[
https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877126#action_12877126
]
Felix Meschberger commented on FELIX-1764:
------------------------------------------
Thanks for doing this.
Is there a reason to use the checked GeneralSecurityException instead of the
unchecked SecurityException but throw SecurityException from the
SecurityProvider.authenticate method ?
On a similar account: Why throw UnsupportedOperationException from the
SecurityProvider.authorize method ? I would assume this default operation would
just authorize anything for backwards compatibility ?
> Add support for pluggable access control
> ----------------------------------------
>
> Key: FELIX-1764
> URL: https://issues.apache.org/jira/browse/FELIX-1764
> Project: Felix
> Issue Type: New Feature
> Components: Web Console
> Affects Versions: webconsole-2.0.0
> Reporter: Felix Meschberger
> Assignee: Guillaume Nodet
> Fix For: webconsole-3.0.2
>
>
> Currently the web console only support HTTP BASIC authentication with its own
> "user management". There is no way of supporting multiple users with varying
> access rights.
> Some applications already have infrastructure to authenticate users and/or to
> define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access
> control. The Web Console should be enhance to support this service API and
> fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
