jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Guggisberg <stefan.guggisb...@gmail.com>
Subject Re: User authentication
Date Tue, 06 Dec 2005 09:20:38 GMT
hi peter

On 12/5/05, Peter Darton <peterd@intrinsica.co.uk> wrote:
> Ok, after many trials and tribulations, I've finally got a standalone
> JackRabbit "daemon" that makes a (or multiple) Jackrabbit repositories
> available via RMI, and I've got the jcr-contrib code to provide WebDAV
> access to it (and I've even written some standalone programs that
> connect via RMI, do things, and then save & disconnect).  It's been a
> "learning experience" :-)
>

feel free to share your "learning experience" with other jackrabbit users ;-)
i am sure that documentation patches (e.g. faq) would be very appreciated.

>
> What I can't seem to figure out is how to restrict access to the
> repository (or the data therein) in any way.
> At present, if I connect using DAV Explorer (or WinXP, or Novell
> NetDrive), it pops up a request for a username and password, but it
> accepts anything - any username and any password.
> There seems to be no authentication of usernames, and the only evidence
> of any authorization code that I've seen is that, if one sets the
> "anonymousId" to "anonymous" and then logs in as "anonymous", you get a
> read-only view instead of full read-write.
>
> Now, according to
> http://incubator.apache.org/jackrabbit/xref/org/apache/jackrabbit/core/s
> ecurity/SimpleLoginModule.html#124 it looks rather like security is just
> one of the things on the "to do" list, and has yet to be addressed.
>
> Is this true, or am I missing something.

nope, you're absolutely right.
see http://issues.apache.org/jira/browse/JCR-153.

>
> I'd like to be able to have some form of username/password
> authentication and authorization going on (ultimately, I'd like to use
> LDAP), but I currently see no way of doing this with the current code.
> Is this not possible with the current codebase?

well it is, with a little coding effort on your behalf ;-)  writing an
ldap based
AccessManager should be easy. you can use SimpleAccessManager
as a base/skeleton, the @todo comments indicate where you'd have to
insert your custom code.

and again, we would be very happy if you could contribute your implementation.
at least that's the spirit of open-source software development ;-)

cheers
stefan


>
> I'd appreciate any hints as to what to do / look at next...
>
> Thanks,
>
>   Peter
>
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services
- powered by MessageLabs. For further information visit http://www.mci.com
>

Mime
View raw message