[
https://issues.apache.org/jira/browse/FELIX-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975589#action_12975589
]
Tamas Cserveny commented on FELIX-2751:
---------------------------------------
Hi Rob,
I always have the feeling that the OSGi compendium service spec is a "clean
room" specification, slightly off reality.
Don't get me wrong, I like them very much, this is why I also think, that it is
not fair to expect from developers that they implement very basic security
features. (Basic, Digest auth, maybe usage of User Admin) They should be
provided somehow. (Same goes for Log Service)
Maybe you are right, this could be a JIRA-thing. Maybe this could be a separate
bundle or just a util somewhere.
... or even "the jboss way ;-)": this issue hangs here forever and people will
just use the attachment as is.
Cheers,
Tamas
> HttpContext implementation which supports BASIC auth.
> -----------------------------------------------------
>
> Key: FELIX-2751
> URL: https://issues.apache.org/jira/browse/FELIX-2751
> Project: Felix
> Issue Type: Improvement
> Components: HTTP Service
> Reporter: Tamas Cserveny
> Attachments: AuthHttpContext.java, BasicAuthHttpContext.java
>
>
> I've tried to implement the basic authentication scheme for a servlet in my
> project. It was obvious, that I'll need to use HttpContext for that, but I
> felt that something like the basic auth or digest should be included in the
> system by default.
> I did not found anything on the net about an OSGi HttpContext implementing
> BasicAuth so I created a very basic one. The only thing it supports is
> authentication against a static list of users.
> You'll need to extend it and read the users from somewhere. It may need lot
> of polishing as currently the users are stored in a map inside the context,
> but should be extracted to some kind of Realm object and let the
> authentication/authorization be done there. But this would have been an
> overkill for my purpose.
> Example:
> @Component
> @Service
> @Property(name="contextId", value="VIRIF")
> public class VIRHttpContext extends BasicAuthHttpContext {
> public VIRHttpContext() {
> super( "VIRIF" );
> loadUserAndPassword( );
> }
> ...
> }
> and then annotate the servlet:
> @Component
> @Service
> @Properties({
> @Property(name = "alias", value = "/vir"),
> @Property(name = "contextId", value = "VIRIF")
> })
> public class SecuredCommandServlet extends HttpServlet {
> }
> ps. The examples uses the whiteboard bundle and the SCR maven plugin. The
> implementation uses commons lang and codec. Maybe they can be refactored out.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
