[Dev] Security changes: dev action required
Brett Wooldridge
bwooldridge at alterpoint.com
Mon May 5 11:37:47 CDT 2008
Cool, thanks for the cleanup. Can you clarify that last bit? Was there a specific instance that caused a problem? I'm not sure what code that relies on the security service should or would do if it weren't present.
-Brett
On 5/6/08 1:30 AM, "Edmund Grossenbacher" <egrossenbacher at alterpoint.com> wrote:
I broke the org.ziptie.zap.security bundle into two bundles as follows:
1. org.ziptie.zap.security contains all "generic" security constructs, including the zprincipal, ISecurityService, and the session stuff. It no longer has an activator, and it no longer registers a service (ISecurityService.)
2. org.ziptie.server.auth contains ZipTie-specific security code, including the old SecurityService implementation which uses the baked password file, and ZHttpContext (or whatever) that installs the web filter. This new bundle registers the ISecurityService osgi server that used to be registered by zap.security.
I have added the new bundle to Build/crates/etc. The server appears to come up, so I'm thinking all is well, BUT:
*** I don't have write access to CVSROOT, so I am unable to update the 'ZipTie' alias. ***
Moving forward, it would be most appreciated if future references to the SecurityService actually checked to see if such a service is installed before doing user things with it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ziptie.org/pipermail/dev/attachments/20080505/d1ba578c/attachment.html
More information about the Dev
mailing list