jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3222) Allow servlet filters to specify custom session providers
Date Fri, 27 Jan 2012 12:54:00 GMT

    [ https://issues.apache.org/jira/browse/JCR-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13194663#comment-13194663
] 

Jukka Zitting commented on JCR-3222:
------------------------------------

> This is wrong. 

That's what the HttpContext.handleSecurity() method does, right? It's needs to be able to
take over the entire processing of a request.

> By having a contextId service property a whiteboard servlet service can refer to a whiteboard
> HttpContext service which implements that method accordingly.

You need some code to actually implement the HttpContext interface. That code could simply
do request.setAttribute(SessionProvider.class.getName(), customSessionProvider) in the handleSecurity()
method, right? I don't see why the SessionProvider instance would need to be an OSGi service
in this case.

Of course, if there is a case why some component would want to implement the SessionProvider
interface without the ability to terminate request processing or to send a custom HTTP response,
then I could see why accessing SessionProviders as OSGi services would be useful. In such
a case though, we should support potentially more than just a single SessionProvider service
and make sure that the releaseSession() calls get routed to the correct provider (which your
current patch doesn't guarantee).

                
> Allow servlet filters to specify custom session providers
> ---------------------------------------------------------
>
>                 Key: JCR-3222
>                 URL: https://issues.apache.org/jira/browse/JCR-3222
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-jcr-server
>            Reporter: Jukka Zitting
>            Priority: Minor
>         Attachments: JCR-3222-fmeschbe.patch, jackrabbit-jcr-server-2.6-SNAPSHOT.jar
>
>
> In order to integrate the Jackrabbit davex server functionality with their custom authentication
logic, the Sling project currently needs to embed and subclass the davex servlet classes.
It would be cleaner if such tight coupling wasn't needed.
> One way to achieve something like that would be to allow external components to provide
a custom SessionProvider instance as an extra request attribute. This way for example a servlet
filter that implements such custom authentication logic could easily make its functionality
available to the standard davex servlet in Jackrabbit.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message