Return-Path: Delivered-To: apmail-incubator-esme-dev-archive@minotaur.apache.org Received: (qmail 84941 invoked from network); 1 Jan 2010 16:17:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Jan 2010 16:17:05 -0000 Received: (qmail 46321 invoked by uid 500); 1 Jan 2010 16:17:05 -0000 Delivered-To: apmail-incubator-esme-dev-archive@incubator.apache.org Received: (qmail 46265 invoked by uid 500); 1 Jan 2010 16:17:05 -0000 Mailing-List: contact esme-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: esme-dev@incubator.apache.org Delivered-To: mailing list esme-dev@incubator.apache.org Received: (qmail 46255 invoked by uid 99); 1 Jan 2010 16:17:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jan 2010 16:17:05 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of esjewett@gmail.com designates 209.85.222.174 as permitted sender) Received: from [209.85.222.174] (HELO mail-pz0-f174.google.com) (209.85.222.174) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jan 2010 16:16:58 +0000 Received: by pzk4 with SMTP id 4so890080pzk.32 for ; Fri, 01 Jan 2010 08:16:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=DoskTBvLYMfsNH7HblpMo6LNugnvf3HlETrS/hYbffU=; b=V5Upwa+OVw1yZFmhKMcvQxuicEuJ4kruiLRhVsPh2TRS4qjUbPGQtQFdkE3fKhbBDl hg1PwVy3nz3f/FHoPJkr0mNT9WGCriFg6Va6v4w765kq++GAxqfp4uaCf1j0q5jljC4a YZjPWkbx6saUk/pTNdF/rDHxdiCkCllHkPOyY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ldPr3g+kopkLU9VDbeu8OkOkRKXabNnedU7gN4jYC5EpMnj+5ly8b3tHBeHQIoGBjp nUjMmnXrQxxOY4UUFABVVZvd/+y8ssin2ynmE7JBBu+T/AQEfYcVWD5rX/LoAxSq9h6B 1ilumdEy2lZySVGgjIlLYiZKfL8dGNjdvgta8= MIME-Version: 1.0 Received: by 10.141.23.11 with SMTP id a11mr11141958rvj.87.1262362598293; Fri, 01 Jan 2010 08:16:38 -0800 (PST) In-Reply-To: References: <68f4a0e80912311547i6ad05615x2ee0273c51dbc9d9@mail.gmail.com> Date: Fri, 1 Jan 2010 10:16:38 -0600 Message-ID: <68f4a0e81001010816r38aea5d6iac01dc978e90015b@mail.gmail.com> Subject: Re: Big (first) commit From: Ethan Jewett To: esme-dev@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 On Fri, Jan 1, 2010 at 2:10 AM, Richard Hirsch wrote: > Strange that your commit was registered on this list.... That is odd. I sent it to esme-commits@incubator.apache.org > I think this is fine for now but we don't want to recreate the lift > authorization functionality. Is there a migration path possible? The migration path would be to just switch the mechanism over to Lift authorizations. However, those don't appear to be suitable. To quote myself: 1. The Lift httpAuthProtectedResource method that all the examples use to tie roles to actions in the application is not suitable for a RESTful API approach, since it ties authorization to the resource rather than the resource/method combination (translation: you can't have a resource with different authorization roles for read and write, and we need this, at least for the api2/users resource). 2. Using LiftRules.httpAuthProtectedResource seems to require the use of LiftRules.authentication to authenticate requests. [That is, I don't see a way to do authorization based on the current user as derived from the session.] Unfortunately it looks like you can only define one authentication method per application (I may be missing something here), and since the Twitter API is already using Basic authentication, we can't use a different method for the administration API parts of API2. I need to send that email to the Lift list asking for help... > [ESME-xxx] JIRA title > Extra text > > xxx = number from Jira > JIRA title = Jira title > Extra text is optional and says whether it is a patch, etc. Thanks, I'll do that in the future. Does that format result in the Jira comment posting from Hudson automagically? Thanks, Ethan