Hi all, I just committed a working proof of concept branch of fcrepo-504. As mentioned on the committers call, it tries to remove security configuration from web.xml and into Spring. The ultimate goal is to have fedora produce a generic war file without any custom, baked-in configuration (i.e all configuration occurs externally, through Spring or fedora.fcfg, or context parameters).
Take a look - I'd like your opinions. It builds and passes all tests for me with a 'mvn install'. Here are some details: The raw spring security configuration file is here: https://github.com/fcrepo/fcrepo/blob/fcrepo-504/fcrepo-installer/src/main/resources/config/spring/web/security.xml This is the "complex" or "possibly more correct" version that tries to make the Fedora's security behaviour match the documentation as far as resources considered management vs access. A config that emulates Fedora's current behaviour would be simpler, and is on the way. Due to what I consider a bug in the security namespace configuration, I couldn't use PropertyPlaceholderCondigurer to define the set of security filter beans. It would work for exactly one bean, but not multiple. So, the installer processing replaces ${security.auth.filters} with the appropriate text as part of the install process. Thus, if one wishes evaluate the spring security.xml file, it is probably easiest to just build and install fcrepo-504, and look in server/config/spring/web Other things to note: - Spring web application context is orthogonal to the context created by Server. - Spring web configuration is in FEDORA_HOME/server/config/spring/web - There is a baked-in applicationContext.xml within the war (which right now just sets up a ServletContextPropertyPlaceholderConfigurer), as well as a default security substitution properties file: https://github.com/fcrepo/fcrepo/blob/fcrepo-504/fcrepo-webapp/fcrepo-webapp-fedora/src/main/webapp/WEB-INF/applicationContext.xml https://github.com/fcrepo/fcrepo/blob/fcrepo-504/fcrepo-webapp/fcrepo-webapp-fedora/src/main/resources/default.properties Anything in these files can/will be overrided by external configuration. - Since the FEDORA_HOME value was taken out of web.xml, fedora needs context parameters defined by the servlet container. For Tomcat, the installer creates a '<webApplicationContext>.xml' property and places it at the proper location within Tomcat (e.g. TOMCAT_HOME/conf/Catalina/localhost/fedora.xml). The template used to generate this file is here: https://github.com/fcrepo/fcrepo/blob/fcrepo-504/fcrepo-installer/src/main/resources/context.xml I don't know the rules for OS-independent paths here, so right now '::' is substituted for path separator by the installer. Need to ask somebody to test in Windows Any suggestions, comments, etc would be quite helpful. I would say it is at a state where it would be trunk-worthy (err.. master-worthy) if it's basic design seems OK enough to someone else's eyes. Can folks a look and let me know what you think? -Aaron ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
