[ http://jira.codehaus.org/browse/MRM-242?page=comments#action_81774 ] Jesse McConnell commented on MRM-242: -------------------------------------
they are set in the session, just not sure if they are available to the security system in that proxy url or not...but anyway authn and authz are completely different operations and the webwork action or at least an interceptor on the stack would be way to go I think, with my meager knowledge of the problem domain here the way things are setup now, if you have a principal available and the user is authenticated then the authz operations would check the principals permission set based on some operation 'archiva-deploy-artifact' for instance, and then some resource, perhaps the groupId here, or the global * resource if it applies to the entire repo. if a permission matches the operation and resource up then its authz. the other approach is to grant those permissions to a role that the guest user has assigned, then it is available to anyone through the authz system. > Replace the proxy url of the Download link into the absolute url > ---------------------------------------------------------------- > > Key: MRM-242 > URL: http://jira.codehaus.org/browse/MRM-242 > Project: Archiva > Issue Type: Improvement > Components: web application > Environment: Linux FC4, JDK1.5, Maven2.0.4 > Reporter: Napoleon Esmundo C. Ramirez > Fix For: 1.0-beta-1 > > Attachments: MRM-242-archiva.patch > > > When browsing for artifacts in archiva, the Download link uses the proxy url. > Since the artifacts are cached into archiva's managed repositories, the > absolute url must be used at all times. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
