New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fedora Auth Commons with Policy Enforcement Point (PEP) extension point #109

Closed
wants to merge 7 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@gregjan
Member

gregjan commented Sep 4, 2013

Defines an extension point for Fedora PEP implementations.

  • Includes tests that verify that decisions made by any PEP will be honored in the REST API.
  • Differentiates between internal superuser Modeshape sessions and REST sessions
  • Includes pass-through security for container authenticated fedoraAdmin roles.
  • REST endpoints can no longer obtain anonymous Modeshape sessions with wide open security.

https://www.pivotaltracker.com/s/projects/684825/stories/55891634

gregjan added some commits Aug 30, 2013

prevented Session.save() when RepositoryExceptions are thrown (was in…
… finally block)

turned down logging of access control exceptions (ERROR => DEBUG)
made all REST API sessions, with or without client login, use ServletCredentials to obtain a ModeShape session
this is so that we can use the same PEP injection for anonymous clients as we do for logged in users.
created a bypass servlet authentication provider, for REST testing w/…
…o auth

made all REST calls use servlet credentials
added fcrepo-auth-commons to fcrepo4
renamed SessionFactory.getSession() methods w/o credentials to getInt…
…ernalSession(), such that use is clear to devs

Tied the transaction ID to the servlet session, to prevent duplicate login (now that use consistently use servlet credentials at REST endpoints)
FedoraTransactionIT tests pass
fixed up repository.json files for integrations tests
created a shared rest-sessions config file for integration tests that require the REST API (use of SessionFactory)
@gregjan

This comment has been minimized.

Member

gregjan commented Sep 4, 2013

Well, clearly I should have rebased, instead of merging master..

@awoods

This comment has been minimized.

Member

awoods commented Sep 11, 2013

@awoods awoods closed this Sep 11, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment