[
https://issues.apache.org/jira/browse/FELIX-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger closed FELIX-2639.
------------------------------------
Close after release
> Improve Security Provider support
> ---------------------------------
>
> Key: FELIX-2639
> URL: https://issues.apache.org/jira/browse/FELIX-2639
> Project: Felix
> Issue Type: Improvement
> Components: Web Console
> Affects Versions: webconsole-3.1.2
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: webconsole-3.1.6
>
> Attachments: WebConsoleSecurityProvider2.patch
>
>
> Since Web Console 3.x authentication ot the web console can be externally
> supported with a WebConsoleSecurityProvider service.
> This service provides an authenticate method taking a user name and password
> and returning any non-null object on success. The consequence of this simple
> interface is, that this only supports HTTP Basic authentication.
> If one wants to support other credential transports, e.g. Sling's Form Based
> Authentication, this simple interface won't help.
> I propose to created a new WebConsoleSecurityProvider2 interface extending
> WebConsoleSecurityProvider and defining a new method
> authenticate(HttpServletRequest, HttpServletResponse) returning a boolean
> indicating success or failure. This method will directly be called from the
> HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method
> and has to take care to properly implement authentication including setting
> the request attributes required by the OSGi Http Service Spec.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
