[jira] [Commented] (FELIX-6390) Refactor the default authentication mechanism of the webconsole to be a WebConsoleSecurityProvider2

["Eric Norman (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/FELIX-6390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17302678#comment-17302678 ] 

Eric Norman commented on FELIX-6390:
------------------------------------

In the interest of moving forward, would it be possible to get a review and ruling on this proposal?

> Refactor the default authentication mechanism of the webconsole to be a WebConsoleSecurityProvider2
> ---------------------------------------------------------------------------------------------------
>
>                 Key: FELIX-6390
>                 URL: https://issues.apache.org/jira/browse/FELIX-6390
>             Project: Felix
>          Issue Type: Improvement
>          Components: Web Console
>            Reporter: Eric Norman
>            Priority: Major
>             Fix For: webconsole-4.6.2
>
>
> To assist resolving SLING-10147 it would helpful if we could reasonably rely on there always being at least one WebConsoleSecurityProvider service available.
> The use case is that a webconsole plugin needs to make http requests outside of the OsgiManager servlet to retrieve some information to display in the plugin UI.   The goal is that the security checking of that other endpoint would perform the same security checks that would be needed to access the webconsole itself.  Reusing the WebConsoleSecurityProvider service in both places would be ideal.
> To make that the case, the proposal is to refactor the default "basic" authentication mechanism of the webconsole into a {{WebConsoleSecurityProvider}} class and expose it as a service.  A very low service.ranking of this last resort security provider should ensure that any other WebConsoleSecurityProvider component that exists would be used instead. 
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)