[jira] [Commented] (FELIX-4798) Support async servlets (filters)

2015-02-17 Thread Carsten Ziegeler (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324173#comment-14324173
 ] 

Carsten Ziegeler commented on FELIX-4798:
-

I guess the easiest way is to register the dispatcher servlet as an async 
servlet and then wrap within the dispatcher servlet the APi to only allow async 
operations to servlets and filters indicating this through the whiteboard 
property

 Support async servlets (filters)
 

 Key: FELIX-4798
 URL: https://issues.apache.org/jira/browse/FELIX-4798
 Project: Felix
  Issue Type: Task
  Components: HTTP Service
Reporter: Carsten Ziegeler
 Fix For: http-next






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (FELIX-4797) Enable client certificate requesting without verifying the certificates

2015-02-17 Thread J.W. Janssen (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324208#comment-14324208
 ] 

J.W. Janssen commented on FELIX-4797:
-

[~pascal.mainini]: not sure what you are trying to solve exactly here: by 
simply trusting *any* certificate that the client provides without any 
validation, you basically are very much susceptible to MitM attacks, not?

 Enable client certificate requesting without verifying the certificates
 ---

 Key: FELIX-4797
 URL: https://issues.apache.org/jira/browse/FELIX-4797
 Project: Felix
  Issue Type: Improvement
  Components: HTTP Service
Reporter: Pascal Mainini
Priority: Minor
  Labels: patch
 Attachments: 
 0001-Patch-enabling-client-certificate-authentication-wit.patch


 This is a patch enabling requesting client certificate authentication without 
 further validation of the certificates provided by the client. Rationale:
 Enabling requests of client certificates by setting 
 org.apache.felix.https.clientcertificate to wants or needs requests a 
 client-certificate from any connecting client. Depending on the value set, 
 this is either an optional or mandatory step to be fulfilled by the client in 
 order to have it's HTTP-request further processed. 
 The client-certificate obtained is validated against either the 
 CA-certificates found in the truststore or - if none given - by the server's 
 certificate itself.
 For some usecases, this validation is unsuitable or not possible at all, 
 namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) 
 authorization processed by a servlet within the container. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (FELIX-4798) Support async servlets (filters)

2015-02-17 Thread J.W. Janssen (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324193#comment-14324193
 ] 

J.W. Janssen commented on FELIX-4798:
-

[~cziegeler]: IIRC, there is already support for async servlets in the current 
HTTP service. What does this issue need to solve in addition to that?

 Support async servlets (filters)
 

 Key: FELIX-4798
 URL: https://issues.apache.org/jira/browse/FELIX-4798
 Project: Felix
  Issue Type: Task
  Components: HTTP Service
Reporter: Carsten Ziegeler
 Fix For: http-next






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (FELIX-4797) Enable client certificate requesting without verifying the certificates

2015-02-17 Thread Pascal Mainini (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324253#comment-14324253
 ] 

Pascal Mainini commented on FELIX-4797:
---

In general, of course you are right. However for specific usecases (like the 
WebID-style authentication as explained in the description of the issue), the 
certificate is only used for conveying additional data which is then used for 
authentication. The idea here is that a user generates a self-signed 
certificate with specific extensions pointing to the authentication data. Due 
to the fact that self-signed certificates are used (and are used on purpose), a 
validation of the client certificate will fail in any case. Without having the 
possibility to disable this validation in Felix/Jetty, it is not possible to 
write applications which read this additional information out of the 
certificate and process them further. I hope this clarifies things a bit, I can 
provide deeper explanations if needed.

 Enable client certificate requesting without verifying the certificates
 ---

 Key: FELIX-4797
 URL: https://issues.apache.org/jira/browse/FELIX-4797
 Project: Felix
  Issue Type: Improvement
  Components: HTTP Service
Reporter: Pascal Mainini
Priority: Minor
  Labels: patch
 Attachments: 
 0001-Patch-enabling-client-certificate-authentication-wit.patch


 This is a patch enabling requesting client certificate authentication without 
 further validation of the certificates provided by the client. Rationale:
 Enabling requests of client certificates by setting 
 org.apache.felix.https.clientcertificate to wants or needs requests a 
 client-certificate from any connecting client. Depending on the value set, 
 this is either an optional or mandatory step to be fulfilled by the client in 
 order to have it's HTTP-request further processed. 
 The client-certificate obtained is validated against either the 
 CA-certificates found in the truststore or - if none given - by the server's 
 certificate itself.
 For some usecases, this validation is unsuitable or not possible at all, 
 namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) 
 authorization processed by a servlet within the container. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (FELIX-4798) Support async servlets (filters)

2015-02-17 Thread J.W. Janssen (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324191#comment-14324191
 ] 

J.W. Janssen commented on FELIX-4798:
-

[~cziegeler]: IIRC, there is already support for async servlets in the current 
HTTP service. What does this issue need to solve in addition to that?

 Support async servlets (filters)
 

 Key: FELIX-4798
 URL: https://issues.apache.org/jira/browse/FELIX-4798
 Project: Felix
  Issue Type: Task
  Components: HTTP Service
Reporter: Carsten Ziegeler
 Fix For: http-next






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Created] (FELIX-4799) Support for multiple factory designates in single MetaType file

2015-02-17 Thread J.W. Janssen (JIRA)
J.W. Janssen created FELIX-4799:
---

 Summary: Support for multiple factory designates in single 
MetaType file
 Key: FELIX-4799
 URL: https://issues.apache.org/jira/browse/FELIX-4799
 Project: Felix
  Issue Type: Bug
  Components: Metatype Service
Reporter: J.W. Janssen
Assignee: J.W. Janssen
 Fix For: metatype-1.0.12


A MetaType file can contain multiple designates for both non-factory and 
factory PIDs. The {{MetaData}} object returned by {{MetaDataReader}} returns a 
map of all designates found in the file, using the (factory) PID as key. In 
case multiple designates exist for the same factory PID, obviously only one is 
returned.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Created] (FELIX-4798) Support async servlets (filters)

2015-02-17 Thread Carsten Ziegeler (JIRA)
Carsten Ziegeler created FELIX-4798:
---

 Summary: Support async servlets (filters)
 Key: FELIX-4798
 URL: https://issues.apache.org/jira/browse/FELIX-4798
 Project: Felix
  Issue Type: Task
  Components: HTTP Service
Reporter: Carsten Ziegeler
 Fix For: http-next






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Issue Comment Deleted] (FELIX-4798) Support async servlets (filters)

2015-02-17 Thread J.W. Janssen (JIRA)

 [ 
https://issues.apache.org/jira/browse/FELIX-4798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

J.W. Janssen updated FELIX-4798:

Comment: was deleted

(was: [~cziegeler]: IIRC, there is already support for async servlets in the 
current HTTP service. What does this issue need to solve in addition to that?)

 Support async servlets (filters)
 

 Key: FELIX-4798
 URL: https://issues.apache.org/jira/browse/FELIX-4798
 Project: Felix
  Issue Type: Task
  Components: HTTP Service
Reporter: Carsten Ziegeler
 Fix For: http-next






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Commented] (FELIX-4800) Bundle search in /system/console/bundles produces 405

2015-02-17 Thread David Bosschaert (JIRA)

[ 
https://issues.apache.org/jira/browse/FELIX-4800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14324855#comment-14324855
 ] 

David Bosschaert commented on FELIX-4800:
-

I'm seeing that the 405 only happens in cases where the search produces 
nothing. In cases where the search has a result (a subset of bundles) these are 
correctly reported.

 Bundle search in /system/console/bundles produces 405
 -

 Key: FELIX-4800
 URL: https://issues.apache.org/jira/browse/FELIX-4800
 Project: Felix
  Issue Type: Bug
  Components: Web Console
Affects Versions: webconsole-4.2.4
Reporter: David Bosschaert

 Searching in the bundles list produces a 405. Enter any value in the bundle 
 search box and hit 'Apply Filter' and it will produce a 405 with as reason:
 HTTP method POST is not supported by this URL
 possibly related, when selecting 'Filter All' instead, I'm getting a 500 with 
 as message:
 Problem accessing /system/console/bundles/.json. Reason:
 Invalid LDAP filter specified



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


[jira] [Created] (FELIX-4800) Bundle search in /system/console/bundles produces 405

2015-02-17 Thread David Bosschaert (JIRA)
David Bosschaert created FELIX-4800:
---

 Summary: Bundle search in /system/console/bundles produces 405
 Key: FELIX-4800
 URL: https://issues.apache.org/jira/browse/FELIX-4800
 Project: Felix
  Issue Type: Bug
  Components: Web Console
Affects Versions: webconsole-4.2.4
Reporter: David Bosschaert


Searching in the bundles list produces a 405. Enter any value in the bundle 
search box and hit 'Apply Filter' and it will produce a 405 with as reason:

HTTP method POST is not supported by this URL

possibly related, when selecting 'Filter All' instead, I'm getting a 500 with 
as message:

Problem accessing /system/console/bundles/.json. Reason:
Invalid LDAP filter specified





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)