Pax Web
  1. Pax Web
  2. PAXWEB-210

Security Constraints for WebApplications

    Details

      Description

      Currently it is not possible to configure a security-constraint for any kind of web application served by pax-web.
      Therefore no Authentication is possible with pax-web

      If I'm running pax-web with the Apache Karaf server there is even an JAAS realm I would like to connect to.

        Activity

        Hide
        Achim Nierbeck added a comment -

        Currently I'm working on this issue by my self and would like to add this either as patch or even add the code to the sources by my self.

        Show
        Achim Nierbeck added a comment - Currently I'm working on this issue by my self and would like to add this either as patch or even add the code to the sources by my self.
        Hide
        Niclas Hedhman added a comment -

        If the code change is large, I suggest that the solution is brought up on mailing list first, for feedback.

        If it is not large, commit and highlight the change in an after-the-fact mail works good enough I think.

        Show
        Niclas Hedhman added a comment - If the code change is large, I suggest that the solution is brought up on mailing list first, for feedback. If it is not large, commit and highlight the change in an after-the-fact mail works good enough I think.
        Hide
        Achim Nierbeck added a comment -

        I created a branch at github:

        http://github.com/ops4j/org.ops4j.pax.web/tree/webSecureContext

        The web.xml is fully parsed, the security is configured and the HttpServiceContext is configured.
        But still the request handling doesn't check for security, still have to dig into this further.

        Show
        Achim Nierbeck added a comment - I created a branch at github: http://github.com/ops4j/org.ops4j.pax.web/tree/webSecureContext The web.xml is fully parsed, the security is configured and the HttpServiceContext is configured. But still the request handling doesn't check for security, still have to dig into this further.
        Hide
        Toni Menzel added a comment -

        Looks good! Once you are done, you can integrate the branch into master (will speak about this when its time, if you need assistance).
        Until then its good to work in a branch. But remember, its still OPS4J, so you integrate it into the main codebase (there is no "patch-apply" system like at apache).

        For your own reference, i like to look at http://github.com/ops4j/org.ops4j.pax.web/compare/master...webSecureContext which gives a nice view on your changes on on how far you are away from master.

        Show
        Toni Menzel added a comment - Looks good! Once you are done, you can integrate the branch into master (will speak about this when its time, if you need assistance). Until then its good to work in a branch. But remember, its still OPS4J, so you integrate it into the main codebase (there is no "patch-apply" system like at apache). For your own reference, i like to look at http://github.com/ops4j/org.ops4j.pax.web/compare/master...webSecureContext which gives a nice view on your changes on on how far you are away from master.
        Hide
        Achim Nierbeck added a comment -

        Sofar so good,
        because of adding the improvement of PAXWEB-193
        I'm able to configure and use a jetty managed "UserRealm"

        Show
        Achim Nierbeck added a comment - Sofar so good, because of adding the improvement of PAXWEB-193 I'm able to configure and use a jetty managed "UserRealm"
        Hide
        Achim Nierbeck added a comment -

        Finaly works the way it is supposed to do:

        http://github.com/ops4j/org.ops4j.pax.web/commit/76c30d134896642d006b02e1ee8d4d0a12c16abf

        If a security Realm is configured through the jetty.xml this one can be taken into account. In the web.xml

        Show
        Achim Nierbeck added a comment - Finaly works the way it is supposed to do: http://github.com/ops4j/org.ops4j.pax.web/commit/76c30d134896642d006b02e1ee8d4d0a12c16abf If a security Realm is configured through the jetty.xml this one can be taken into account. In the web.xml

          People

          • Assignee:
            Achim Nierbeck
            Reporter:
            Achim Nierbeck
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development