jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-351) Default to superuser access when JAAS is not configured
Date Mon, 13 Mar 2006 14:21:01 GMT
    [ http://issues.apache.org/jira/browse/JCR-351?page=comments#action_12370186 ] 

Jukka Zitting commented on JCR-351:
-----------------------------------

The problem with SimpleLoginModule (and in fact any AccessManager that would want to provide
some default access level) is that it only works if the user has provided a Credentials instance
to the Session.login() method. If you use empty Session.login() signature, that would be the
reasonable default for cases where you have not specified any explicit user accounts, RepositoryImpl.login()
will throw an LoginException saying "No Subject associated with AccessControlContext".

This example class:

    import javax.jcr.*;
    import org.apache.jackrabbit.core.TransientRepository;
    public class Example {
        public static void main(String[] args) {
            try {
                Repository repository = new TransientRepository();
                Session session = repository.login();
                session.logout();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

will output:

    javax.jcr.LoginException: No Subject associated with AccessControlContext
            at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1064)
            at org.apache.jackrabbit.core.TransientRepository.login(TransientRepository.java:319)
            at org.apache.jackrabbit.core.TransientRepository.login(TransientRepository.java:371)
            at Example.main(Example.java:7)

When run without JAAS configuration.


> Default to superuser access when JAAS is not configured
> -------------------------------------------------------
>
>          Key: JCR-351
>          URL: http://issues.apache.org/jira/browse/JCR-351
>      Project: Jackrabbit
>         Type: Improvement
>   Components: security
>     Versions: 0.9
>     Reporter: Jukka Zitting
>     Priority: Minor

>
> Even though JCR-348 made easier to start a Jackrabbit repository with default configuration,
the user still needs to take care of the JAAS configuration. It would be more user-friendly
to log a warning and default to superuser access rather than throwing a LoginException when
JAAS has not been configured. This behaviour should be limited to only default credential
logins (Session.login() with null Credentials) and it should be possible to disable it with
a configuration option. We could even have this behaviour disabled by default, but enabled
in the configuration file used with the JCR-348 automatic configuration.
> This is a case against the "secure by default" design principle, but I think that in
this case the benefits in easier setup outweight the security drawbacks, especially if coupled
with the above restrictions and a clear documentation note about the insecure default.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message