jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JCR-351) Default to anonymous access when no Credentials are given
Date Wed, 15 Mar 2006 07:22:55 GMT
     [ http://issues.apache.org/jira/browse/JCR-351?page=all ]

Jukka Zitting updated JCR-351:
------------------------------

    Attachment: null-credentials.patch

Attached a patch that fixes this issue by defaulting to anonymous access when no credentials
are given in Session.login() and JAAS is not configured. I also added a defaultUserId configuration
option to SimpleLoginModule that allows null credentials to be mapped to some other user than
anonymous.

The patch contains the following changes:

   * RepositoryImpl: Pass null Credentials to a LoginModule for interpretation rather than
directly throwing an exception when a JAAS Subject is not available.
   * SimpleLoginModule: Default to anonymous access when null Credentials are given. Added
(disabled by default) a defaultUserId property  for using some other user than anonymous by
default.
   * repository.xml: Added a note about the new defaultUserId property and a commented out
example on how to use it.

The only impact on existing environments is that null Credentials will now be passed to configured
LoginModules with CredentialsCallback.setCallback(null) instead of explicitly throwing a LoginException
when a JAAS Subject is not available.

I'd like to have this issue as well included in 1.0, as it considerably helps to simplify
initial setup. Please comment if you see any problems with this approach or think that the
change is too risky for inclusion in 1.0.

> Default to anonymous access when no Credentials are given
> ---------------------------------------------------------
>
>          Key: JCR-351
>          URL: http://issues.apache.org/jira/browse/JCR-351
>      Project: Jackrabbit
>         Type: Improvement
>   Components: security
>     Versions: 0.9
>     Reporter: Jukka Zitting
>     Assignee: Jukka Zitting
>     Priority: Minor
>  Attachments: null-credentials.patch
>
> Even though JCR-348 made easier to start a Jackrabbit repository with default configuration,
the user still needs to take care of the JAAS configuration. It would be more user-friendly
to log a warning and default to superuser access rather than throwing a LoginException when
JAAS has not been configured. This behaviour should be limited to only default credential
logins (Session.login() with null Credentials) and it should be possible to disable it with
a configuration option. We could even have this behaviour disabled by default, but enabled
in the configuration file used with the JCR-348 automatic configuration.
> This is a case against the "secure by default" design principle, but I think that in
this case the benefits in easier setup outweight the security drawbacks, especially if coupled
with the above restrictions and a clear documentation note about the insecure default.
> [Update: As mentioned by Stefan, this is  not a JAAS configuration issue but a problem
in handling null Credentials. A more proper alternative for superuser access would be to default
to anonymous access when credentials are not given.]

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message