jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Darton" <pet...@intrinsica.co.uk>
Subject User authentication
Date Mon, 05 Dec 2005 16:57:08 GMT
Ok, after many trials and tribulations, I've finally got a standalone
JackRabbit "daemon" that makes a (or multiple) Jackrabbit repositories
available via RMI, and I've got the jcr-contrib code to provide WebDAV
access to it (and I've even written some standalone programs that
connect via RMI, do things, and then save & disconnect).  It's been a
"learning experience" :-)


What I can't seem to figure out is how to restrict access to the
repository (or the data therein) in any way.
At present, if I connect using DAV Explorer (or WinXP, or Novell
NetDrive), it pops up a request for a username and password, but it
accepts anything - any username and any password.
There seems to be no authentication of usernames, and the only evidence
of any authorization code that I've seen is that, if one sets the
"anonymousId" to "anonymous" and then logs in as "anonymous", you get a
read-only view instead of full read-write.

Now, according to
http://incubator.apache.org/jackrabbit/xref/org/apache/jackrabbit/core/s
ecurity/SimpleLoginModule.html#124 it looks rather like security is just
one of the things on the "to do" list, and has yet to be addressed.

Is this true, or am I missing something.

I'd like to be able to have some form of username/password
authentication and authorization going on (ultimately, I'd like to use
LDAP), but I currently see no way of doing this with the current code.
Is this not possible with the current codebase?

I'd appreciate any hints as to what to do / look at next...

Thanks,

  Peter

_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered
by MessageLabs. For further information visit http://www.mci.com

Mime
View raw message