[dna-issues] [JBoss JIRA] Updated: (DNA-440) Integrate Servlet Security with DNA ExecutionContext

[ https://jira.jboss.org/jira/browse/DNA-440?page=com.atlassian.jira.plugin... ] Brian Carothers updated DNA-440: -------------------------------- Attachment: DNA-440_rest_changes.patch Attached patch that: - Adds class ServletSecurityContext to wrap HttpServletRequests in a SecurityContext for authorization within DNA - Makes JcrResource utilize a wrapped HttpServletRequest to login to the JCR Repository instead of a hardcoded user/password - Refactors the SPI to remove the ability to get a repository by name and add the ability to get a session from a request, repository name, and workspace name - Refactors surrounding classes in accord with change from prior line - Modifies integration test WAR to require basic authentication for all URIs - Modifies POM to add a valid user/password combination with the correct connect role; stripped all JAAS configuration - Makes existing test cases use - Adds test cases for bad password and user without connect role The REST integration test case throws out a bunch of spurious warnings about authorization failure, but since the test cases test that 1) nothing gets returned if authorization actually fails and 2) the right things do get returned when authorization works, I'm going to write this off as a Jetty quirk until proven otherwise. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira