Sort of. What I've done is to remove the authentication from the Web Console (by clearing out the username property via ConfigAdmin) and used a Servlet Filter (initially via my own Filter proxy and now with the Felix HttpService's Filter whiteboard function). In my case, I am using Spring Security, but there's nothing Spring Security-specific to this mode. I didn't even look at replacing the authentication/security process within the Web Console because I was looking to provide authentication across an entire web application, of which the Web Console is but one secured path segment. One thing to watch out for - if you do this and the bundle containing the Filter isn't started for some reason, the web console is unsecured. As such, what I did was have a little bootstrap class which unsets the Web Console password when the Filter service is registered and resets it when the Filter service is unregistered. There are probably other ways to handle this scenario. Justin
________________________________ From: Stefan Seifert [mailto:[email protected]] Sent: Thu 10/15/2009 1:03 PM To: '[email protected]' Subject: trusted header authentication for felix web console? according to current web console docs http://felix.apache.org/site/apache-felix-web-console.html#ApacheFelixWebConsole-Security only basic authentication is supported. we need to use a trusted header authentication in our infrastructure with an SSO server. is this possible, anyone done this already? stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
