Hi Lenya devs,
now that the Shibboleth branch has stabilized, I'd suggest that we merge
it back into the 1.2.x branch (or rather merge the changes from the
1.2.x branch into the Shibboleth branch and use this as the new 1.2.x
branch).
The advantages of the Shibboleth branch are:
* A TransientUser class which allows to authenticate and authorize users
which are not stored in the CMS. This is especially useful to integrate
Lenya in single sign-on environments.
* Attribute-based authorization. Groups can have rules to include users
based on their attributes. The attributes can be fetched from LDAP, a
Shibboleth IdP etc., based on the authenticator implementation.
* A Shibboleth authenticator. For more information, see [1].
* A nice side effect is that the Identity object is now serializable,
i.e. you can restart the servlet engine without losing sessions.
If you want more information: There is a Forrest-based documentation in
the SVN repository [2].
----
I have done a dry-run, there are some conflicts but IMO they should be
easy to resolve (see below).
The access control API has changed a little, but the migration should be
easy enough to justify keeping it in the 1.2.x branch.
The only disadvantage of the Shibboleth branch that I'm aware of is a
decreased performance of some access control operations. This is
significant in the AccessControlSitetreeTransformer, especially in large
publications. Until a patch is available, a temorary workaround is to
disable the transformer.
Are there any objections?
TIA!
[1] http://shibboleth.internet2.edu/
[2] https://svn.apache.org/repos/asf/lenya/branches/docu_shibboleth
-- Andreas
svn merge --dry-run -r575353:HEAD
https://svn.apache.org/repos/asf/lenya/branches/BRANCH_1_2_X .
C lenya.sh
U src/java/org/apache/lenya/xml/RelaxNG.java
U
src/java/org/apache/lenya/cms/cocoon/acting/RevisionControllerAction.java
U src/java/org/apache/lenya/cms/cocoon/acting/ReservedCheckinAction.java
U src/java/org/apache/lenya/cms/cocoon/acting/ReservedCheckoutAction.java
U
src/java/org/apache/lenya/cms/cocoon/acting/ReservedCheckoutTestAction.java
U
src/java/org/apache/lenya/cms/cocoon/acting/OneFormEditorSaveAction.java
U
src/java/org/apache/lenya/cms/cocoon/uriparameterizer/URIParameterizer.java
U
src/java/org/apache/lenya/cms/cocoon/uriparameterizer/URIParameterizerImpl.java
U src/java/org/apache/lenya/cms/publication/PageEnvelope.java
U src/webapp/lenya/resources-shared.xmap
A src/webapp/lenya/xslt/admin/cache
A src/webapp/lenya/xslt/admin/cache/cache.xsl
U src/webapp/lenya/xslt/authoring/asset.xsl
U src/webapp/lenya/xslt/authoring/edit/oneform.xsl
U src/webapp/lenya/xslt/authoring/asset-upload.xsl
U src/webapp/lenya/xslt/rc/rco-exception.xsl
U src/webapp/lenya/xslt/util/page2xhtml.xsl
U src/webapp/lenya/admin.xmap
U src/webapp/lenya/usecase.xmap
U src/webapp/lenya/pubs/default/parameter-doctype.xmap
U src/webapp/lenya/pubs/default/usecase-bxeng.xmap
U src/webapp/lenya/pubs/default/publication-sitemap.xmap
U src/webapp/lenya/content/rc/fileReservedCheckOutException.xsp
C src/webapp/lenya/content/admin/groups/group-admin.js
U src/webapp/lenya/content/admin/users/user-admin.js
A src/webapp/lenya/content/admin/cache
A src/webapp/lenya/content/admin/cache/cache.xsp
A src/webapp/lenya/content/admin/cache/cache.js
U src/webapp/lenya/content/admin/sitetree.xml
U src/webapp/lenya/resources/i18n/cmsui.xml
C src/webapp/lenya/resources/i18n/cmsui_de.xml
U src/webapp/lenya/usecases/kupu/usecase-kupu.xmap
U src/webapp/lenya/usecases/edit/usecase-edit.xmap
U src/webapp/lenya/usecases/1formedit/usecase-1formedit.xmap
U src/webapp/lenya/resources.xmap
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
