You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/10/06 16:40:34 UTC

[jira] Updated: (FELIX-2639) Improve Security Provider support

     [ https://issues.apache.org/jira/browse/FELIX-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger updated FELIX-2639:
-------------------------------------

    Attachment: WebConsoleSecurityProvider2.patch

Attaching patch with the new WebConsoleSecurityProvider2 interface along with a refactoring of the call mechanism (moving HTTP Basic decoding support from the HttpContext.handleSecurity method to the SecurityProviderProxy class).

> Improve Security Provider support
> ---------------------------------
>
>                 Key: FELIX-2639
>                 URL: https://issues.apache.org/jira/browse/FELIX-2639
>             Project: Felix
>          Issue Type: Improvement
>          Components: Web Console
>    Affects Versions: webconsole-3.1.2
>            Reporter: Felix Meschberger
>             Fix For: webconsole-3.1.4
>
>         Attachments: WebConsoleSecurityProvider2.patch
>
>
> Since Web Console 3.x authentication ot the web console can be externally supported with a WebConsoleSecurityProvider service.
> This service provides an authenticate method taking a user name and password and returning any non-null object on success. The consequence of this simple interface is, that this only supports HTTP Basic authentication.
> If one wants to support other credential transports, e.g. Sling's Form Based Authentication, this simple interface won't help.
> I propose to created a new WebConsoleSecurityProvider2 interface extending WebConsoleSecurityProvider and defining a new method authenticate(HttpServletRequest, HttpServletResponse) returning a boolean  indicating success or failure. This method will directly be called from the HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method and has to take care to properly implement authentication including setting the request attributes required by the OSGi Http Service Spec.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.