The security part can be slit in two different goals imho; * pluggable user authentication mechanism * command based authorization for the authenticated user
The last one is much more optional, but it would mean defining roles / groups that the user needs to belong to for each shell command / ui tab / ui action, and make sure the authenticated user is authorized to perform such a command. On Wed, Jun 10, 2009 at 13:17, Felix Meschberger<[email protected]> wrote: > Hi, > > Guillaume Nodet schrieb: >> Another idea as the first step for security would be the >> authentication mechanism we discussed on another thread. >> Currently, the web console uses a ConfigAdmin to retrieve the username >> / password. This layer should be pluggable and allow the current >> mechanism, UserAdmin or JAAS to be plugged in somehow. > > That's in fact how I understood your first point ;-) > > Regards > Felix > >> >> On Wed, Jun 10, 2009 at 12:04, Guillaume Nodet<[email protected]> wrote: >>> Two ideas for the console: >>> * add some security to the console / shell (role based for a given >>> action / command) >>> * have a low level shell access from the console (using command line >>> as we already discussed) >>> I guess both are not simple problems to tackle, so not sure Marcin >>> availability will be enough. >>> If not, I'd be glad to try implementing the low level shell access >>> from the console. >>> >>> My thinking about that was to have a hidden feature as Hiram >>> demonstrated some time ago on his prototype. >>> Typing '~' in the console would bring up a popup and start a shell >>> with the credentials of the user that logged into the web console (not >>> sure how to retrieve those in a safe manner yet). Typing again the >>> same key would hide the popup. >>> >>> On Wed, Jun 10, 2009 at 09:37, Gert Vanthienen<[email protected]> >>> wrote: >>>> Guillaume, >>>> >>>> I created http://cwiki.apache.org/confluence/display/FELIX/GSoC+2009 >>>> to keep track of this. The current working schedule is at the top of >>>> the page, with the bits of information I'm aware of already filled in. >>>> >>>> I added the original schedule at the bottom, but because of our >>>> decision to leverage the Felix Web Console, most of the tasks in that >>>> schedule are no longer necessary. So if people have any suggestions >>>> for other work to fill in those gaps... >>>> >>>> Regards, >>>> >>>> Gert Vanthienen >>>> ------------------------ >>>> Open Source SOA: http://fusesource.com >>>> Blog: http://gertvanthienen.blogspot.com/ >>>> >>>> >>>> >>>> 2009/6/9 Guillaume Nodet <[email protected]>: >>>>> Yeah ! Keep up the good work. >>>>> Do you have a plan for the coming weeks / monthes. Maybe you could >>>>> create a wiki page somewhere or maybe even an email so we can get see >>>>> what you plan to work on and maybe give some input / discuss things ? >>>>> >>>>> On Mon, Jun 8, 2009 at 23:32, Marcin Wilkos<[email protected]> >>>>> wrote: >>>>>> Hi, >>>>>> I'm Marcin Wilkos. Like Gert Vanthienen wrote before I'm working on >>>>>> webconsole for Karaf and ServiceMix as GSoC project. I'll be sending >>>>>> weekly >>>>>> reports to this list. >>>>>> In last week I focused on first extension for felix web console, which >>>>>> lists >>>>>> Karaf features. I created JIRA issue for this and uploaded a patch. Gert >>>>>> checked it and uploaded to svn. >>>>>> Regards, >>>>>> Marcin Wilkos >>>>>> >>>>> >>>>> >>>>> -- >>>>> Cheers, >>>>> Guillaume Nodet >>>>> ------------------------ >>>>> Blog: http://gnodet.blogspot.com/ >>>>> ------------------------ >>>>> Open Source SOA >>>>> http://fusesource.com >>>>> >>> >>> >>> -- >>> Cheers, >>> Guillaume Nodet >>> ------------------------ >>> Blog: http://gnodet.blogspot.com/ >>> ------------------------ >>> Open Source SOA >>> http://fusesource.com >>> >> >> >> > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
