You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Michael Dürig (JIRA)" <ji...@apache.org> on 2011/07/13 18:04:59 UTC
[jira] [Created] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
AbstractRepositoryService.createSessionInfo should handle null credentials
--------------------------------------------------------------------------
Key: JCR-3021
URL: https://issues.apache.org/jira/browse/JCR-3021
Project: Jackrabbit Content Repository
Issue Type: Improvement
Components: jackrabbit-spi-commons
Affects Versions: 2.3.0
Reporter: Michael Dürig
Assignee: Michael Dürig
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067782#comment-13067782 ]
Michael Dürig commented on JCR-3021:
------------------------------------
Ack. I wasn't aware of this section. I'll revert the change.
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
> Key: JCR-3021
> URL: https://issues.apache.org/jira/browse/JCR-3021
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi-commons
> Affects Versions: 2.3.0
> Reporter: Michael Dürig
> Assignee: Michael Dürig
> Fix For: 2.3.0
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dürig resolved JCR-3021.
--------------------------------
Resolution: Invalid
Reverted changes in revision 1148415.
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
> Key: JCR-3021
> URL: https://issues.apache.org/jira/browse/JCR-3021
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi-commons
> Affects Versions: 2.3.0
> Reporter: Michael Dürig
> Assignee: Michael Dürig
> Fix For: 2.3.0
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13067771#comment-13067771 ]
angela edited comment on JCR-3021 at 7/19/11 3:45 PM:
------------------------------------------------------
i am not convinced that this change according to the specification which states:
> 4.2.2 Guest Credentials
> GuestCredentials is used to acquire an anonymous session.
and
> 4.2.4 External Authentication
> By providing a signature of Repository.login that does not require
> Credentials, the content repository allows for authorization and authentication
> to be handled by JAAS (or another external mechanism) if the implementer so
> chooses.
> To use such an external mechanism to create sessions with end-user identity,
> invocations of the Repository.login method that do not specify Credentials
> (i.e., either a null Credentials is passed or a signature without the
> Credentials parameter is used) should obtain the identity of the already-
> authenticated user through that external mechanism.
IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather not add this to the SPI.
was (Author: anchela):
i am not convinced that this change according to the specification which states:
> 4.2.2 Guest Credentials
> GuestCredentials is used to acquire an anonymous session.
and
> 4.2.4 External Authentication
> By providing a signature of Repository.login that does not require
> Credentials, the content repository allows for authorization and authentication
> to be handled by JAAS (or another external mechanism) if the implementer so
> chooses.
> To use such an external mechanism to create sessions with end-user identity,
> invocations of the Repository.login method that do not specify Credentials
> (i.e., either a null Credentials is passed or a signature without the
> Credentials parameter is used) should obtain the identity of the already-
> authenticated user through that external mechanism.
IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather add this to the SPI.
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
> Key: JCR-3021
> URL: https://issues.apache.org/jira/browse/JCR-3021
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi-commons
> Affects Versions: 2.3.0
> Reporter: Michael Dürig
> Assignee: Michael Dürig
> Fix For: 2.3.0
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
Posted by "angela (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela reopened JCR-3021:
-------------------------
i am not convinced that this change according to the specification which states:
> 4.2.2 Guest Credentials
> GuestCredentials is used to acquire an anonymous session.
and
> 4.2.4 External Authentication
> By providing a signature of Repository.login that does not require
> Credentials, the content repository allows for authorization and authentication
> to be handled by JAAS (or another external mechanism) if the implementer so
> chooses.
> To use such an external mechanism to create sessions with end-user identity,
> invocations of the Repository.login method that do not specify Credentials
> (i.e., either a null Credentials is passed or a signature without the
> Credentials parameter is used) should obtain the identity of the already-
> authenticated user through that external mechanism.
IMO having null credentials mapped to anonymous login is not correct. we
use to have that in jackrabbit-core for backwards compatibility but i would
rather add this to the SPI.
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
> Key: JCR-3021
> URL: https://issues.apache.org/jira/browse/JCR-3021
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi-commons
> Affects Versions: 2.3.0
> Reporter: Michael Dürig
> Assignee: Michael Dürig
> Fix For: 2.3.0
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (JCR-3021)
AbstractRepositoryService.createSessionInfo should handle null credentials
Posted by "Michael Dürig (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Dürig resolved JCR-3021.
--------------------------------
Resolution: Fixed
Fix Version/s: 2.3.0
Fixed at revision 1146116
> AbstractRepositoryService.createSessionInfo should handle null credentials
> --------------------------------------------------------------------------
>
> Key: JCR-3021
> URL: https://issues.apache.org/jira/browse/JCR-3021
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-spi-commons
> Affects Versions: 2.3.0
> Reporter: Michael Dürig
> Assignee: Michael Dürig
> Fix For: 2.3.0
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira