Log of the #duraspace-ff channel on chat.freenode.net

Using timezone: Eastern Standard Time
* dwilcox joins08:17
* ermadmix joins09:28
* ksclarke joins09:34
* dwilcox_ joins09:42
* dwilcox leaves09:46
* gregjansen joins10:17
* dwilcox_ leaves10:23
* dwilcox joins
* dwilcox leaves10:28
* dwilcox joins10:45
<ksclarke>ermadmix: if you get a second to test, I'd be curious if the following works for you (or whether you see some basic gap in my understanding of what's supposed to happen): https://gist.github.com/ksclarke/1118453311:59
<ermadmix>ksclarke: See gist, maybe you're missing the roles in tomcat-users.xml12:30
<ksclarke>I don't have the role, but it is working for user curl query... if I put the role then wouldn't it be authorizing based on that rather than the header?12:31
* edInCo joins12:42
<ksclarke>okay, tried `curl -v -H "some-header: testuser" http://localhost:8080/fcrepo-webapp-4.0.0-alpha-6-SNAPSHOT-auth/rest/book` (a user with fedoraUser role now) and still no luck12:44
what I'm wondering is whether you have to have a basic auth to even get to the webapp (so it's never getting to check headers)12:48
* dwilcox_ joins13:03
* dwilcox leaves
* ermadmix leaves13:05
<ksclarke>okay, that seems like a bad theory... from ServletContainerAuthenticationProvider's javadocs: "Capable of authenticating whether or not container has performed user authentication"13:11
though, now with debug logging turned on, I don't seem to get to ServletContainer...'s authenticate() with just the header request13:28
* edInCo leaves13:41
* edInCo joins13:45
* ermadmix joins13:53
* gregjansen leaves13:57
* scossu joins14:53
* dwilcox_ leaves15:30
* dwilcox joins15:37
<pivotal-bot>Kevin Clarke added "Investigate what data is available on incoming authz requests for newly created objects, i.e. in Session" https://www.pivotaltracker.com/story/show/6995526015:41
Kevin Clarke edited "Investigate what data is available on incoming authz requests for newly created objects, i.e. in Session" https://www.pivotaltracker.com/story/show/6995526015:42
Kevin Clarke edited "Investigate what data is available on incoming authz requests for newly created objects, i.e. in Session" https://www.pivotaltracker.com/story/show/69955260
* gregjansen joins15:48
* dwilcox leaves15:50
* dwilcox joins15:51
* dwilcox leaves15:55
<ermadmix>ksclarke: re 12:48, not sure. Maybe debug:16:10
https://github.com/futures/fcrepo4/blob/master/fcrepo-auth-common/src/main/java/org/fcrepo/auth/common/HttpHeaderPrincipalProvider.java#L119
and see what principals get collected in the ServletContainerAuthenticationProvider
But not sure I understand the concept completely, if you can just put a header in the request, how is it ensured to be secure?
<ksclarke>I think that's just an example provider (used as an illustration); I turned on debug logging and I don't even think the ServletContainerAuthProvider is being called with the curl -H request; still investigating...16:12
thanks16:13
okay, finally understand17:26
* ksclarke sighs
found the javadoc "Capable of authenticating whether or not container has performed user authentication" a bit confusing... the container has to authenticate with something but additional principals which aren't authenticated in the container can be added17:28
@monologue
* fcrepo-bot joins17:43
<ermadmix>I hear you...but still don't get how if additional principals can just be added the header this is secure.17:58
AFK
* ermadmix leaves
<pivotal-bot>Esme Cowles added "URN predicates expose _ref variants, Internal Server Error when removed" https://www.pivotaltracker.com/story/show/69965804
Kevin Clarke added comment: "Have a first pass at implementing this (as I understand it): ""18:30
https://github.com/futures/fcrepo4/pull/314
..." https://www.pivotaltracker.com/story/show/69444656
* ksclarke needs a @later bot to respond to ermadix18:33
* ksclarke leaves18:34
* dwilcox joins18:50
* scossu leaves18:56
* fcrepo-bot leaves19:07
* dwilcox leaves19:10
* dwilcox joins19:11
* dwilcox leaves
* dwilcox joins19:12
* dwilcox leaves
* edInCo leaves19:46
* scossu joins20:27
* dwilcox joins21:14
* scossu leaves21:16
* dwilcox leaves21:18
* ksclarke joins21:23
* github-ff joins21:28
[fcrepo4] ksclarke closed pull request #314: Implemented TomcatRolesPrincipalProvider (master...TomcatRolesPrincipalProvider-69444656) http://git.io/gLvtGQ
* github-ff leaves
* escowles leaves21:50
* ksclarke leaves22:48
* ksclarke joins
* scossu joins22:51
* scossu1 joins23:18
* scossu leaves23:20
* scossu1 leaves00:05
* ksclarke leaves00:30
* ksclarke joins00:31
* ksclarke leaves00:35

Generated by Sualtam