You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2011/08/02 15:49:27 UTC
[jira] [Created] (SLING-2167) Use Sling Authenticator
Use Sling Authenticator
-----------------------
Key: SLING-2167
URL: https://issues.apache.org/jira/browse/SLING-2167
Project: Sling
Issue Type: Improvement
Components: JCR
Affects Versions: JCR DavEx 1.0.0
Reporter: Carsten Ziegeler
Assignee: Carsten Ziegeler
Fix For: JCR DavEx 1.0.2
The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler reopened SLING-2167:
-------------------------------------
Justin was right of course - this change breaks the PostServletUpdateTest
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Tobias Bocanegra (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146674#comment-13146674 ]
Tobias Bocanegra commented on SLING-2167:
-----------------------------------------
> No I don't agree - davex might be used by applications running in the browser.
not really. davex is an extension to webdav, and i doubt that any application in the browser will use this. imo the sling authenticator should not be used at all, and the webdav servlet should handle authentication as before.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13078340#comment-13078340 ]
Justin Edelson commented on SLING-2167:
---------------------------------------
Sounds good. I must have misread the diff.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13082193#comment-13082193 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
Unfortunately yes. It seems that the cli client always first connects with an anonymous session and only afterwards I can logout/login with a valid user.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13080171#comment-13080171 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
Has anybody tried the standalone cli application? I can no longer connect to the repository using davex as it now redirects to our custom login page which is nothing the davex client can handle. I guess the behaviour is related to this change is it occured out of a sudden without us changing anything else.
If I exclude the /server path from the authenticator everything works fine.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13076304#comment-13076304 ]
Justin Edelson commented on SLING-2167:
---------------------------------------
My preference would be to use the SessionProvider interface. See SLING-1715 / JCR-2735.
WDYT?
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Justin Edelson <ju...@justinedelson.com>.
On Tue, Nov 8, 2011 at 4:03 PM, Tobias Bocanegra <tr...@adobe.com> wrote:
>
> On Nov 9, 2011, at 00:59 , Justin Edelson wrote:
>
>> It seems pretty clear that we need to allow anonymous access to the
>> DavEx servlet even if anonymous access is prohibited in the
>> Authenticator configuration. Created
>> https://issues.apache.org/jira/browse/SLING-2274 for that.
> thanks.
>
> i would even go so far and not use the sling authenticator at all, and just use the webdav servlet as is.
FWIW, the original reason this came up was because of the
AuthenticationInfoPostProcessor, which will not happen without using
Sling Authentication.
Justin
> regards, toby
>
>
>>
>> Justin
>>
>> On Tue, Nov 8, 2011 at 1:51 PM, Tobias Bocanegra <tr...@adobe.com> wrote:
>>> hi,
>>> it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
>>>
>>> missing-auth-mapping = "" [which is different from param missing]
>>>
>>> 1) user with full read access
>>> ------------------------------------------------------------------------
>>>
>>> GET
>>> http://localhost:8080/crx/server
>>>
>>> -> 200 : list of child resources (workspace resources)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default
>>>
>>> -> 200 : list of child resources (root node)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default/jcr:root
>>>
>>> -> 200 : serialization of root node
>>>
>>>
>>> 2) unauthenticated (where everyone has no read permission on /)
>>> ------------------------------------------------------------------------
>>>
>>> GET
>>> http://localhost:8080/crx/server
>>>
>>> -> 200 : list of child resources (workspace resources)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default
>>>
>>> -> 200 : list of child resources (empty in this case)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default/jcr:root
>>>
>>> -> 404 : due to the fact that anonymous/unauthenticated user
>>> has no read permission and with the missing-auth-config
>>> specified above preemtive auth is expected.
>>>
>>> regards, toby
>>>
>>> On Nov 8, 2011, at 22:30 , Felix Meschberger wrote:
>>>
>>>> Hi,
>>>>
>>>> If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
>>>>
>>>> I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
>>>>
>>>> WDYT ?
>>>>
>>>> Regards
>>>> Felix
>>>>
>>>> Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>>>>
>>>>>
>>>>> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>>>>
>>>>> Carsten Ziegeler reopened SLING-2167:
>>>>> -------------------------------------
>>>>>
>>>>>
>>>>> No I don't agree - davex might be used by applications running in the browser.
>>>>> In these cases the auth must be shared between the application which is provided by html and davex
>>>>>
>>>>>> Use Sling Authenticator
>>>>>> -----------------------
>>>>>>
>>>>>> Key: SLING-2167
>>>>>> URL: https://issues.apache.org/jira/browse/SLING-2167
>>>>>> Project: Sling
>>>>>> Issue Type: Improvement
>>>>>> Components: JCR
>>>>>> Affects Versions: JCR DavEx 1.0.0
>>>>>> Reporter: Carsten Ziegeler
>>>>>> Assignee: Carsten Ziegeler
>>>>>> Fix For: JCR DavEx 1.1.0
>>>>>>
>>>>>>
>>>>>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>>>>>
>>>>> --
>>>>> This message is automatically generated by JIRA.
>>>>> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
>>>>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>>>>
>>>>>
>>>>
>>>
>>>
>
>
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Felix Meschberger <fm...@adobe.com>.
Hi,
I think we are operating in the context of Sling and so we should use a single and consolidated authentication mechanism instead of spreading the mechanisms all over. This is what the Sling authenticator has been designed for after all.
Thus the "missing-auth-mapping" will not have any influence here.
So, the way to the solution really is SLING-2274 and ensuring the DavEx servlet URL space is never forcibly authenticated but once credentials are provided, those should be used.
Regards
Felix
Am 09.11.2011 um 01:03 schrieb Tobias Bocanegra:
>
> On Nov 9, 2011, at 00:59 , Justin Edelson wrote:
>
>> It seems pretty clear that we need to allow anonymous access to the
>> DavEx servlet even if anonymous access is prohibited in the
>> Authenticator configuration. Created
>> https://issues.apache.org/jira/browse/SLING-2274 for that.
> thanks.
>
> i would even go so far and not use the sling authenticator at all, and just use the webdav servlet as is.
> regards, toby
>
>
>>
>> Justin
>>
>> On Tue, Nov 8, 2011 at 1:51 PM, Tobias Bocanegra <tr...@adobe.com> wrote:
>>> hi,
>>> it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
>>>
>>> missing-auth-mapping = "" [which is different from param missing]
>>>
>>> 1) user with full read access
>>> ------------------------------------------------------------------------
>>>
>>> GET
>>> http://localhost:8080/crx/server
>>>
>>> -> 200 : list of child resources (workspace resources)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default
>>>
>>> -> 200 : list of child resources (root node)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default/jcr:root
>>>
>>> -> 200 : serialization of root node
>>>
>>>
>>> 2) unauthenticated (where everyone has no read permission on /)
>>> ------------------------------------------------------------------------
>>>
>>> GET
>>> http://localhost:8080/crx/server
>>>
>>> -> 200 : list of child resources (workspace resources)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default
>>>
>>> -> 200 : list of child resources (empty in this case)
>>>
>>> GET
>>> http://localhost:8080/crx/server/crx.default/jcr:root
>>>
>>> -> 404 : due to the fact that anonymous/unauthenticated user
>>> has no read permission and with the missing-auth-config
>>> specified above preemtive auth is expected.
>>>
>>> regards, toby
>>>
>>> On Nov 8, 2011, at 22:30 , Felix Meschberger wrote:
>>>
>>>> Hi,
>>>>
>>>> If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
>>>>
>>>> I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
>>>>
>>>> WDYT ?
>>>>
>>>> Regards
>>>> Felix
>>>>
>>>> Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>>>>
>>>>>
>>>>> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>>>>
>>>>> Carsten Ziegeler reopened SLING-2167:
>>>>> -------------------------------------
>>>>>
>>>>>
>>>>> No I don't agree - davex might be used by applications running in the browser.
>>>>> In these cases the auth must be shared between the application which is provided by html and davex
>>>>>
>>>>>> Use Sling Authenticator
>>>>>> -----------------------
>>>>>>
>>>>>> Key: SLING-2167
>>>>>> URL: https://issues.apache.org/jira/browse/SLING-2167
>>>>>> Project: Sling
>>>>>> Issue Type: Improvement
>>>>>> Components: JCR
>>>>>> Affects Versions: JCR DavEx 1.0.0
>>>>>> Reporter: Carsten Ziegeler
>>>>>> Assignee: Carsten Ziegeler
>>>>>> Fix For: JCR DavEx 1.1.0
>>>>>>
>>>>>>
>>>>>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>>>>>
>>>>> --
>>>>> This message is automatically generated by JIRA.
>>>>> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
>>>>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>>>>
>>>>>
>>>>
>>>
>>>
>
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Tobias Bocanegra <tr...@adobe.com>.
On Nov 9, 2011, at 00:59 , Justin Edelson wrote:
> It seems pretty clear that we need to allow anonymous access to the
> DavEx servlet even if anonymous access is prohibited in the
> Authenticator configuration. Created
> https://issues.apache.org/jira/browse/SLING-2274 for that.
thanks.
i would even go so far and not use the sling authenticator at all, and just use the webdav servlet as is.
regards, toby
>
> Justin
>
> On Tue, Nov 8, 2011 at 1:51 PM, Tobias Bocanegra <tr...@adobe.com> wrote:
>> hi,
>> it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
>>
>> missing-auth-mapping = "" [which is different from param missing]
>>
>> 1) user with full read access
>> ------------------------------------------------------------------------
>>
>> GET
>> http://localhost:8080/crx/server
>>
>> -> 200 : list of child resources (workspace resources)
>>
>> GET
>> http://localhost:8080/crx/server/crx.default
>>
>> -> 200 : list of child resources (root node)
>>
>> GET
>> http://localhost:8080/crx/server/crx.default/jcr:root
>>
>> -> 200 : serialization of root node
>>
>>
>> 2) unauthenticated (where everyone has no read permission on /)
>> ------------------------------------------------------------------------
>>
>> GET
>> http://localhost:8080/crx/server
>>
>> -> 200 : list of child resources (workspace resources)
>>
>> GET
>> http://localhost:8080/crx/server/crx.default
>>
>> -> 200 : list of child resources (empty in this case)
>>
>> GET
>> http://localhost:8080/crx/server/crx.default/jcr:root
>>
>> -> 404 : due to the fact that anonymous/unauthenticated user
>> has no read permission and with the missing-auth-config
>> specified above preemtive auth is expected.
>>
>> regards, toby
>>
>> On Nov 8, 2011, at 22:30 , Felix Meschberger wrote:
>>
>>> Hi,
>>>
>>> If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
>>>
>>> I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
>>>
>>> WDYT ?
>>>
>>> Regards
>>> Felix
>>>
>>> Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>>>
>>>>
>>>> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>>>
>>>> Carsten Ziegeler reopened SLING-2167:
>>>> -------------------------------------
>>>>
>>>>
>>>> No I don't agree - davex might be used by applications running in the browser.
>>>> In these cases the auth must be shared between the application which is provided by html and davex
>>>>
>>>>> Use Sling Authenticator
>>>>> -----------------------
>>>>>
>>>>> Key: SLING-2167
>>>>> URL: https://issues.apache.org/jira/browse/SLING-2167
>>>>> Project: Sling
>>>>> Issue Type: Improvement
>>>>> Components: JCR
>>>>> Affects Versions: JCR DavEx 1.0.0
>>>>> Reporter: Carsten Ziegeler
>>>>> Assignee: Carsten Ziegeler
>>>>> Fix For: JCR DavEx 1.1.0
>>>>>
>>>>>
>>>>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>>>>
>>>> --
>>>> This message is automatically generated by JIRA.
>>>> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
>>>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>>>
>>>>
>>>
>>
>>
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Justin Edelson <ju...@justinedelson.com>.
It seems pretty clear that we need to allow anonymous access to the
DavEx servlet even if anonymous access is prohibited in the
Authenticator configuration. Created
https://issues.apache.org/jira/browse/SLING-2274 for that.
Justin
On Tue, Nov 8, 2011 at 1:51 PM, Tobias Bocanegra <tr...@adobe.com> wrote:
> hi,
> it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
>
> missing-auth-mapping = "" [which is different from param missing]
>
> 1) user with full read access
> ------------------------------------------------------------------------
>
> GET
> http://localhost:8080/crx/server
>
> -> 200 : list of child resources (workspace resources)
>
> GET
> http://localhost:8080/crx/server/crx.default
>
> -> 200 : list of child resources (root node)
>
> GET
> http://localhost:8080/crx/server/crx.default/jcr:root
>
> -> 200 : serialization of root node
>
>
> 2) unauthenticated (where everyone has no read permission on /)
> ------------------------------------------------------------------------
>
> GET
> http://localhost:8080/crx/server
>
> -> 200 : list of child resources (workspace resources)
>
> GET
> http://localhost:8080/crx/server/crx.default
>
> -> 200 : list of child resources (empty in this case)
>
> GET
> http://localhost:8080/crx/server/crx.default/jcr:root
>
> -> 404 : due to the fact that anonymous/unauthenticated user
> has no read permission and with the missing-auth-config
> specified above preemtive auth is expected.
>
> regards, toby
>
> On Nov 8, 2011, at 22:30 , Felix Meschberger wrote:
>
>> Hi,
>>
>> If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
>>
>> I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
>>
>> WDYT ?
>>
>> Regards
>> Felix
>>
>> Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>>
>>>
>>> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>>
>>> Carsten Ziegeler reopened SLING-2167:
>>> -------------------------------------
>>>
>>>
>>> No I don't agree - davex might be used by applications running in the browser.
>>> In these cases the auth must be shared between the application which is provided by html and davex
>>>
>>>> Use Sling Authenticator
>>>> -----------------------
>>>>
>>>> Key: SLING-2167
>>>> URL: https://issues.apache.org/jira/browse/SLING-2167
>>>> Project: Sling
>>>> Issue Type: Improvement
>>>> Components: JCR
>>>> Affects Versions: JCR DavEx 1.0.0
>>>> Reporter: Carsten Ziegeler
>>>> Assignee: Carsten Ziegeler
>>>> Fix For: JCR DavEx 1.1.0
>>>>
>>>>
>>>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>>>
>>> --
>>> This message is automatically generated by JIRA.
>>> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
>>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>>
>>>
>>
>
>
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Tobias Bocanegra <tr...@adobe.com>.
hi,
it actually depends on the missing-auth-mapping, in the jackrabbit web app it worked like this:
missing-auth-mapping = "" [which is different from param missing]
1) user with full read access
------------------------------------------------------------------------
GET
http://localhost:8080/crx/server
-> 200 : list of child resources (workspace resources)
GET
http://localhost:8080/crx/server/crx.default
-> 200 : list of child resources (root node)
GET
http://localhost:8080/crx/server/crx.default/jcr:root
-> 200 : serialization of root node
2) unauthenticated (where everyone has no read permission on /)
------------------------------------------------------------------------
GET
http://localhost:8080/crx/server
-> 200 : list of child resources (workspace resources)
GET
http://localhost:8080/crx/server/crx.default
-> 200 : list of child resources (empty in this case)
GET
http://localhost:8080/crx/server/crx.default/jcr:root
-> 404 : due to the fact that anonymous/unauthenticated user
has no read permission and with the missing-auth-config
specified above preemtive auth is expected.
regards, toby
On Nov 8, 2011, at 22:30 , Felix Meschberger wrote:
> Hi,
>
> If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
>
> I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
>
> WDYT ?
>
> Regards
> Felix
>
> Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>
>>
>> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>>
>> Carsten Ziegeler reopened SLING-2167:
>> -------------------------------------
>>
>>
>> No I don't agree - davex might be used by applications running in the browser.
>> In these cases the auth must be shared between the application which is provided by html and davex
>>
>>> Use Sling Authenticator
>>> -----------------------
>>>
>>> Key: SLING-2167
>>> URL: https://issues.apache.org/jira/browse/SLING-2167
>>> Project: Sling
>>> Issue Type: Improvement
>>> Components: JCR
>>> Affects Versions: JCR DavEx 1.0.0
>>> Reporter: Carsten Ziegeler
>>> Assignee: Carsten Ziegeler
>>> Fix For: JCR DavEx 1.1.0
>>>
>>>
>>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>>
>> --
>> This message is automatically generated by JIRA.
>> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>
>>
>
Re: [jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by Felix Meschberger <fm...@adobe.com>.
Hi,
If I read the code correctly, it looks like out of the box the JackrabbitWebdavServerServlet does HTTP Basic authentication provided the client provides it but a 401/UNAUTHORIZED response is never sent. Thus authentication seems to be assumed "preemptive".
I think this case rolling back the SLING-2167 changes and thus not using the Sling authenticator might be an ok solution.
WDYT ?
Regards
Felix
Am 08.11.2011 um 20:39 schrieb Carsten Ziegeler (Reopened) (JIRA):
>
> [ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Carsten Ziegeler reopened SLING-2167:
> -------------------------------------
>
>
> No I don't agree - davex might be used by applications running in the browser.
> In these cases the auth must be shared between the application which is provided by html and davex
>
>> Use Sling Authenticator
>> -----------------------
>>
>> Key: SLING-2167
>> URL: https://issues.apache.org/jira/browse/SLING-2167
>> Project: Sling
>> Issue Type: Improvement
>> Components: JCR
>> Affects Versions: JCR DavEx 1.0.0
>> Reporter: Carsten Ziegeler
>> Assignee: Carsten Ziegeler
>> Fix For: JCR DavEx 1.1.0
>>
>>
>> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
[jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (Reopened) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler reopened SLING-2167:
-------------------------------------
No I don't agree - davex might be used by applications running in the browser.
In these cases the auth must be shared between the application which is provided by html and davex
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081768#comment-13081768 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
So you're connection to davex as anonymous?
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146807#comment-13146807 ]
Felix Meschberger commented on SLING-2167:
------------------------------------------
Reverted my change (forcing HTTP Basic) in Rev. 1199628. Sorry about that.
The better solution is:
* Still use Sling Authentication thus fully supporting all auth methods
* Ensure Authentication is not enforced, thus permitting anon access on the path to davex servlet
We can achieve this by registering a dummy service with at least sing.auth.requirements service property set such that the path to the davex servlet is allowed with anon access.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Felix Meschberger
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13082197#comment-13082197 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
Which client are you using?
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-2167.
--------------------------------------
Resolution: Fixed
Resolving this issue again. Ensuring anon accerss is handled in SLING-2274
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Felix Meschberger
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146698#comment-13146698 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
I know of applications using davex via ajax from within the browser - and the user is authenticated before using the sling authenticator. So we have to support this
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081662#comment-13081662 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
But is there then a way to get access to the repository with a davex client?
I think I don't get the point here: The davex support is protected by the sling authenticator however as soon as there is a custom login page (I guess 99% of all use cases), the davex client breaks unless the /server path is excluded from the authenticator. Then why to protect the davex servlet at all with the sling authenticator?
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Reopened) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reopened SLING-2167:
--------------------------------------
Assignee: Felix Meschberger (was: Carsten Ziegeler)
I think we should only support HTTP BASIC authentication with the DavEx access, which can be requested by adding:
request.setAttribute(AuthenticationHandler.REQUEST_LOGIN_PARAMETER,
"BASIC");
Before calling the Sling Authenticator. This also prevents any redirect to some other login form which a generic DavEx client is not able to handle anyway.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Felix Meschberger
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13080140#comment-13080140 ]
Justin Edelson commented on SLING-2167:
---------------------------------------
pretty sure this change broke the integration test testUpdatePropertyPrivilegesAndEvents(org.apache.sling.launchpad.webapp.integrationtest.servlets.post.PostServletUpdateTest)
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Justin Edelson (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146690#comment-13146690 ]
Justin Edelson commented on SLING-2167:
---------------------------------------
Felix - AFAICT, the change you made in r1199406 forces basic authentication even in the case of anonymous access, which I don't think is permitted. With that change, I *always* get a 401 response when requesting without credentials.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved SLING-2167.
-------------------------------------
Resolution: Fixed
Finally fixed this in revision 1157048
Davex might be using the session for a longer time than the current request, therefore we have to create a new session.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146505#comment-13146505 ]
Felix Meschberger commented on SLING-2167:
------------------------------------------
In this case we have to find out how to handle the two situations here: Force HTTP Basic for non-browsers and regular Sling authentication for browsers.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (SLING-2167) Use Sling Authenticator
Posted by "Justin Edelson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Edelson reopened SLING-2167:
-----------------------------------
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13078286#comment-13078286 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
Oh, didn't find SLING-1715 - the current solution uses the SessionProvider
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved SLING-2167.
-------------------------------------
Resolution: Fixed
The test errors are not directly caused by this change - I'll open a new bug for this
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13082204#comment-13082204 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
java -jar jackrabbit-standalone-2.2.7.jar --cli http://localhost:8080/server
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved SLING-2167.
-------------------------------------
Resolution: Fixed
I've committed a first version in revision 1153126
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081652#comment-13081652 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
@Markus : yes, I think that's the expected behaviour as now the Sling Authenticator is used
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13140062#comment-13140062 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
Update: It is not related to the disabled anonymous user. Even with an enabled anonymous user I can not get a read+write repository via davex. The only workaround is to add the /server url to the list of not authenticated URLs.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Markus Joschko (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138166#comment-13138166 ]
Markus Joschko commented on SLING-2167:
---------------------------------------
I even got more issues with the authenticator. With r1189896 the missing-auth-mapping was made configurable. However that mapping is completely ignored by the authenticator framework.
And as the davex client always connects without credentials to fetch the repository descriptors, I can not properly connect to the repository.
That might also be related to the fact, that I have disabled the anonymous user but even if that is the case, I still think the missing-auth-mapping should be obeyed as it was added for exact the situation where the client can not provide authentication information.
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-2167.
--------------------------------------
Resolution: Fixed
Assignee: Carsten Ziegeler (was: Felix Meschberger)
Added this line in Rev. 1199406 now forcing HTTP Basic authentication
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13146809#comment-13146809 ]
Felix Meschberger edited comment on SLING-2167 at 11/9/11 6:40 AM:
-------------------------------------------------------------------
Resolving this issue again. Ensuring anon access is handled in SLING-2274
was (Author: fmeschbe):
Resolving this issue again. Ensuring anon accerss is handled in SLING-2274
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Felix Meschberger
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2167) Use Sling Authenticator
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13084005#comment-13084005 ]
Carsten Ziegeler commented on SLING-2167:
-----------------------------------------
So far I've no clue what might go wrong, I debugged the SessionProvider#getSession method and compared the result with the default implementation. In all cases they return a session with the same user id and workspace. Both session objects are proxies, but the one returned by the default implementation works while the other doesn't
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (SLING-2167) Use Sling Authenticator
Posted by "Felix Meschberger (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reassigned SLING-2167:
----------------------------------------
Assignee: Felix Meschberger (was: Carsten Ziegeler)
> Use Sling Authenticator
> -----------------------
>
> Key: SLING-2167
> URL: https://issues.apache.org/jira/browse/SLING-2167
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR DavEx 1.0.0
> Reporter: Carsten Ziegeler
> Assignee: Felix Meschberger
> Fix For: JCR DavEx 1.1.0
>
>
> The davex support should use the SlingAuthenticator for better integration into the Sling authentication
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira