[
https://issues.apache.org/jira/browse/FELIX-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger resolved FELIX-2639.
--------------------------------------
Resolution: Fixed
Assignee: Felix Meschberger
Added the new WebConsoleSecurityProvider2 interface in Rev. 1022015.
In extension to the patch, I merged the former SecurityProvider proxy (inner
class in OsgiManager) into the OSGiManagerHttpContext and improved JavaDoc on
the WebConsoleSecurityProvider interface.
In addtion the user object returned from the
WebConsoleSecurityProvider.authenticate method is now placed as a request
attribute (org.apache.felix.webconsole.user) and the new
WebConsoleSecurityProvider2.authenticate method is expected to also set this
request attribute (in addition to the request attributes required by the OSGi
HttpContext specification) on sucessful authentication.
The value of the org.apache.felix.webconsole.user request is subsequently used
to provide the WebConsoleSecurityProvider.authorize method with the user
object. Note, though, that calling this method is not implemented yet.
> Improve Security Provider support
> ---------------------------------
>
> Key: FELIX-2639
> URL: https://issues.apache.org/jira/browse/FELIX-2639
> Project: Felix
> Issue Type: Improvement
> Components: Web Console
> Affects Versions: webconsole-3.1.2
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: webconsole-3.1.4
>
> Attachments: WebConsoleSecurityProvider2.patch
>
>
> Since Web Console 3.x authentication ot the web console can be externally
> supported with a WebConsoleSecurityProvider service.
> This service provides an authenticate method taking a user name and password
> and returning any non-null object on success. The consequence of this simple
> interface is, that this only supports HTTP Basic authentication.
> If one wants to support other credential transports, e.g. Sling's Form Based
> Authentication, this simple interface won't help.
> I propose to created a new WebConsoleSecurityProvider2 interface extending
> WebConsoleSecurityProvider and defining a new method
> authenticate(HttpServletRequest, HttpServletResponse) returning a boolean
> indicating success or failure. This method will directly be called from the
> HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method
> and has to take care to properly implement authentication including setting
> the request attributes required by the OSGi Http Service Spec.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
