jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: Pluggable authentication
Date Fri, 04 Mar 2005 11:09:33 GMT
Stefan Guggisberg wrote:

>On Wed, 02 Mar 2005 15:26:50 +0100, Sylvain Wallez <sylvain@apache.org> wrote:
>>The benefit would be to avoid having to tweak the JVM-wide settings
>>required by JAAS. A lot of webapps use custom authentication schemes and
>>can be deployed without requiring changes to the system configuration.
>>I'm no JAAS expert, but AFAIK it's not possible to specify a "local"
>>security policy related either to a thread or a classloader, hence the
>>proposal to be able to specify a custom authenticator in repository.xml,
>>that could delegate authentication to enclosing environment.
>first of all, i'm not a jaas expert neither ;)
>i guess the best solution would be adding an optional config entry
>that specifies the LoginModule that jackrabbit should use to authenticate users.
>if such an entry exists, jackrabbit would instantiate the LoginModule
>i.e. it would ignore the jaas environment. 
>if no LoginModule is configured in repository.xml, it would do the
>the standard jaas way, i.e. 
>lc = new LoginContext(...);
>what do you think? would that resolve your issue?

Yes, this is a very good way to go, as it allows to still use JAAS APIs 
(why reinvent our own?) while allowing a local configuration.

+1 !

>btw: since jukka volunteered to refactor the configuration related code,
>i would wait with that change until he's finished.

No problem.


Sylvain Wallez                                  Anyware Technologies
http://www.apache.org/~sylvain           http://www.anyware-tech.com
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }

View raw message