New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fedora Auth Commons with Policy Enforcement Point (PEP) extension point #109

wants to merge 7 commits into
base: master


None yet
2 participants

gregjan commented Sep 4, 2013

Defines an extension point for Fedora PEP implementations.

  • Includes tests that verify that decisions made by any PEP will be honored in the REST API.
  • Differentiates between internal superuser Modeshape sessions and REST sessions
  • Includes pass-through security for container authenticated fedoraAdmin roles.
  • REST endpoints can no longer obtain anonymous Modeshape sessions with wide open security.

gregjan added some commits Aug 30, 2013

prevented when RepositoryExceptions are thrown (was in…
… finally block)

turned down logging of access control exceptions (ERROR => DEBUG)
made all REST API sessions, with or without client login, use ServletCredentials to obtain a ModeShape session
this is so that we can use the same PEP injection for anonymous clients as we do for logged in users.
created a bypass servlet authentication provider, for REST testing w/…
…o auth

made all REST calls use servlet credentials
added fcrepo-auth-commons to fcrepo4
renamed SessionFactory.getSession() methods w/o credentials to getInt…
…ernalSession(), such that use is clear to devs

Tied the transaction ID to the servlet session, to prevent duplicate login (now that use consistently use servlet credentials at REST endpoints)
FedoraTransactionIT tests pass
fixed up repository.json files for integrations tests
created a shared rest-sessions config file for integration tests that require the REST API (use of SessionFactory)

This comment has been minimized.


gregjan commented Sep 4, 2013

Well, clearly I should have rebased, instead of merging master..


This comment has been minimized.


awoods commented Sep 11, 2013

@awoods awoods closed this Sep 11, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment