Eric Norman created FELIX-6390:
----------------------------------
Summary: Refactor the default authentication mechanism of the
webconsole to be a WebConsoleSecurityProvider2
Key: FELIX-6390
URL: https://issues.apache.org/jira/browse/FELIX-6390
Project: Felix
Issue Type: Improvement
Components: Web Console
Reporter: Eric Norman
Fix For: webconsole-4.6.2
To assist resolving SLING-10147 it would helpful if we could reasonably rely on
there always being at least one WebConsoleSecurityProvider service available.
The use case is that a webconsole plugin needs to make http requests outside of
the OsgiManager servlet to retrieve some information to display in the plugin
UI. The goal is that the security checking of that other endpoint would
perform the same security checks that would be needed to access the webconsole
itself. Reusing the WebConsoleSecurityProvider service in both places would be
ideal.
To make that the case, the proposal is to refactor the default "basic"
authentication mechanism of the webconsole into a
{{WebConsoleSecurityProvider}} class and expose it as a service. A very low
service.ranking of this last resort security provider should ensure that any
other WebConsoleSecurityProvider component that exists would be used instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
