jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: Pluggable authentication
Date Thu, 03 Mar 2005 10:58:38 GMT
On Wed, 02 Mar 2005 15:26:50 +0100, Sylvain Wallez <sylvain@apache.org> wrote:

> The benefit would be to avoid having to tweak the JVM-wide settings
> required by JAAS. A lot of webapps use custom authentication schemes and
> can be deployed without requiring changes to the system configuration.
> 
> I'm no JAAS expert, but AFAIK it's not possible to specify a "local"
> security policy related either to a thread or a classloader, hence the
> proposal to be able to specify a custom authenticator in repository.xml,
> that could delegate authentication to enclosing environment.

first of all, i'm not a jaas expert neither ;)

i guess the best solution would be adding an optional config entry
that specifies the LoginModule that jackrabbit should use to authenticate users.

if such an entry exists, jackrabbit would instantiate the LoginModule
'manually',
i.e. it would ignore the jaas environment. 

if no LoginModule is configured in repository.xml, it would do the
authentication
the standard jaas way, i.e. 

lc = new LoginContext(...);
lc.login();

what do you think? would that resolve your issue?

btw: since jukka volunteered to refactor the configuration related code,
i would wait with that change until he's finished.

cheers
stefan

Mime
View raw message