Currently in Geronimo, we could not use JVM's JAAS configuration, for it is replaced with Geronimo's security realm.

2008/11/8 Markku Saarela <markku.saarela@iki.fi>
Here is configuration documentation:
http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration

After read this documentation i thought that i do not need to use jaas, but now i realize that there is jaas available and in geronimo-ra.xml i found element <container-managed-security /> so i'm actually using container managed security.

So how to configure that (geronimo documentation is little bit confusing)?

- markku


David Jencks wrote:
Could you point to some documentation on the JCARepositoryHandle  and the ra.xml for this connector?

For container managed security you need to use something like the plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java which you can deploy in a JAAS configuration using the PasswordCredentialLoginModuleWrapperGBean.java

Since you are trying to supply the credentials in what appears to be a "get connection" call I wonder if you actually want container managed security?

thanks
david jencks


On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote:

Hi,

Jackrabbit 1.4 (1.4.1 core)  JCA deployed to Geronimo 2.1.1. Web application or ejb session bean  failed with repository login. InitialContext lookup find Repository but calling repository.login( new SimpleCredentials( "system", "manager".toCharArray() ) ); method results exception:

Caused by: javax.resource.ResourceException: No subject for container managed security
    at org.apache.geronimo.connector.outbound.SubjectInterceptor.getConnection(SubjectIntercepto
r.java:51)
    at org.apache.geronimo.connector.outbound.ConnectionHandleInterceptor.getConnection(Connecti
onHandleInterceptor.java:43)
    at org.apache.geronimo.connector.outbound.TCCLInterceptor.getConnection(TCCLInterceptor.java
:39)
    at org.apache.geronimo.connector.outbound.ConnectionTrackingInterceptor.getConnection(Connec
tionTrackingInterceptor.java:66)
    at org.apache.geronimo.connector.outbound.AbstractConnectionManager.allocateConnection(Abstr
actConnectionManager.java:87)
    at org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:98)

So how to configure Geronimo to provide subject to connector?

rgds,

Markku





--
Ivan