[
https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975572#action_12975572
]
Rob Walker commented on FELIX-2751:
-----------------------------------
My comment here would be whether such approaches, valid as they are, belong in
a standard implementation of the HttpService. This seems more like an extension
or application specific area. The OSGi HttpService provides the needed hooks to
handle security, which can be used with BASIC auth, or any of the other
flavours of HTTP auth - but it doesn't prescribe how they should be used.
Maybe it's just a JIRA classification thing - perhaps there's another
classification that would be more appropriate for this, but it doesn't seem
like an "open issue" with the HttpService to me.
- Rob
> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
> Key: FELIX-2751
> URL: https://issues.apache.org/jira/browse/FELIX-2751
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Tamas Cserveny
> Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my
> project. It was obvious, that I'll need to use HttpContext for that, but I
> felt that something like the basic auth or digest should be included in the
> system by default.
> I did not found anything on the net about an OSGi HttpContext implementing
> BasicAuth so I created a very basic one. The only thing it supports is
> authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot
> of polishing as currently the users are stored in a map inside the context,
> but should be extracted to some kind of Realm object and let the
> authentication/authorization be done there. But this would have been an
> overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
> public VIRHttpContext() {
> super( "VIRIF" );
> loadUserAndPassword( );
> }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
> @Property(name = "alias", value = "/vir"),
> @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The
> implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
