Hello again, I have set up the authentication modifying:
- run-server/conf/org.apache.ace.http.context.cfg - run-server/conf/org.apache.ace.connectionfactory/auditlog.cfg - run-server/conf/org.apache.ace.connectionfactory/deployment.cfg - run-server/conf/org.apache.ace.connectionfactory/repository.cfg - run-client/conf/org.apache.ace.connectionfactory/auditlog.cfg - run-client/conf/org.apache.ace.connectionfactory/deployment.cfg - run-client/conf/org.apache.ace.connectionfactory/repository.cfg - run-target/target.bndrun The server, client and target work fine with d/f (I assume the system is using run-server/conf/org.apache.ace.server.repository.factory/ace-user.cfg). But I have still a couple of questions: - AceServletContextHelper is setting in the request scope the authenticated user object, and the RepositoryServletBase and the others are not using this info to validate the user has the proper roles. Could I simply there modify the methods doGet and doPost and check it? - GET /repository/checkout?customer=apache&name=user&version=1 is answering with the whole content of ace-users.cfg, should not be protected somehow? - Can I assume /repository/checkout and /repository/commit are only for "admins"? Many thanks again for your time! ____________________________________ Jorge Martin Cuervo email <[email protected]> voice 0032 489 336 802 voice 0034 660 026 384 skype jorgemartincuervo ____________________________________
