You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2010/01/11 09:27:54 UTC
[jira] Created: (SLING-1282) Adminisrative logins depend on
password in the code or config
Adminisrative logins depend on password in the code or config
-------------------------------------------------------------
Key: SLING-1282
URL: https://issues.apache.org/jira/browse/SLING-1282
Project: Sling
Issue Type: Bug
Components: JCR
Affects Versions: JCR Jackrabbit Server 2.0.6
Reporter: Ian Boston
Assignee: Ian Boston
Fix For: JCR Jackrabbit Server 2.0.6
Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ian Boston resolved SLING-1282.
-------------------------------
Resolution: Fixed
Fixed, Administrative and Anon logins no longer rely on the configured passwords allowing those password to be changed by the UserManager without requiring a full restart.
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804089#action_12804089 ]
Felix Meschberger commented on SLING-1282:
------------------------------------------
> Jackrabbit binds directly to SImpleCredentials which is final.
Yes, this is a problem with the 1.6 branch. It is better in 2.0 which has a new method supportsCredentials(Credentials) which may be overwritten to support extended credentials.
Looking at the patch, I think it looks basically ok but is not backwards compatible: Extensions of the AbstractSlingRepository will break. Thus I would suggest we keep the passwords in the AbstractSlingRepository and provide default implementations for the getAdministrativeCredentials and getAnonymousCredentials method. The embedded repository bundle, could then overwrite these implementations using the new credentials (thus simply ignoring the passwords, not nice for now, but probably best we can do at this moment).
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (SLING-1282) Adminisrative logins depend on password
in the code or config
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed SLING-1282.
-----------------------------------
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by Felix Meschberger <fm...@gmail.com>.
Thanks for the patch. I try to look into it asap.
Regards
Felix
On 21.01.2010 18:59, Ian Boston (JIRA) wrote:
>
> [ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803395#action_12803395 ]
>
> Ian Boston commented on SLING-1282:
> -----------------------------------
>
> Uploaded patch set for this to http://codereview.appspot.com/190100
>
> Issues:
> Jackrabbit binds directly to SImpleCredentials which is final.
> So I have had to use a wrapped callback handler to intercept requests for the User ID and Impersonation where the final AdministrativeCredentials and AnonCredentials are used. This appears to be perfectly Ok for the UserID, but I am concerned that two things might be broken and not picked up by either integration testing or unit testing
>
> Impersonation
> JAAS based authentication which will further rely on the CallbackHandler mechanisms.
>
> If someone has the time, I would appreciate a check as I dont think I should commit as it is.
> Thanks
> Ian
>
>> Adminisrative logins depend on password in the code or config
>> -------------------------------------------------------------
>>
>> Key: SLING-1282
>> URL: https://issues.apache.org/jira/browse/SLING-1282
>> Project: Sling
>> Issue Type: Bug
>> Components: JCR
>> Affects Versions: JCR Jackrabbit Server 2.0.6
>> Reporter: Ian Boston
>> Assignee: Ian Boston
>> Fix For: JCR Jackrabbit Server 2.0.6
>>
>>
>> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
>> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
>> same is true for Anon/Guest users, although less important.
>
[jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803395#action_12803395 ]
Ian Boston commented on SLING-1282:
-----------------------------------
Uploaded patch set for this to http://codereview.appspot.com/190100
Issues:
Jackrabbit binds directly to SImpleCredentials which is final.
So I have had to use a wrapped callback handler to intercept requests for the User ID and Impersonation where the final AdministrativeCredentials and AnonCredentials are used. This appears to be perfectly Ok for the UserID, but I am concerned that two things might be broken and not picked up by either integration testing or unit testing
Impersonation
JAAS based authentication which will further rely on the CallbackHandler mechanisms.
If someone has the time, I would appreciate a check as I dont think I should commit as it is.
Thanks
Ian
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804242#action_12804242 ]
Ian Boston commented on SLING-1282:
-----------------------------------
That makes sense, I will modify, test and commit.
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12800615#action_12800615 ]
Ian Boston commented on SLING-1282:
-----------------------------------
was discussed here http://markmail.org/thread/ppvsmacmwnrateca
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ian Boston reopened SLING-1282:
-------------------------------
Problems exist with impersonation, reverted all changes and re-opened.
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Ian Boston (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ian Boston resolved SLING-1282.
-------------------------------
Resolution: Fixed
Fixed problems with impersonation.
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by Felix Meschberger <fm...@gmail.com>.
np ;-)
Regards
Felix
On 25.01.2010 09:19, Ian Boston wrote:
> Thanks for picking this up, I should have remembered.
> Ian
>
> On 24 Jan 2010, at 20:03, Felix Meschberger (JIRA) wrote:
>
>>
>> [ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804293#action_12804293 ]
>>
>> Felix Meschberger commented on SLING-1282:
>> ------------------------------------------
>>
>> Commented the password properties that they are not used in the embedded Jackrabbit Repository bundle in Rev. 902634 and in Rev. 902635 set the passwords to a dummy value in the generated default configuration.
>>
>>> Adminisrative logins depend on password in the code or config
>>> -------------------------------------------------------------
>>>
>>> Key: SLING-1282
>>> URL: https://issues.apache.org/jira/browse/SLING-1282
>>> Project: Sling
>>> Issue Type: Bug
>>> Components: JCR
>>> Affects Versions: JCR Jackrabbit Server 2.0.6
>>> Reporter: Ian Boston
>>> Assignee: Ian Boston
>>> Fix For: JCR Jackrabbit Server 2.0.6
>>>
>>>
>>> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
>>> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
>>> same is true for Anon/Guest users, although less important.
>>
>> --
>> This message is automatically generated by JIRA.
>> -
>> You can reply to this email to add a comment to the issue online.
>>
>
>
Re: [jira] Commented: (SLING-1282) Adminisrative logins depend on password in the code or config
Posted by Ian Boston <ie...@tfd.co.uk>.
Thanks for picking this up, I should have remembered.
Ian
On 24 Jan 2010, at 20:03, Felix Meschberger (JIRA) wrote:
>
> [ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804293#action_12804293 ]
>
> Felix Meschberger commented on SLING-1282:
> ------------------------------------------
>
> Commented the password properties that they are not used in the embedded Jackrabbit Repository bundle in Rev. 902634 and in Rev. 902635 set the passwords to a dummy value in the generated default configuration.
>
>> Adminisrative logins depend on password in the code or config
>> -------------------------------------------------------------
>>
>> Key: SLING-1282
>> URL: https://issues.apache.org/jira/browse/SLING-1282
>> Project: Sling
>> Issue Type: Bug
>> Components: JCR
>> Affects Versions: JCR Jackrabbit Server 2.0.6
>> Reporter: Ian Boston
>> Assignee: Ian Boston
>> Fix For: JCR Jackrabbit Server 2.0.6
>>
>>
>> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
>> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
>> same is true for Anon/Guest users, although less important.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
[jira] Commented: (SLING-1282) Adminisrative logins depend on
password in the code or config
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12804293#action_12804293 ]
Felix Meschberger commented on SLING-1282:
------------------------------------------
Commented the password properties that they are not used in the embedded Jackrabbit Repository bundle in Rev. 902634 and in Rev. 902635 set the passwords to a dummy value in the generated default configuration.
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to have a password. Although this is a configuration parameter changing the admin password creates some JVM timing difficulties especially when operating in a cluster. (JVMs would probably need to be restarted with new config immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to the repository (eg public final class AdministrativeCredentials implements Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.