[
https://issues.apache.org/jira/browse/SLING-1112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756397#action_12756397
]
Felix Meschberger commented on SLING-1112:
--
I think the JavaDoc is relatively clea
[
https://issues.apache.org/jira/browse/SLING-1112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-1112:
Component/s: (was: API)
JCR
Affects Version/s: (was
>>> On 16 Sep 2009, at 18:04, Vidar Ramdal wrote:
>> What if we alter the AMP interface and let the boolean methods
>> (isGranted, canRead) return Booleans instead? That way, the AMP could
>> return null to signalize that handling should fall back to
>> DefaultAccessManager
Use new official OSGi R4.2 artifacts
Key: SLING-1114
URL: https://issues.apache.org/jira/browse/SLING-1114
Project: Sling
Issue Type: Task
Components: General
Affects Versions: Parent 6
Yes, Safari and Chrome only cache credentials that were passed to a
request and lead to a sucessfull response if they were entered
manually through the login box. Putting credentials into an XHR
request, or via an image, css, iframe or script via the
"http://user:passw...@domain.com"; trick, which
[
https://issues.apache.org/jira/browse/SLING-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler updated SLING-1114:
Description: The offical OSGi artifacts for R4.1 are now availabe from the
central maven re
On 17 Sep 2009, at 18:07, Vidar Ramdal wrote:
Jackrabbit 1.5 and critically in Jackrabbit 2.
At the moment this issue is, "do nothing and think again"
So, from what I read, what you really need is to extend DAM?
Yes, that is what I have already done, but as you say below, its not
that
Redirecting to an absolute url does not work
Key: SLING-1115
URL: https://issues.apache.org/jira/browse/SLING-1115
Project: Sling
Issue Type: Bug
Components: Servlets
Affects Version
On Wed, Sep 16, 2009 at 10:26 PM, Mike Müller wrote:
> ...I tried to use the newest
> org.apache.sling.launchpad.base.jar to test SLING-922
> ...So maybe my question is a little bit silly: What is the right
> and eaysiest way to that?...
Checking with mvn dependency:resolve, launchpad/app co
> > ...I tried to use the newest
> > org.apache.sling.launchpad.base.jar to test SLING-922
>
> > ...So maybe my question is a little bit silly: What is the right
> > and eaysiest way to that?...
>
> Checking with mvn dependency:resolve, launchpad/app correctly depends
> on launchpad.base:jar:ap
Hi Mike,
Mike Müller schrieb:
> Hi
>
> I'm a little bit stuck: I tried to use the newest
> org.apache.sling.launchpad.base.jar to test SLING-922.
> I took the org.apache.sling.launchpad.app-6-SNAPSHOT.jar and
> replaced the org.apache.sling.launchpad.base.jar there with
> the org.apache.sling.lau
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756506#action_12756506
]
Felix Meschberger commented on SLING-1113:
--
How about adding tests with File.separ
Hi Mike,
In addition to the explanations by Alex Klimetschek you are of course
welcome to "enhance" the current HTTP authentication handler with
support for cookies for WebKit based browsers
Regards
Felix
Mike Moulton schrieb:
> I'm relatively new to sling development and I find myself exper
Hi Mike,
On Thu, Sep 17, 2009 at 1:58 PM, Mike Müller wrote:
> ...If you build launchpad/app it's using
> launchpad.base 2.0.4-INCUBATOR for the launcher-jar because of the
> launchpad/app/pom.xml...
Ok, got it now, the launchpad.base version is declared twice (argh) in
that pom, and both instan
Hi Felix
> > I'm a little bit stuck: I tried to use the newest
> > org.apache.sling.launchpad.base.jar to test SLING-922.
> > I took the org.apache.sling.launchpad.app-6-SNAPSHOT.jar and
> > replaced the org.apache.sling.launchpad.base.jar there with
> > the org.apache.sling.launchpad.base-2.0.5-S
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1113:
-
Attachment: SLING-1113-fmeschbe.patch
Proposed variant as explained in previous comment.
Hi Mike,
Mike Müller schrieb:
> Hi Felix
>
>>> I'm a little bit stuck: I tried to use the newest
>>> org.apache.sling.launchpad.base.jar to test SLING-922.
>>> I took the org.apache.sling.launchpad.app-6-SNAPSHOT.jar and
>>> replaced the org.apache.sling.launchpad.base.jar there with
>>> the org.
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756548#action_12756548
]
Mike Müller commented on SLING-1113:
That solves the problem. thanks.
Just one little t
Hi Mike,
For my own project, I ended up writing my own FormAuthenticationHandler
which caches the submitted credentials (crypted) on the server-side as a
session attribute. The cached credentials are used when no basic auth info
is available on the current request. It is actually not that hard t
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756550#action_12756550
]
Felix Meschberger commented on SLING-1113:
--
There are two tests actually:
test
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756564#action_12756564
]
Mike Müller commented on SLING-1113:
Sorry haven't seen that. So the patch exactly is w
On Thu, Sep 17, 2009 at 4:00 PM, Eric Norman wrote:
> For my own project, I ended up writing my own FormAuthenticationHandler
> which caches the submitted credentials (crypted) on the server-side as a
> session attribute. The cached credentials are used when no basic auth info
> is available on t
[
https://issues.apache.org/jira/browse/SLING-1113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756570#action_12756570
]
Mike Müller commented on SLING-1113:
If it's okay for you, I would commit the patch and
Well, my project doesn't currently have enough load to require more than one
server node, so I haven't thought much about that yet. If your cluster can
be configured to use sticky sessions, it would probably work fine without
any further changes. Otherwise your app server would need to be configu
Hi Eric,
I've been putting off implementing alternative authentication,
suffering along
with the default browser auth for now. I'd be interested in using your
solution
if you're willing to share it.
Thanks,
Andreas
On Sep 17, 2009, at 11:29 AM, Eric Norman wrote:
Well, my project doesn't
On Thu, Sep 17, 2009 at 5:29 PM, Eric Norman wrote:
> Well, my project doesn't currently have enough load to require more than one
> server node, so I haven't thought much about that yet. If your cluster can
> be configured to use sticky sessions, it would probably work fine without
> any further
Thank you everyone for your thorough responses, they are of great help.
In the interest of keeping the conversation going...
My applications undergo auditing to meet strict security protocols,
therefor I generally stay away from BASIC auth due to the in-the-clear
nature of the Authorization
Eric,
It sounds like your solution is the start of the approach I was
considering. If your willing to share, at minimum, Andreas and myself
would love to look at your solution.
-- Mike
On Sep 17, 2009, at 8:44 AM, Andreas Kollegger wrote:
Hi Eric,
I've been putting off implementing alt
On Thu, Sep 17, 2009 at 1:02 AM, Ian Boston wrote:
> On 17 Sep 2009, at 07:58, Alexander Klimetschek wrote:
>> ...Firefox and IE are not that strict and will apply cached
>> credentials for the same realm on the entire domain (eg. my.app.com/),...
>> ...Safari and Chrome (ie. Webkit-based ones, a
On Thu, Sep 17, 2009 at 18:15, Mike Moulton wrote:
> My applications undergo auditing to meet strict security protocols, therefor
> I generally stay away from BASIC auth due to the in-the-clear nature of the
> Authorization header unless the entire session is planned to be delivered
> over SSL. Wi
On Thu, Sep 17, 2009 at 18:37, Bertrand Delacretaz
wrote:
> So does that mean that forcing authentication to happen on / using the
> "ugly" built-in browser credentials dialog works on all current
> browsers? For user-initiated as well as XHR requests?
Yes. That would be plain HTTP basic auth...
> On Thu, Sep 17, 2009 at 18:37, Bertrand Delacretaz
> wrote:
>> So does that mean that forcing authentication to happen on / using the
>> "ugly" built-in browser credentials dialog works on all current
>> browsers? For user-initiated as well as XHR requests?
On Thu, Sep 17, 2009 at 7:00 PM, Alex
On Wednesday 16 September 2009 22:55:27 Jonathan Cook wrote:
> One trick with this is to call a resource-type URI from /a with the
> authentication requested and that will authenticate the user good to
> /a/b/c and /a/d , from /a/b/c
>
> so just or
> something of the sort. you can have that rende
Juerg,
I can confirm your findings with Safari as discussed in the WebKit
HTTP Authentication thread.
At this point, using the trunk of sling, I am unable to use any WebKit
browser with sling where a principal other than anonymous is required.
-- Mike
On Sep 17, 2009, at 3:27 PM, Juerg
FORM Based Authentication
-
Key: SLING-1116
URL: https://issues.apache.org/jira/browse/SLING-1116
Project: Sling
Issue Type: New Feature
Components: Extensions
Reporter: Eric Norman
This is a n
[
https://issues.apache.org/jira/browse/SLING-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated SLING-1116:
---
Attachment: org.apache.sling.formauth.zip
forms auth bundle. Unpack to sling/contrib/extensions
> F
Hi Mike and Andreas,
Sure, I'm more than willing to share. I have extracted the form auth
components and created a new bundle. It's attached to
https://issues.apache.org/jira/browse/SLING-1116
Please give it a try and let me know what you think.
Regards,
-Eric
On Thu, Sep 17, 2009 at 9:16 AM
[
https://issues.apache.org/jira/browse/SLING-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-1114.
-
Resolution: Fixed
Changed in Revision: 816486
> Use new official OSGi R4.1 artifacts
> -
38 matches
Mail list logo
