Author: cziegeler
Date: Wed Dec 11 02:29:05 2013
New Revision: 1550031
URL: http://svn.apache.org/r1550031
Log:
Update web console security provider docs
Modified:
sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
Modified:
sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
URL:
http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext?rev=1550031&r1=1550030&r2=1550031&view=diff
==============================================================================
---
sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
(original)
+++
sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
Wed Dec 11 02:29:05 2013
@@ -13,7 +13,7 @@ This bundle will attach as a fragment bu
## Security Provider (org.apache.sling.extensions.webconsolesecurityprovider)
-The Apache Sling Web Console Security Provider implements the Apache Felix Web
Console `WebConsoleSecurityProvider` interface authenticating Web Console users
against the JCR repository. Each username and password presented is used to
login to the JCR repository and to check the respective session.
+The Apache Sling Web Console Security Provider implements the Apache Felix Web
Console `WebConsoleSecurityProvider` and `WebConsoleSecurityProvider2`
interface for authenticating Web Console users against the JCR repository. Each
username and password presented is used to login to the JCR repository and to
check the respective session.
1. Ensure the username and password can be used to login to the default
workspace. If not, access is denied
1. If the username presented is one of the user names configured with the
`users` configuration property, access is granted.
@@ -23,11 +23,16 @@ Access is denied if the username and pas
### Configuration
-The Security Provider is configured with configuration with PID
`org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider`
supporting the following properties:
+The Security Provider is configured with the configuration PID
`org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider`
supporting the following properties:
| Property | Type | Default Value | Description
|--|--|--|
| `users` | `String`, `String[]` or `Vector<String>` | admin | The list of
users granted access to the Web Console |
| `groups`| `String`, `String[]` or `Vector<String>` | --- | The list of
groups whose (direct or indirect) members are granted access to the Web Console
|
-Note, that while the default value explicitly grants the *admin* user to
access the Web Console it is suggested that system administrators define a
special group and assign users with Web Console access to this group.
\ No newline at end of file
+Note, that while the default value explicitly grants the *admin* user to
access the Web Console it is suggested that system administrators define a
special group and assign users with Web Console access to this group.
+
+### Authentication Handling
+
+As long as the web console security provider bundle is not activate and has
not installed one of the above mentioned services, the default authentication
of the web console is used. Once the bundle is active and a JCR repository
service is available, the repository is used for authentication as explained
above. But still the login form of the web console is used which is usually
basic authentication.
+Once startup is finished and a Sling authentication service is available as
well, the security provider replaces the JCR repository based auth provider
with a Sling based auth provider. Both authenticate against the JCR repository,
however the Sling based one using Sling to render the login form. Therefore,
this provider is not registered until startup is finished
\ No newline at end of file
