OyvindLGjesdal opened a new pull request, #221: URL: https://github.com/apache/jena-site/pull/221
A colleague noticed when trying to set two users that both users could have access to endpoints, despite having different configurations. In this case there was a read and a write user. I turns out that authCBasic only checks if the user is authenticated or anonymous, even if we set a name inside `[]`. This is a PR that documents how to work around this limitation, by adding a group when creating a user, and using group as input for authCBasic. I've added tests that demonstrate the current behavior in https://github.com/apache/jena/compare/main...OyvindLGjesdal:jena:shiro (Not for PR currently, since the tests more demonstrate the current error) It would make sense to also update a companion Jena PR with updated shiros (default, and some tests) (e.g the shirio.ini files used for tests, and the default one), or to clarify by commenting, but I thought documentation was a good start. Also added one example using hashed passwords in the shiro file that kind of resolves #2617 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
