[issues] Commented: (PAXWEB-54) OSGi TCK test failure: Verification of authentication under handleSecurity()

Mon, 10 Dec 2007 03:03:36 -0800 

    [ 
http://issues.ops4j.org/jira/browse/PAXWEB-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_10959
 ] 

Stuart McCulloch commented on PAXWEB-54:
----------------------------------------

From the R4 compendium spec, section 102.7, page 26:

"• AUTHENTICATION_TYPE - Specifies the scheme used in authentica-
  tion. A Servlet may retrieve the value of this attribute by calling the
  HttpServletRequest.getAuthType method. This attribute name is
  org.osgi.service.http.authentication.type.
• REMOTE_USER - Specifies the name of the authenticated user. A Serv-
  let may retrieve the value of this attribute by calling the
  HttpServletRequest.getRemoteUser method. This attribute name is
  org.osgi.service.http.authentication.remote.user.
• AUTHORIZATION - If a User Admin service is available in the environ-
  ment, then the handleSecurity method should set this attribute with
  the Authorization object obtained from the User Admin service. Such
  an object encapsulates the authentication of its remote user. A Servlet
  may retrieve the value of this attribute by calling
  ServletRequest.getAttribute(HttpContext.AUTHORIZATION). This
  header name is org.osgi.service.useradmin.authorization."

which means the HTTP service implementation needs to somehow push the 
REMOTE_USER and AUTHENTICATION_TYPE attributes into the request passed onto the 
actual servlet - one way would be to wrap the original request in an anonymous 
wrapper class that overrides those two methods to return the values provided by 
the handleSecurity method.

> OSGi TCK test failure: Verification of authentication under handleSecurity()
> ----------------------------------------------------------------------------
>
>                 Key: PAXWEB-54
>                 URL: http://issues.ops4j.org/jira/browse/PAXWEB-54
>             Project: Pax Web
>          Issue Type: Bug
>    Affects Versions: 0.2.1
>            Reporter: Stuart McCulloch
>            Assignee: Alin Dreghiciu
>             Fix For: 0.2.2
>
>
> expects: Remote User is unknown user, Authentication Type is Basic
> but gets: Remote User is null, Authentication Type is null

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.ops4j.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

_______________________________________________
general mailing list
general@lists.ops4j.org
http://lists.ops4j.org/mailman/listinfo/general

Reply via email to