jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: JAAS support
Date Fri, 04 Mar 2005 10:40:51 GMT
hi bertrand,

thanks for the patch. unfortunately it doesn't solve the issue and
it is imo dangerous. setting predefined system properties
from within an application can cause unpredictable side effects 
and should be avoided. 

please see the thread "Pluggable authentication" for a suggested 


>  * As the current implementation uses the <code>com.sun.security.auth.login.ConfigFile</code>
>   * as the current provider for the login configuration, the application

this is not correct. jackrabbit has no dependencies on 
com.sun.security.auth.login.ConfigFile. all it does is

lc = new LoginContext("name", callbackHandler);

i.e. it uses the installed Configuration, what ever that might be.

>  * All that is very boring and breaks compatibility.

sorry, i don't agree. i don't see why this would be 'boring'.
and what 'compatibilty' does it break? 


On Fri, 04 Mar 2005 11:03:03 +0100, Bertrand LEGA
<bertrand.lega@capgemini.com> wrote:
> It seems that my comment was stripped (by Thunderbird ? I don't know )
> So plesae, find below the description of the patch files sent earlier...
> Hello,
> I added the creation of the jaas config file if not present in the login
> method.
> In fact, the support for JAAS requires to set the env. variable, which
> break compatibility with exiting applications (namely crx).
> I'm not sure the login method is the best place to do so. Please advice,
> if ti should go elsewhere.
> So the code creates a jaasgenerated.config in the repository home dir if
> the env. variable (java.security.auth.login.config) is not set, and set
> the variable accordingly. So that applications that didn't use jaas
> don't have to bother about this jaas specific stuff (variable+config file).
> A better way would have been to look for a more suitable "configuration
> reader" for jaas, but I didn't had time, and resent to add a dependency
> to JackRabbit.
> Let me know, if you find that interesting. I attach the patch just in case.
> Regards,
> Bertrand Lega.
> This message contains information that may be privileged or confidential and is the property
of the Capgemini Group. It is intended only for the person to whom it is addressed. If you
are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,
 distribute, or use this message or any part thereof. If you receive this  message in error,
please notify the sender immediately and delete all  copies of this message.

View raw message