maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell (JIRA)" <j...@codehaus.org>
Subject [jira] Commented: (MRM-242) Replace the proxy url of the Download link into the absolute url
Date Tue, 05 Dec 2006 06:12:41 GMT
    [ http://jira.codehaus.org/browse/MRM-242?page=comments#action_81774 ] 
            
Jesse McConnell commented on MRM-242:
-------------------------------------

they are set in the session, just not sure if they are available to the security system in
that proxy url or not...but anyway authn and authz are completely different operations and
the webwork action or at least an interceptor on the stack would be way to go I think, with
my meager knowledge of the problem domain here

the way things are setup now, if you have a principal available and the user is authenticated
then the authz operations would check the principals permission set based on some operation
'archiva-deploy-artifact' for instance, and then some resource, perhaps the groupId here,
or the global * resource if it applies to the entire repo.  if a permission matches the operation
and resource up then its authz.  the other approach is to grant those permissions to a role
that the guest user has assigned, then it is available to anyone through the authz system.

> Replace the proxy url of the Download link into the absolute url
> ----------------------------------------------------------------
>
>                 Key: MRM-242
>                 URL: http://jira.codehaus.org/browse/MRM-242
>             Project: Archiva
>          Issue Type: Improvement
>          Components: web application
>         Environment: Linux FC4, JDK1.5, Maven2.0.4
>            Reporter: Napoleon Esmundo C. Ramirez
>             Fix For: 1.0-beta-1
>
>         Attachments: MRM-242-archiva.patch
>
>
> When browsing for artifacts in archiva, the Download link uses the proxy url.  Since
the artifacts are cached into archiva's managed repositories, the absolute url must be used
at all times.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message