Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 77627200B4F for ; Tue, 26 Jul 2016 22:14:26 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 75DA4160AA4; Tue, 26 Jul 2016 20:14:26 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BC843160AA2 for ; Tue, 26 Jul 2016 22:14:25 +0200 (CEST) Received: (qmail 28273 invoked by uid 500); 26 Jul 2016 20:14:25 -0000 Mailing-List: contact users-help@ace.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@ace.apache.org Delivered-To: mailing list users@ace.apache.org Received: (qmail 28261 invoked by uid 99); 26 Jul 2016 20:14:24 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jul 2016 20:14:24 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 36B651A72B5 for ; Tue, 26 Jul 2016 20:14:24 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.28 X-Spam-Level: * X-Spam-Status: No, score=1.28 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=martincuervo-com.20150623.gappssmtp.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id t-Jha1SwmdE5 for ; Tue, 26 Jul 2016 20:14:21 +0000 (UTC) Received: from mail-it0-f46.google.com (mail-it0-f46.google.com [209.85.214.46]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id BCC4960D05 for ; Tue, 26 Jul 2016 20:14:20 +0000 (UTC) Received: by mail-it0-f46.google.com with SMTP id f6so28981283ith.0 for ; Tue, 26 Jul 2016 13:14:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=martincuervo-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=qhLLoi5TKuXer1kji45Xy/Hm9w0M+6JoRoue/n2TbX4=; b=DKxknu42WThQ3u7trmGckYrIYSzmp9Glp+9dzDR5Ue1P4nNVZqsCjlmCZZnF6o6ZDa tKZKpAAg3cuAr6dpQA2meKpOiONbHgC5WDKZM7QCGWHVkuxZxa5X6K2cE9zPaP7J1hxs hJfxnnlyKtUeROHGXRuaF4Herse62cQlQdg+K7tfA1aMej9HPfeL3+TVj2w2rpYdgv6g eY3N8WYWxaRSCkIxWZemAO5PoEv5IAlyaCQ1sMNjEW9/VWHzOst1x1kpPOu9jZJ3ELF9 767mJzgyQYA82DrRaxlpwfK1mm5l/JvJoxhLgPkteYrJUmyspveTSUZaWvde8xWFq+2T 7QhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=qhLLoi5TKuXer1kji45Xy/Hm9w0M+6JoRoue/n2TbX4=; b=eQWQoUUfHk7IHUa/+m+z2FY9VE4Usp8CZeUmZlKjKuyUtMY6xDJQCJ/+8X19PrUuYL ZkErLCFbPwAB9D7ozTDo+yP9qX05SDi1ws2151hd7YAM9rHkagpR4AWZQJPkRhKFJyav OHyC/6GQ02Q7ZVDk9oQL/UA3FbXAzIPH/jECPJ92QGdvdWrmhf0X2Sau1tzXpTeh9vv6 +Nur7Yu4NGG0Gzlf4xVkOIiKP+gQxat8i8yOYQo/So8caZhQwjm7kziVLL+EmlJZeXXw 9rBTLSkiJZHb1plzlEv9+9sDHDHsAcK9nmgEG0iXBB6XNPUd+WWTxnZ+lylzL9vFV2EY heAg== X-Gm-Message-State: ALyK8tIW8zmjMePo3vj24QKuGNQFhhcHGkXpmat52CUDwyUw92Ehj20mtpnOrWdb3tMAeHytTx2fDmEpDItDbA== X-Received: by 10.36.211.137 with SMTP id n131mr95833844itg.6.1469564059367; Tue, 26 Jul 2016 13:14:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.97.134 with HTTP; Tue, 26 Jul 2016 13:14:19 -0700 (PDT) In-Reply-To: References: From: =?UTF-8?Q?Jorge_Mart=C3=ADn_Cuervo?= Date: Tue, 26 Jul 2016 22:14:19 +0200 Message-ID: Subject: Fwd: custom security To: users@ace.apache.org Content-Type: multipart/alternative; boundary=001a1145e040bc47af05388f8be7 archived-at: Tue, 26 Jul 2016 20:14:26 -0000 --001a1145e040bc47af05388f8be7 Content-Type: text/plain; charset=UTF-8 Hello again, I have set up the authentication modifying: - run-server/conf/org.apache.ace.http.context.cfg - run-server/conf/org.apache.ace.connectionfactory/auditlog.cfg - run-server/conf/org.apache.ace.connectionfactory/deployment.cfg - run-server/conf/org.apache.ace.connectionfactory/repository.cfg - run-client/conf/org.apache.ace.connectionfactory/auditlog.cfg - run-client/conf/org.apache.ace.connectionfactory/deployment.cfg - run-client/conf/org.apache.ace.connectionfactory/repository.cfg - run-target/target.bndrun The server, client and target work fine with d/f (I assume the system is using run-server/conf/org.apache.ace.server.repository.factory/ace-user.cfg). But I have still a couple of questions: - AceServletContextHelper is setting in the request scope the authenticated user object, and the RepositoryServletBase and the others are not using this info to validate the user has the proper roles. Could I simply there modify the methods doGet and doPost and check it? - GET /repository/checkout?customer=apache&name=user&version=1 is answering with the whole content of ace-users.cfg, should not be protected somehow? - Can I assume /repository/checkout and /repository/commit are only for "admins"? Many thanks again for your time! ____________________________________ Jorge Martin Cuervo email voice 0032 489 336 802 voice 0034 660 026 384 skype jorgemartincuervo ____________________________________ --001a1145e040bc47af05388f8be7--