You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Tamas Cserveny (JIRA)" <ji...@apache.org> on 2010/12/28 12:02:46 UTC
[jira] Created: (FELIX-2751) HttpContext implementation which
supports BASIC auth.
HttpContext implementation which supports BASIC auth.
-----------------------------------------------------
Key: FELIX-2751
URL: https://issues.apache.org/jira/browse/FELIX-2751
Project: Felix
Issue Type: Improvement
Components: HTTP Service
Reporter: Tamas Cserveny
I've tried to implement the basic authentication scheme for a servlet in my project. It was obvious, that I'll need to use HttpContext for that, but I felt that something like the basic auth or digest should be included in the system by default.
I did not found anything on the net about an OSGi HttpContext implementing BasicAuth so I created a very basic one. The only thing it supports is authentication against a static list of users.
You'll need to extend it and read the users from somewhere. It may need lot of polishing as currently the users are stored in a map inside the context, but should be extracted to some kind of Realm object and let the authentication/authorization be done there. But this would have been an overkill for my purpose.
Example:
@Component
@Service
@Property(name="contextId", value="VIRIF")
public class VIRHttpContext extends BasicAuthHttpContext {
public VIRHttpContext() {
super( "VIRIF" );
loadUserAndPassword( );
}
...
}
and then annotate the servlet:
@Component
@Service
@Properties({
@Property(name = "alias", value = "/vir"),
@Property(name = "contextId", value = "VIRIF")
})
public class SecuredCommandServlet extends HttpServlet {
}
ps. The examples uses the whiteboard bundle and the SCR maven plugin. The implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FELIX-2751) HttpContext implementation which
supports BASIC auth.
Posted by "Rob Walker (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975572#action_12975572 ]
Rob Walker commented on FELIX-2751:
-----------------------------------
My comment here would be whether such approaches, valid as they are, belong in a standard implementation of the HttpService. This seems more like an extension or application specific area. The OSGi HttpService provides the needed hooks to handle security, which can be used with BASIC auth, or any of the other flavours of HTTP auth - but it doesn't prescribe how they should be used.
Maybe it's just a JIRA classification thing - perhaps there's another classification that would be more appropriate for this, but it doesn't seem like an "open issue" with the HttpService to me.
- Rob
> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
> Key: FELIX-2751
> URL: https://issues.apache.org/jira/browse/FELIX-2751
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Tamas Cserveny
> Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my project. It was obvious, that I'll need to use HttpContext for that, but I felt that something like the basic auth or digest should be included in the system by default.
> I did not found anything on the net about an OSGi HttpContext implementing BasicAuth so I created a very basic one. The only thing it supports is authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot of polishing as currently the users are stored in a map inside the context, but should be extracted to some kind of Realm object and let the authentication/authorization be done there. But this would have been an overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
> public VIRHttpContext() {
> super( "VIRIF" );
> loadUserAndPassword( );
> }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
> @Property(name = "alias", value = "/vir"),
> @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FELIX-2751) HttpContext implementation which
supports BASIC auth.
Posted by "Tamas Cserveny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Cserveny updated FELIX-2751:
----------------------------------
Attachment: BasicAuthHttpContext.java
AuthHttpContext.java
> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
> Key: FELIX-2751
> URL: https://issues.apache.org/jira/browse/FELIX-2751
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Tamas Cserveny
> Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my project. It was obvious, that I'll need to use HttpContext for that, but I felt that something like the basic auth or digest should be included in the system by default.
> I did not found anything on the net about an OSGi HttpContext implementing BasicAuth so I created a very basic one. The only thing it supports is authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot of polishing as currently the users are stored in a map inside the context, but should be extracted to some kind of Realm object and let the authentication/authorization be done there. But this would have been an overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
> public VIRHttpContext() {
> super( "VIRIF" );
> loadUserAndPassword( );
> }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
> @Property(name = "alias", value = "/vir"),
> @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FELIX-2751) HttpContext implementation which
supports BASIC auth.
Posted by "Tamas Cserveny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975589#action_12975589 ]
Tamas Cserveny commented on FELIX-2751:
---------------------------------------
Hi Rob,
I always have the feeling that the OSGi compendium service spec is a "clean room" specification, slightly off reality.
Don't get me wrong, I like them very much, this is why I also think, that it is not fair to expect from developers that they implement very basic security features. (Basic, Digest auth, maybe usage of User Admin) They should be provided somehow. (Same goes for Log Service)
Maybe you are right, this could be a JIRA-thing. Maybe this could be a separate bundle or just a util somewhere.
... or even "the jboss way ;-)": this issue hangs here forever and people will just use the attachment as is.
Cheers,
Tamas
> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
> Key: FELIX-2751
> URL: https://issues.apache.org/jira/browse/FELIX-2751
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Tamas Cserveny
> Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my project. It was obvious, that I'll need to use HttpContext for that, but I felt that something like the basic auth or digest should be included in the system by default.
> I did not found anything on the net about an OSGi HttpContext implementing BasicAuth so I created a very basic one. The only thing it supports is authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot of polishing as currently the users are stored in a map inside the context, but should be extracted to some kind of Realm object and let the authentication/authorization be done there. But this would have been an overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
> public VIRHttpContext() {
> super( "VIRIF" );
> loadUserAndPassword( );
> }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
> @Property(name = "alias", value = "/vir"),
> @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.