You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Michael Dürig (JIRA)" <ji...@apache.org> on 2011/07/13 18:04:59 UTC

[jira] [Created] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

AbstractRepositoryService.createSessionInfo should handle null credentials
--------------------------------------------------------------------------

                 Key: JCR-3021
                 URL: https://issues.apache.org/jira/browse/JCR-3021
             Project: Jackrabbit Content Repository
          Issue Type: Improvement
          Components: jackrabbit-spi-commons
    Affects Versions: 2.3.0
            Reporter: Michael Dürig
            Assignee: Michael Dürig




--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067782#comment-13067782 ] 

Michael Dürig commented on JCR-3021:
------------------------------------

Ack. I wasn't aware of this section. I'll revert the change. 

> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
>                 Key: JCR-3021
>                 URL: https://issues.apache.org/jira/browse/JCR-3021
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-spi-commons
>    Affects Versions: 2.3.0
>            Reporter: Michael Dürig
>            Assignee: Michael Dürig
>             Fix For: 2.3.0
>
>


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Dürig resolved JCR-3021.
--------------------------------

    Resolution: Invalid

Reverted changes in revision 1148415.

> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
>                 Key: JCR-3021
>                 URL: https://issues.apache.org/jira/browse/JCR-3021
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-spi-commons
>    Affects Versions: 2.3.0
>            Reporter: Michael Dürig
>            Assignee: Michael Dürig
>             Fix For: 2.3.0
>
>


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Issue Comment Edited] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

Posted by "angela (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067771#comment-13067771 ] 

angela edited comment on JCR-3021 at 7/19/11 3:45 PM:
------------------------------------------------------

i am not convinced that this change according to the specification which states:

> 4.2.2 Guest Credentials 
> GuestCredentials is used to acquire an anonymous session. 

and

> 4.2.4 External Authentication 
> By providing a signature of Repository.login that does not require 
> Credentials, the content repository allows for authorization and authentication 
> to be handled by JAAS (or another external mechanism) if the implementer so 
> chooses. 
> To use such an external mechanism to create sessions with end-user identity, 
> invocations of the Repository.login method that do not specify Credentials 
> (i.e., either a null Credentials is passed or a signature without the 
> Credentials parameter is used) should obtain the identity of the already- 
> authenticated user through that external mechanism.

IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather not add this to the SPI.

      was (Author: anchela):
    i am not convinced that this change according to the specification which states:

> 4.2.2 Guest Credentials 
> GuestCredentials is used to acquire an anonymous session. 

and

> 4.2.4 External Authentication 
> By providing a signature of Repository.login that does not require 
> Credentials, the content repository allows for authorization and authentication 
> to be handled by JAAS (or another external mechanism) if the implementer so 
> chooses. 
> To use such an external mechanism to create sessions with end-user identity, 
> invocations of the Repository.login method that do not specify Credentials 
> (i.e., either a null Credentials is passed or a signature without the 
> Credentials parameter is used) should obtain the identity of the already- 
> authenticated user through that external mechanism.

IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather add this to the SPI.
  
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
>                 Key: JCR-3021
>                 URL: https://issues.apache.org/jira/browse/JCR-3021
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-spi-commons
>    Affects Versions: 2.3.0
>            Reporter: Michael Dürig
>            Assignee: Michael Dürig
>             Fix For: 2.3.0
>
>


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Reopened] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

Posted by "angela (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela reopened JCR-3021:
-------------------------


i am not convinced that this change according to the specification which states:

> 4.2.2 Guest Credentials 
> GuestCredentials is used to acquire an anonymous session. 

and

> 4.2.4 External Authentication 
> By providing a signature of Repository.login that does not require 
> Credentials, the content repository allows for authorization and authentication 
> to be handled by JAAS (or another external mechanism) if the implementer so 
> chooses. 
> To use such an external mechanism to create sessions with end-user identity, 
> invocations of the Repository.login method that do not specify Credentials 
> (i.e., either a null Credentials is passed or a signature without the 
> Credentials parameter is used) should obtain the identity of the already- 
> authenticated user through that external mechanism.

IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather add this to the SPI.

> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
>                 Key: JCR-3021
>                 URL: https://issues.apache.org/jira/browse/JCR-3021
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-spi-commons
>    Affects Versions: 2.3.0
>            Reporter: Michael Dürig
>            Assignee: Michael Dürig
>             Fix For: 2.3.0
>
>


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (JCR-3021) AbstractRepositoryService.createSessionInfo should handle null credentials

Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Dürig resolved JCR-3021.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 2.3.0

Fixed at revision 1146116

> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
>                 Key: JCR-3021
>                 URL: https://issues.apache.org/jira/browse/JCR-3021
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-spi-commons
>    Affects Versions: 2.3.0
>            Reporter: Michael Dürig
>            Assignee: Michael Dürig
>             Fix For: 2.3.0
>
>


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira