You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Rob Walker (JIRA)" <ji...@apache.org> on 2010/12/28 19:30:46 UTC

[jira] Commented: (FELIX-2751) HttpContext implementation which supports BASIC auth.

    [ https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975572#action_12975572 ] 

Rob Walker commented on FELIX-2751:
-----------------------------------

My comment here would be whether such approaches, valid as they are, belong in a standard implementation of the HttpService. This seems more like an extension or application specific area. The OSGi HttpService provides the needed hooks to handle security, which can be used with BASIC auth, or any of the other flavours of HTTP auth - but it doesn't prescribe how they should be used.

Maybe it's just a JIRA classification thing - perhaps there's another classification that would be more appropriate for this, but it doesn't seem like an "open issue" with the HttpService to me.

- Rob

> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
>                 Key: FELIX-2751
>                 URL: https://issues.apache.org/jira/browse/FELIX-2751
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>            Reporter: Tamas Cserveny
>         Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my project. It was obvious, that I'll need to use HttpContext for that, but I felt that something like the basic auth or digest should be included in the system by default.
> I did not found anything on the net about an OSGi HttpContext implementing BasicAuth so I created a very basic one. The only thing it supports is authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot of polishing as currently the users are stored in a map inside the context, but should be extracted to some kind of Realm object and let the authentication/authorization be done there. But this would have been an overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
>     public VIRHttpContext() {
>         super( "VIRIF" );
>         loadUserAndPassword(  );
>     }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
>     @Property(name = "alias", value = "/vir"),
>     @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The implementation uses commons lang and codec. Maybe they can be refactored out.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.