jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: Pluggable authentication
Date Wed, 02 Mar 2005 14:26:50 GMT
Stefan Guggisberg wrote:

>hi silvain,
>
>
>On Wed, 02 Mar 2005 12:31:16 +0100, Sylvain Wallez <sylvain@apache.org> wrote:
>  
>
>>Hi all,
>>
>>While the new JAAS support is cool, it is not applicable in all
>>situations, either because a specific authentication system exists with
>>or because the JVM-wide settings required by JAAS can't be used.
>>
>>So what about a pluggable authentication/authorization in
>>repository.xml? Are there plans for this, or should I do it?
>>    
>>
>
>regarding pluggable authorization:
>i am currently working on a configurable access manager
>which i'm hopefully able to commit today or tomorrow.
>  
>

Oh, cool!

>regarding pluggable authentication:
>i am not sure if i understand you correctly. are you talking of 
>configuring the LoginModule in repository.xml instead of making 
>use of the standard JAAS configuration mechanism?
>
>or are you talking of a custom, non-JAAS authentication mechanism?
>  
>

Yes.

>in that case i would prefer using standard JAAS authentication
>(i.e. LoginModule) only. either way, it's eventually a configuration issue.
>you have to configure it either in a jaas.config or in repository.xml.
>i don't see a benefit in having also the latter option.
>  
>

The benefit would be to avoid having to tweak the JVM-wide settings 
required by JAAS. A lot of webapps use custom authentication schemes and 
can be deployed without requiring changes to the system configuration.

I'm no JAAS expert, but AFAIK it's not possible to specify a "local" 
security policy related either to a thread or a classloader, hence the 
proposal to be able to specify a custom authenticator in repository.xml, 
that could delegate authentication to enclosing environment.

Sylvain

-- 
Sylvain Wallez                                  Anyware Technologies
http://www.apache.org/~sylvain           http://www.anyware-tech.com
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }


Mime
View raw message