incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1550031 - /sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
Date Wed, 11 Dec 2013 02:29:05 GMT
Author: cziegeler
Date: Wed Dec 11 02:29:05 2013
New Revision: 1550031

URL: http://svn.apache.org/r1550031
Log:
Update web console security provider docs

Modified:
    sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext

Modified: sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext?rev=1550031&r1=1550030&r2=1550031&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext (original)
+++ sling/site/trunk/content/documentation/bundles/web-console-extensions.mdtext Wed Dec 11
02:29:05 2013
@@ -13,7 +13,7 @@ This bundle will attach as a fragment bu
 
 ## Security Provider (org.apache.sling.extensions.webconsolesecurityprovider)
 
-The Apache Sling Web Console Security Provider implements the Apache Felix Web Console `WebConsoleSecurityProvider`
interface authenticating Web Console users against the JCR repository. Each username and password
presented is used to login to the JCR repository and to check the respective session.
+The Apache Sling Web Console Security Provider implements the Apache Felix Web Console `WebConsoleSecurityProvider`
and `WebConsoleSecurityProvider2` interface for authenticating Web Console users against the
JCR repository. Each username and password presented is used to login to the JCR repository
and to check the respective session.
 
 1. Ensure the username and password can be used to login to the default workspace. If not,
access is denied
 1. If the username presented is one of the user names configured with the `users` configuration
property, access is granted.
@@ -23,11 +23,16 @@ Access is denied if the username and pas
 
 ### Configuration
 
-The Security Provider is configured with configuration with PID `org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider`
supporting the following properties:
+The Security Provider is configured with the configuration PID `org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider`
supporting the following properties:
 
 | Property | Type | Default Value | Description
 |--|--|--|
 | `users` | `String`, `String[]` or `Vector<String>` | admin | The list of users granted
access to the Web Console |
 | `groups`| `String`, `String[]` or `Vector<String>` | --- | The list of groups whose
(direct or indirect) members are granted access to the Web Console |
 
-Note, that while the default value explicitly grants the *admin* user to access the Web Console
it is suggested that system administrators define a special group and assign users with Web
Console access to this group.
\ No newline at end of file
+Note, that while the default value explicitly grants the *admin* user to access the Web Console
it is suggested that system administrators define a special group and assign users with Web
Console access to this group.
+
+### Authentication Handling
+
+As long as the web console security provider bundle is not activate and has not installed
one of the above mentioned services, the default authentication of the web console is used.
Once the bundle is active and a JCR repository service is available, the repository is used
for authentication as explained above. But still the login form of the web console is used
which is usually basic authentication.
+Once startup is finished and a Sling authentication service is available as well, the security
provider replaces the JCR repository based auth provider with a Sling based auth provider.
Both authenticate against the JCR repository, however the Sling based one using Sling to render
the login form. Therefore, this provider is not registered until startup is finished
\ No newline at end of file



Mime
View raw message