directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot" ...@marcelot.net>
Subject Re: [ApacheDS] AllowAnonymousAccess property appears twice in the server.xml of Apache DS 1.5.1
Date Tue, 13 Nov 2007 09:28:34 GMT
Hi Alex,

Thanks for the answer.

So, correct me if I'm wrong, the 'allowAnonymousAccess' flag in the
'ldapConfiguration' bean is the front end one and the one in the
'configuration' bean is the AuthenticationInterceptor one.

Thanks,
Pierre-Arnaud Marcelot


On Nov 12, 2007 7:46 PM, Alex Karasulu <akarasulu@apache.org> wrote:

> This proper is a PITA.  You're absolutely right about it being so
> confusing.  Let me describe this issue in more detail.
>
> There are two levels of code dealing with authentication in the
> server.  One is deep in the core in the AuthenticationInterceptor
> which determines if anonymous access is allowed.  Another is more on
> the surface in the front end where the protocols manage
> authentication.  We need to consolidate these or figure out how to
> just let the protocol service configuration drive the behavior deep in
> the AuthenticationInterceptor.  I would like to do an audit on this
> stuff at some point before the big bang is over but I don't have the
> time myself at this stage to do it.  The sooner we fix it the better
> though since then there are less tests and code out there that depend
> on this convoluted configuration.
>
> Alex
>
> On Nov 12, 2007 10:52 AM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
> > Hi Dev,
> >
> > While I was updating the Apache DS Configuration plugin for Apache
> Directory
> > Studio to work with Apache DS 1.5.1, I noticed that the property
> > 'allowAnonymousAccess' (<property name="allowAnonymousAccess"
> value="false"
> > />) is listed twice in two different beans. Once in the
> ldapConfiguration
> > bean and once in the configuration...
> >
> > Is this normal ? If not, which of these two values should I consider as
> the
> > correct one ?
> >
> > Thanks,
> > Pierre-Arnaud Marcelot
> >
>

Mime
View raw message