Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fedora Auth Commons with Policy Enforcement Point (PEP) extension point #109

Closed
wants to merge 7 commits into from
Closed

Fedora Auth Commons with Policy Enforcement Point (PEP) extension point #109

wants to merge 7 commits into from

Conversation

gregjan
Copy link
Contributor

@gregjan gregjan commented Sep 4, 2013

Defines an extension point for Fedora PEP implementations.

  • Includes tests that verify that decisions made by any PEP will be honored in the REST API.
  • Differentiates between internal superuser Modeshape sessions and REST sessions
  • Includes pass-through security for container authenticated fedoraAdmin roles.
  • REST endpoints can no longer obtain anonymous Modeshape sessions with wide open security.

https://www.pivotaltracker.com/s/projects/684825/stories/55891634

@gregjan
prevented Session.save() when RepositoryExceptions are thrown (was in…
ac40951 
… finally block)

turned down logging of access control exceptions (ERROR => DEBUG)
made all REST API sessions, with or without client login, use ServletCredentials to obtain a ModeShape session
this is so that we can use the same PEP injection for anonymous clients as we do for logged in users.
@gregjan
created a bypass servlet authentication provider, for REST testing w/…
a3072fe 
…o auth

made all REST calls use servlet credentials
added fcrepo-auth-commons to fcrepo4
@gregjan
renamed SessionFactory.getSession() methods w/o credentials to getInt…
65fb2b3 
…ernalSession(), such that use is clear to devs

Tied the transaction ID to the servlet session, to prevent duplicate login (now that use consistently use servlet credentials at REST endpoints)
FedoraTransactionIT tests pass
@gregjan
Merge branch 'master' of github.com:futures/fcrepo4 into authN
2ea5284
@gregjan
fixed up repository.json files for integrations tests
019d52f 
created a shared rest-sessions config file for integration tests that require the REST API (use of SessionFactory)
@gregjan
javadoc cleanup
592d53c
@gregjan
Copy link
Contributor Author

gregjan commented Sep 4, 2013

Well, clearly I should have rebased, instead of merging master..

@awoods
Copy link

awoods commented Sep 11, 2013

Merged with: http://git.io/G_ynaQ
https://www.pivotaltracker.com/story/show/55891634
Thanks.

@awoods awoods closed this Sep 11, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gregjan @awoods