[
https://jira.jboss.org/jira/browse/DNA-440?page=com.atlassian.jira.plugin...
]
Brian Carothers updated DNA-440:
--------------------------------
Attachment: DNA-440_refactor_existing.patch
Attached and applied patch that takes first step towards integrating the security by
refactoring the existing security from ExecutionContext proper into a new interface called
o.j.d.graph.SecurityContext. The existing JAAS code moves into an implementation of
SecurityContext called JaasSecurityContext and JcrSession can now accept a new type of
Credentials called o.j.d.jcr.SecurityContextCredentials that wraps an existing
SecurityContext.
Next step is to create a SecurityContext class that wraps HttpServletRequest to be able to
derive the user name and role information directly from the request and modify JcrResource
to accept the new SecurityContext class.
Integrate Servlet Security with DNA ExecutionContext
----------------------------------------------------
Key: DNA-440
URL:
https://jira.jboss.org/jira/browse/DNA-440
Project: DNA
Issue Type: Sub-task
Affects Versions: 0.4
Reporter: Brian Carothers
Fix For: 0.6
Attachments: DNA-440_refactor_existing.patch
The DNA JCR security approach is JAAS-based and relies on the ability to pass a
LoginContext, AccessControlContext, or SimpleCredentials (which are used internally to
create a LoginContext) to the ExecutionContext. The Servlet specification does not expose
any of these. The REST server is mandatorily limited to what the Servlet specification
provides. There needs to be some sort of integration between the Servlet-based REST code
and JAAS-based DNA implementation to allow authorization and access to JCR resources to
occur based on web credentials.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira