ace-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Martín Cuervo <>
Subject Fwd: custom security
Date Tue, 26 Jul 2016 20:14:19 GMT
Hello again,

I have set up the authentication modifying:

- run-server/conf/org.apache.ace.http.context.cfg
- run-server/conf/org.apache.ace.connectionfactory/auditlog.cfg
- run-server/conf/org.apache.ace.connectionfactory/deployment.cfg
- run-server/conf/org.apache.ace.connectionfactory/repository.cfg

- run-client/conf/org.apache.ace.connectionfactory/auditlog.cfg
- run-client/conf/org.apache.ace.connectionfactory/deployment.cfg
- run-client/conf/org.apache.ace.connectionfactory/repository.cfg

- run-target/target.bndrun

The server, client and target work fine with d/f (I assume the system is

But I have still a couple of questions:

- AceServletContextHelper is setting in the request scope the authenticated
user object, and the RepositoryServletBase and the others are not using
this info to validate the user has the proper roles. Could I simply there
modify the methods doGet and doPost and check it?
- GET /repository/checkout?customer=apache&name=user&version=1 is answering
with the whole content of ace-users.cfg, should not be protected somehow?
- Can I assume /repository/checkout and /repository/commit are only for

Many thanks again for your time!

Jorge Martin Cuervo

email <>
voice 0032 489 336 802
voice 0034 660 026 384
skype jorgemartincuervo

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message