[ https://issues.apache.org/jira/browse/FELIX-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger updated FELIX-2639: ------------------------------------- Attachment: WebConsoleSecurityProvider2.patch Attaching patch with the new WebConsoleSecurityProvider2 interface along with a refactoring of the call mechanism (moving HTTP Basic decoding support from the HttpContext.handleSecurity method to the SecurityProviderProxy class). > Improve Security Provider support > --------------------------------- > > Key: FELIX-2639 > URL: https://issues.apache.org/jira/browse/FELIX-2639 > Project: Felix > Issue Type: Improvement > Components: Web Console > Affects Versions: webconsole-3.1.2 > Reporter: Felix Meschberger > Fix For: webconsole-3.1.4 > > Attachments: WebConsoleSecurityProvider2.patch > > > Since Web Console 3.x authentication ot the web console can be externally > supported with a WebConsoleSecurityProvider service. > This service provides an authenticate method taking a user name and password > and returning any non-null object on success. The consequence of this simple > interface is, that this only supports HTTP Basic authentication. > If one wants to support other credential transports, e.g. Sling's Form Based > Authentication, this simple interface won't help. > I propose to created a new WebConsoleSecurityProvider2 interface extending > WebConsoleSecurityProvider and defining a new method > authenticate(HttpServletRequest, HttpServletResponse) returning a boolean > indicating success or failure. This method will directly be called from the > HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method > and has to take care to properly implement authentication including setting > the request attributes required by the OSGi Http Service Spec. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.