jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "harvey waters" <harvey.wat...@googlemail.com>
Subject Re: Question regarding Custom Authentication and Authorization with springmodules
Date Wed, 02 Apr 2008 10:45:29 GMT
I use Spring Modules, Acegi and JackRabbit. My configuration uses the acegi
context object. I had to create my own Session Factoryobject that was able
use Spring's "lookup-method" to tie the whole thing together. Its
complicated but it works. Acegi looks after all the authentication and
jackrabbit (+ my own acl stuff) looks after authorisation of the content.

It took a while to get going but Acegi enables me to configure different
authentication types (I use NTLM for windows single sign on) and JackRabbit
allows me to do content authorisation to a very low level of granularity.

Before we get caught by Jukka, I guess I should state that this thread
should be on the 'users' mail list rather than the developers ;)

<bean id="securityContext" scope="prototype"
        class="org.acegisecurity.context.SecurityContextHolder"
        factory-method="getContext">
    </bean>

    <bean id="authentication" scope="prototype"
        factory-bean="securityContext" factory-method="getAuthentication">
    </bean>

    <bean id="principalBean" scope="prototype"
        factory-bean="authentication" factory-method="getName">
    </bean>
<bean id="credentials" class="javax.jcr.SimpleCredentials"
        scope="prototype">
        <constructor-arg index="0">
            <ref bean="principalBean" />
        </constructor-arg>
        <constructor-arg index="1">
            <bean factory-bean="password" factory-method="toCharArray" />
        </constructor-arg>
    </bean>

    <bean id="jcrsessionFactory" scope="singleton"
class="com.MyOwnImplemetation.JcrSessionFactory">
        <constructor-arg index="0" >
            <ref bean="sessionHolderProvider"/>
        </constructor-arg>
        <property name="repository">
            <ref bean="repository" />
        </property>
        <lookup-method name="getUSERCredentials" bean="credentials" />
    </bean>





On Wed, Apr 2, 2008 at 11:13 AM, Anand Bhagwat <abbhagwatgm@gmail.com>
wrote:

> Hi,
> I intend to use jackrabbit with custom authentication and authorization.
> So
> each user which logs in to application would have different access rights
> on
> repository and typically he would be having a separate session. I am also
> planning to use springmodules for JCR and I saw some samples for it. Below
> is one such sample.
> But the problem in this approach is that JcrSessionFactory is been
> initialized with a fix set of credentials. So my question is there any way
> that I can use custom authentication and authorization and still use
> springmodules to get benefits offered by springmodules like declarative
> transactions, JcrTemplate etc.
>
> Spring Context -->
>
>    <bean id="repository"
> class="org.springmodules.jcr.jackrabbit.RepositoryFactoryBean">
>      <!-- normal factory beans params -->
>      <property name="configuration"
> value="classpath:jackrabbit-repo.xml"/>
>      <property name="homeDir" value="/repo"/>
>    </bean>
>
>    <bean id="sessionFactory"
> class="org.springmodules.jcr.JcrSessionFactory">
>      <property name="repository" ref="repository"/>
>      <property name="credentials">
>       <bean class="javax.jcr.SimpleCredentials">
>        <constructor-arg index="0" value="bogus"/>
>        <!-- create the credentials using a bean factory -->
>        <constructor-arg index="1">
>         <bean factory-bean="password"
>              factory-method="toCharArray"/>
>        </constructor-arg>
>       </bean>
>      </property>
>    </bean>
>
>    <!-- create the password to return it as a char[] -->
>    <bean id="password" class="java.lang.String">
>      <constructor-arg index="0" value="pass"/>
>    </bean>
>
>    <bean id="jcrTemplate" class="org.springmodules.jcr.JcrTemplate">
>      <property name="sessionFactory" ref="sessionFactory"/>
>      <property name="allowCreate" value="true"/>
>    </bean>
>
> Thanks,
> Anand.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message