Git branch: track4
The com.amplifino.nestor.security.http provides a configurable HTTP servlet filter. The filter uses BASIC or DIGEST authentication to authenticate the user. Password hashes are stored in the users HA1 credential property in the format needed for Digest authentication. Note that this MD5 based hash is no longer considered secure, so if not using DIGEST the hash algorithm should be replaced by more advanced password hashes like bcrypt or PBKDF2. The Jetty based Felix Http implementation will automatically map HttpServletRequest.isUserInRole to UserAdmin's Authorization.hasRole if an Authorization instance is set as the request's authorization attribute. Unfortunately the Jersey RolesAllowedDynamicFeature first tests if getUserPrincipal is not null before calling isUserInRole, so we have to wrap the incoming servlet request to override getUserPrincipal. Now we have all the infrastructure in place to create an interface on the user admin service (bundle com.amplifino.nestor.useradmin.rest). Just start the runner.bndrun file. To bootstrap the bundle provides a few gogo shell commands to create the first user.
createUser admin createGroup userAdmin addMember userAdmin admin false (arguments: group member required) setHA1 admin Amplifino admin (arguments: user realm password)Now you can point your browser to http://localhost:8080:/apps/useradmin/index.html and create additional users and groups. Or use the web console's user admin plugin as an alternative user interface.