[jira] [Commented] (TOMEE-1974) Allow TomEE ejbd HTTP Servlet to be protected by basic auth

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TOMEE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16074563#comment-16074563
 ] 

ASF GitHub Bot commented on TOMEE-1974:
---------------------------------------

GitHub user jgallimore opened a pull request:

    https://github.com/apache/tomee/pull/85

    TOMEE-1974- basic authentication

    This was originally merged here 
https://git1-us-west.apache.org/repos/asf?p=tomee.git;a=tree;hb=e0397f49, and 
subsequently lost in the revert of 05 Dec 2016 
(http://tomee-openejb.979440.n4.nabble.com/Commit-deletion-td4680672.html). Is 
there some potential to restore this lost set of commits?

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jgallimore/tomee auth-fixes

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tomee/pull/85.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #85
    
----
commit 2998e4adc9bd376a97bd9f7f121d18ba574f462c
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-10-10T21:27:33Z

    make client security a thread local based object

commit 819b00bcecfaa5f130e7475f0129f5c39dec2d7e
Author: Jonathan Gallimore <j...@jrg.me.uk>
Date:   2016-10-11T00:12:46Z

    Revert "make client security a thread local based object"
    
    This reverts commit 2998e4adc9bd376a97bd9f7f121d18ba574f462c.

commit 57a4dec342df40d448b422dee6a3698af57c69c7
Author: Jonathan Gallimore <jgallim...@tomitribe.com>
Date:   2016-11-01T21:27:17Z

    Adding Http Authentication - thanks @exabrial

commit ca5545a89ad92a8e684f133aeb95890ed02167b9
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T20:20:01Z

    cannot figure out this damned "Undefined realm:tomee:tomee:Undefined" issue

commit 3fa5d9167a5c83b624b8f1e84eabc5ee68f9de6a
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T20:44:59Z

    reset to previous state

commit 61b355a67ba2f3ea89c41d3fd476d77a5ec99191
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T20:46:42Z

    recommit files for cleaner diff

commit 6e60951c1aa2a8642e7f59d5c7de7cee1b349193
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T20:54:57Z

    cleanup diff noise

commit 68c0e0d83b9cb3ed43790aece03d9fcc650ba6d2
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T20:57:06Z

    cleanup more diff noise

commit 7b41ae54c69cb3bbf7dd5abb77ba53a47940cd61
Author: Jonathan S. Fisher <jfis...@tomitribe.com>
Date:   2016-11-04T21:38:43Z

    feedback per romain, have the user set this by creating a tomee web app 
instead

commit 3d2b24512e24c1a8aef6c2763f08a33d73bf446d
Author: Jonathan Gallimore <jgallimore@jons-macbook-pro.local>
Date:   2016-11-07T00:27:45Z

    Add test for authorization header usage. Fix bug where username being used 
instead of credential

commit eddd711583851db8585b29a27833f3b2f4d9a797
Author: Jonathan Gallimore <jgallimore@jons-macbook-pro.local>
Date:   2016-11-07T00:37:53Z

    Removing unused method

commit e260aee125706eb383de789ff07f0f093a7b72bb
Author: Jonathan Gallimore <jgallimore@jons-macbook-pro.local>
Date:   2016-11-07T10:36:51Z

    A trial for how this might work

commit 62e0e314235b9545767c884211e5b014e0132228
Author: Jonathan S. Fisher <exabr...@gmail.com>
Date:   2016-11-07T14:23:59Z

    Merge pull request #1 from jgallimore/auth-fixes
    
    Add test for authorization header usage. Fix bug where username being…

commit 03e69634614db9c72a13dcab174864794f12c0d5
Author: Roberto Cortez <radcor...@yahoo.com>
Date:   2016-11-17T00:20:51Z

    Cleanup and reverted changes for Authentication Header implementation with 
the least amount of code changes.

commit 2663c6f510cac3a3e8baeed95051a3f022c8fdf0
Author: Roberto Cortez <radcor...@yahoo.com>
Date:   2016-11-17T01:03:49Z

    Added properties to check Authentication Basic credentials.

commit e0397f495e711f5f95dbb8dba5986fbeb7feea5a
Author: Roberto Cortez <radcor...@yahoo.com>
Date:   2016-11-17T01:43:35Z

    Added more tests to check EJB Remote http Basic Authentication.

commit 8e17d4f3dd1823404bdb8ecdd4707095ab7142fc
Author: Jonathan Gallimore <j...@jrg.me.uk>
Date:   2017-07-05T10:40:10Z

    Merge branch 'tomee-1.7.x' into auth-fixes

----


> Allow TomEE ejbd HTTP Servlet to be protected by basic auth
> -----------------------------------------------------------
>
>                 Key: TOMEE-1974
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1974
>             Project: TomEE
>          Issue Type: New Feature
>          Components: TomEE Core Server
>    Affects Versions: 1.7.5
>            Reporter: Jonathan S Fisher
>            Priority: Minor
>
> TomEE offers ejbd over http. This is great for a number of reasons, but it 
> could go further by protecting the endpoint with http basic auth. This would 
> harden the server, and it would have prevented the bug involving 
> deserialization unknown classes, because authentication would have to happen 
> before the underlying protocol was deserialized.
> Pull request here: https://github.com/apache/tomee/pull/52



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)