometimes behaves in funny ways if the Repository is not available, or not accepting logins for some reason. If anonymous access is allowed, for example, a login box might appear if the repository becomes unavailable, which makes things confusing.
> The attached patch improves the situation by verifying that an admin session can be obtained from the Repository, and throws MissingRepositoryException if not.
> This should allow better handling of Repository problems in higher application layers.
> I'm not sure about all the implications - can we assume that an admin session is required for things to work?
> Please review the patch before I apply it, or feel free to apply it, as I'll be mostly offline until after Easter

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-327) SingAuthenticator: improve Repository sanity check

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SLING-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578790#action_12578790 ] 

Felix Meschberger commented on SLING-327:
-----------------------------------------

In Rev. 637125 I committed a fix, which applies the same exception checking as for regular (Credentials based) login when acquiring the anonymous session. After exception handling authentication checking returns with failure.

So, when the repository is in a strange state - available yet not available - or the session pool is fully used or something else altogether - no authentication prompt is displayed.

Bertrand, can you please verify whether this is what you needed ? Thanks.

> SingAuthenticator: improve Repository sanity check
> --------------------------------------------------
>
>                 Key: SLING-327
>                 URL: https://issues.apache.org/jira/browse/SLING-327
>             Project: Sling
>          Issue Type: Improvement
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>         Attachments: SLING-327.patch
>
>
> Currently the SlingAuthenticator sometimes behaves in funny ways if the Repository is not available, or not accepting logins for some reason. If anonymous access is allowed, for example, a login box might appear if the repository becomes unavailable, which makes things confusing.
> The attached patch improves the situation by verifying that an admin session can be obtained from the Repository, and throws MissingRepositoryException if not.
> This should allow better handling of Repository problems in higher application layers.
> I'm not sure about all the implications - can we assume that an admin session is required for things to work?
> Please review the patch before I apply it, or feel free to apply it, as I'll be mostly offline until after Easter

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.