incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <janne.jalka...@iki.fi>
Subject Re: svn commit: r806956 - in /incubator/jspwiki/trunk: ./ src/WebContent/WEB-INF/lib/ src/java/org/apache/wiki/ src/java/org/apache/wiki/content/
Date Mon, 24 Aug 2009 10:15:50 GMT
SimpleCredentials are just the credentials which are passed to
Session.login(). They need to be user-configurable, since JCR may have
its own ACLs which it uses to restrict access to the repository.

The basic Jackrabbit and Priha repositories create a read-only session
if no credentials are passed; but *any* non-null credentials will create a
read-write session (which we obviously need).  But others might work
differently.

I think jspwiki.properties is the best place to locate them.  Having
to deal with any other configuration file sounds like a real PITA for
any admins.

Also note that both Jackrabbit and Priha store their DB credentials on
regular configuration files (XML or Properties), so not much security
is gained by encrypting a dummy username and password :-)

/Janne

On Mon, Aug 24, 2009 at 01:17:02AM -0400, Andrew Jaquith wrote:
> I sort of missed the context of this thread, but if this has anything
> to do with storing passwords in jspwiki.properties, consider using the
> "keychain" feature. The Keychain object is an encrypted file that is
> meant for storing stuff like this. It is NOT quite configurable yet --
> that's coming in the updated InstallActionBean I'm readying for
> check-in. If it's ok with you, I'll keep a lookout for the updated
> newSession() method and retrofit it to use the keychain when my
> changes hit.
> 
> But if I got the context wrong, and the SimpleCredentials business has
> nothing to do with that, never mind then. :)
> 
> Andrew
> 
> On Sun, Aug 23, 2009 at 9:23 AM, Janne Jalkanen<janne.jalkanen@ecyrd.com> wrote:
> >>       * added dummy SimpleCredentials login to ContentManager.newSession()
> >>         this is required since priha 0.1.25 (not sure if this is the
> >>         right place/approach but at least we can run our JUnit tests
> >> again,
> >>         although still many tests fail (92.15%))
> >
> > Yup, it's the right approach. Actually, it would be best to read them from
> > jspwiki.properties.
> >
> > /Janne
> >

Mime
View raw message