You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2009/10/16 08:20:31 UTC
[jira] Created: (FELIX-1764) Add support for pluggable access
control
Add support for pluggable access control
----------------------------------------
Key: FELIX-1764
URL: https://issues.apache.org/jira/browse/FELIX-1764
Project: Felix
Issue Type: New Feature
Components: Web Console
Affects Versions: webconsole-2.0.0
Reporter: Felix Meschberger
Fix For: webconsole-2.0.2
Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
[1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (FELIX-1764) Add support for pluggable access
control
Posted by "Guillaume Nodet (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guillaume Nodet reassigned FELIX-1764:
--------------------------------------
Assignee: Guillaume Nodet
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
> Assignee: Guillaume Nodet
>
> Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
> Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FELIX-1764) Add support for pluggable access
control
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877126#action_12877126 ]
Felix Meschberger commented on FELIX-1764:
------------------------------------------
Thanks for doing this.
Is there a reason to use the checked GeneralSecurityException instead of the unchecked SecurityException but throw SecurityException from the SecurityProvider.authenticate method ?
On a similar account: Why throw UnsupportedOperationException from the SecurityProvider.authorize method ? I would assume this default operation would just authorize anything for backwards compatibility ?
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
> Assignee: Guillaume Nodet
> Fix For: webconsole-3.0.2
>
>
> Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
> Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (FELIX-1764) Add support for pluggable access
control
Posted by "Guillaume Nodet (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Guillaume Nodet resolved FELIX-1764.
------------------------------------
Fix Version/s: webconsole-3.0.2
Resolution: Fixed
Committing to https://svn.apache.org/repos/asf/felix/trunk ...
A webconsole/src/main/java/org/apache/felix/webconsole/WebConsoleSecurityProvider.java
A webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/Base64.java
M webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java
M webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java
Committed r953043
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
> Assignee: Guillaume Nodet
> Fix For: webconsole-3.0.2
>
>
> Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
> Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (FELIX-1764) Add support for pluggable access
control
Posted by "Guillaume Nodet (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877173#action_12877173 ]
Guillaume Nodet commented on FELIX-1764:
----------------------------------------
My understanding is that SecurityException is mostly used by the java security manager when a user executes a piece of java code but does not have the required permissions. Application-level security such as JAAS usually use the GeneralSecurityException. The javadoc for SecurityException says: "Thrown by the security manager to indicate a security violation."
However, I'd have no probelm modifying the interface with something like:
{code}
public interface WebConsoleSecurityProvider {
/**
* Check if the user with the specified password exists and return an object identifying the user, else null
*/
public Object authenticate(String username, String password);
/**
* Check that the authenticated user has the given role permission
*/
public boolean authorize(Object user, String role);
}
{code}
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
> Assignee: Guillaume Nodet
> Fix For: webconsole-3.0.2
>
>
> Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
> Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FELIX-1764) Add support for pluggable access
control
Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated FELIX-1764:
-------------------------------------
Fix Version/s: (was: webconsole-2.0.2)
Descheduling, will be done for a later release.
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
>
> Currently the web console only support HTTP BASIC authentication with its own "user management". There is no way of supporting multiple users with varying access rights.
> Some applications already have infrastructure to authenticate users and/or to define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access control. The Web Console should be enhance to support this service API and fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.