[
https://issues.apache.org/jira/browse/FELIX-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated FELIX-2639:
-------------------------------------
Attachment: WebConsoleSecurityProvider2.patch
Attaching patch with the new WebConsoleSecurityProvider2 interface along with a
refactoring of the call mechanism (moving HTTP Basic decoding support from the
HttpContext.handleSecurity method to the SecurityProviderProxy class).
> Improve Security Provider support
> ---------------------------------
>
> Key: FELIX-2639
> URL: https://issues.apache.org/jira/browse/FELIX-2639
> Project: Felix
> Issue Type: Improvement
> Components: Web Console
> Affects Versions: webconsole-3.1.2
> Reporter: Felix Meschberger
> Fix For: webconsole-3.1.4
>
> Attachments: WebConsoleSecurityProvider2.patch
>
>
> Since Web Console 3.x authentication ot the web console can be externally
> supported with a WebConsoleSecurityProvider service.
> This service provides an authenticate method taking a user name and password
> and returning any non-null object on success. The consequence of this simple
> interface is, that this only supports HTTP Basic authentication.
> If one wants to support other credential transports, e.g. Sling's Form Based
> Authentication, this simple interface won't help.
> I propose to created a new WebConsoleSecurityProvider2 interface extending
> WebConsoleSecurityProvider and defining a new method
> authenticate(HttpServletRequest, HttpServletResponse) returning a boolean
> indicating success or failure. This method will directly be called from the
> HttpContext.handledSecurity(HttpServletRequest, HttpServletResponse) method
> and has to take care to properly implement authentication including setting
> the request attributes required by the OSGi Http Service Spec.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
