ace-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Martín Cuervo <jo...@martincuervo.com>
Subject Fwd: custom security
Date Tue, 26 Jul 2016 20:14:19 GMT
Hello again,

I have set up the authentication modifying:

- run-server/conf/org.apache.ace.http.context.cfg
- run-server/conf/org.apache.ace.connectionfactory/auditlog.cfg
- run-server/conf/org.apache.ace.connectionfactory/deployment.cfg
- run-server/conf/org.apache.ace.connectionfactory/repository.cfg

- run-client/conf/org.apache.ace.connectionfactory/auditlog.cfg
- run-client/conf/org.apache.ace.connectionfactory/deployment.cfg
- run-client/conf/org.apache.ace.connectionfactory/repository.cfg

- run-target/target.bndrun

The server, client and target work fine with d/f (I assume the system is
using
run-server/conf/org.apache.ace.server.repository.factory/ace-user.cfg).


But I have still a couple of questions:

- AceServletContextHelper is setting in the request scope the authenticated
user object, and the RepositoryServletBase and the others are not using
this info to validate the user has the proper roles. Could I simply there
modify the methods doGet and doPost and check it?
- GET /repository/checkout?customer=apache&name=user&version=1 is answering
with the whole content of ace-users.cfg, should not be protected somehow?
- Can I assume /repository/checkout and /repository/commit are only for
"admins"?


Many thanks again for your time!

____________________________________
Jorge Martin Cuervo

email <jorge@martincuervo.com>
voice 0032 489 336 802
voice 0034 660 026 384
skype jorgemartincuervo
____________________________________

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message