Improve Security Provider support
---------------------------------
Key: FELIX-2639
URL: https://issues.apache.org/jira/browse/FELIX-2639
Project: Felix
Issue Type: Improvement
Components: Web Console
Affects Versions: webconsole-3.1.2
Reporter: Felix Meschberger
Fix For: webconsole-3.1.4
Since Web Console 3.x authentication ot the web console can be externally
supported with a WebConsoleSecurityProvider service.
This service provides an authenticate method taking a user name and password
and returning any non-null object on success. The consequence of this simple
interface is, that this only supports HTTP Basic authentication.
If one wants to support other credential transports, e.g. Sling's Form Based
Authentication, this simple interface won't help.
I propose to created a new WebConsoleSecurityProvider2 interface extending
WebConsoleSecurityProvider and defining a new method
authenticate(HttpServletRequest, HttpServletResponse) returning a boolean
indicating success or failure. This method will directly be called from the
HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method and
has to take care to properly implement authentication including setting the
request attributes required by the OSGi Http Service Spec.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
