[jira] [Commented] (FELIX-4797) Enable client certificate requesting without verifying the certificates
[ https://issues.apache.org/jira/browse/FELIX-4797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14327223#comment-14327223 ] Reto Gmür commented on FELIX-4797: -- It would also be possible to allow injection of services doing the certificate validation, in this case one could provide a service that does the WebId validation or that accepts all certificates. The proposed delegates validation to the application. This is often an advantage, for example when one wants to give back detailed description of errors. Enable client certificate requesting without verifying the certificates --- Key: FELIX-4797 URL: https://issues.apache.org/jira/browse/FELIX-4797 Project: Felix Issue Type: Improvement Components: HTTP Service Reporter: Pascal Mainini Priority: Minor Labels: patch Attachments: 0001-Patch-enabling-client-certificate-authentication-wit.patch This is a patch enabling requesting client certificate authentication without further validation of the certificates provided by the client. Rationale: Enabling requests of client certificates by setting org.apache.felix.https.clientcertificate to wants or needs requests a client-certificate from any connecting client. Depending on the value set, this is either an optional or mandatory step to be fulfilled by the client in order to have it's HTTP-request further processed. The client-certificate obtained is validated against either the CA-certificates found in the truststore or - if none given - by the server's certificate itself. For some usecases, this validation is unsuitable or not possible at all, namely for supporting WebID-style (https://en.wikipedia.org/wiki/WebID) authorization processed by a servlet within the container. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-3006) Please create a logout button for the web console screen
[ https://issues.apache.org/jira/browse/FELIX-3006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14328657#comment-14328657 ] Valentin Valchev commented on FELIX-3006: - When you open /system/console/logout here what happens: 1. webconsole performs logout and request the browser to authenticate 2. the browser opens username/password dialog and asks the user to enter his credentials 3. then the browser sends a new request with basic authentication included to /system/console/logout 4.the the web console performs logout (step #1).. and this is an endless cycle In order to prevent the endless cycle, in step #4, the webconsole will redirect the user to the default plugin. To differentiate between step #1 and step #4, I use a session attribute. It is not available in step #1 and available in step #4. I couldn't figure it out how to fix the issue above, without a session. Please create a logout button for the web console screen Key: FELIX-3006 URL: https://issues.apache.org/jira/browse/FELIX-3006 Project: Felix Issue Type: Improvement Components: Web Console Reporter: Susan Javurek Attachments: FELIX-3006.diff, logout.diff Please add a log out button on the web console to avoid sessions and cookies being retained. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (FELIX-3006) Please create a logout button for the web console screen
[ https://issues.apache.org/jira/browse/FELIX-3006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14327672#comment-14327672 ] Carsten Ziegeler commented on FELIX-3006: - [~v_valchev] Thanks for tackling this. If I see your patch correctly, it now creates a session in all cases; which isn't required right now with basic out; or maybe I'm misreading the patch :) Please create a logout button for the web console screen Key: FELIX-3006 URL: https://issues.apache.org/jira/browse/FELIX-3006 Project: Felix Issue Type: Improvement Components: Web Console Reporter: Susan Javurek Attachments: FELIX-3006.diff, logout.diff Please add a log out button on the web console to avoid sessions and cookies being retained. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (FELIX-3006) Please create a logout button for the web console screen
[ https://issues.apache.org/jira/browse/FELIX-3006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Valentin Valchev updated FELIX-3006: Attachment: logout.diff Attached logout.diff Here are the changes in brief: - added new WebConsoleSecurityProvider3 that has logout() method. The reason for that is, if the user provides a login() mechanism, they know better how to logout. So if this provider is available, it is completely responsible for performing the logout. - as fail-back if the default basic authentication is used, the webconsole will send again WWW-Authenticate header, so the user has to enter it's credentials once again. - the logout procedure will also remove some OSGi Web Console attributes, used to identity the current user - it will also prevent the user from looping over and over to the logout url - a new logout button integrates with the top menu bar (the categories) [~fmeschbe], [~cziegeler], please, can you review the patch so we can finally close that issue after 4 years ;) Please create a logout button for the web console screen Key: FELIX-3006 URL: https://issues.apache.org/jira/browse/FELIX-3006 Project: Felix Issue Type: Improvement Components: Web Console Reporter: Susan Javurek Attachments: FELIX-3006.diff, logout.diff Please add a log out button on the web console to avoid sessions and cookies being retained. -- This message was sent by Atlassian JIRA (v6.3.4#6332)