jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: Pluggable authentication
Date Fri, 04 Mar 2005 11:09:33 GMT
Stefan Guggisberg wrote:

>On Wed, 02 Mar 2005 15:26:50 +0100, Sylvain Wallez <sylvain@apache.org> wrote:
>  
>
>>The benefit would be to avoid having to tweak the JVM-wide settings
>>required by JAAS. A lot of webapps use custom authentication schemes and
>>can be deployed without requiring changes to the system configuration.
>>
>>I'm no JAAS expert, but AFAIK it's not possible to specify a "local"
>>security policy related either to a thread or a classloader, hence the
>>proposal to be able to specify a custom authenticator in repository.xml,
>>that could delegate authentication to enclosing environment.
>>    
>>
>
>first of all, i'm not a jaas expert neither ;)
>
>i guess the best solution would be adding an optional config entry
>that specifies the LoginModule that jackrabbit should use to authenticate users.
>
>if such an entry exists, jackrabbit would instantiate the LoginModule
>'manually',
>i.e. it would ignore the jaas environment. 
>
>if no LoginModule is configured in repository.xml, it would do the
>authentication
>the standard jaas way, i.e. 
>
>lc = new LoginContext(...);
>lc.login();
>
>what do you think? would that resolve your issue?
>  
>

Yes, this is a very good way to go, as it allows to still use JAAS APIs 
(why reinvent our own?) while allowing a local configuration.

+1 !

>btw: since jukka volunteered to refactor the configuration related code,
>i would wait with that change until he's finished.
>  
>

No problem.

Sylvain

-- 
Sylvain Wallez                                  Anyware Technologies
http://www.apache.org/~sylvain           http://www.anyware-tech.com
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }


Mime
View raw message