jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Micah Whitacre" <mkwhita...@gmail.com>
Subject JSR 283 and PrincipalProviders
Date Wed, 04 Jun 2008 18:55:51 GMT
Hey all,
  For a project I'm trying to make use of the JSR 283 Access Control
(6.11) API.  I know the implementations are currently in flux and it
is caveat emptor as far as consuming the available API/impl.  But I do
have some questions about what is currently available specifically
concerning Principals and implementing/configuring a
PrincipalProvider.  Currently in my repository.xml file I have the
<Security/> section configured to use the DefaultAccessManager,
DefaultLoginModule, and DefaultSecurityManager.  I do this because of
the available AccessControlManager impls, DefaultAccessManager is the
only one to support the API for things like
addAccessControlEntry(...)/getACE(...)/hasPrivileges(...) and similar
API.
  I'm using the AccessControlManager/ACE API to control access to an
unknown number of Principals which will not have a predictable "name".
 Therefore defining id's in the repository.xml file such as "adminId",
"anonymousId", and "defaultUserId" isn't really an option.  However if
I don't define ids in the repository.xml file I get messages saying
the "LoginModule ignored the credentials".  Looking through the code I
came to the conclusion I'd need to write a PrincipalProvider that
would support the multiple Principals with various names.  Is that a
correct assumption?
  The next question I have is what is the proper way to configure
usage of my custom PrincipalProvider?  In the repository.xml file I
have the following:

    <Security appName="Jackrabbit">
        <AccessManager
            class="org.apache.jackrabbit.core.security.DefaultAccessManager">
        </AccessManager>
        <LoginModule
            class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
            <param name="principalprovider"
value="com.foo.BasicPrincipalProvider"/>
        </LoginModule>
      <SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager">
      </SecurityManager>
    </Security>

And running a test that calls RepositoryImpl.login(Credentials) gives
me the following stack trace:

javax.jcr.LoginException:
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
does not support 'principalprovider:
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
does not support 'principalprovider:
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
does not support 'principalprovider
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1353)
	at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:53)
       ...
Caused by: javax.security.auth.login.LoginException:
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
does not support 'principalprovider
	at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:68)
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1346)
	... 22 more
javax.security.auth.login.LoginException:
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
does not support 'principalprovider
	at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:68)
	at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1346)
	at org.apache.jackrabbit.commons.AbstractRepository.login(AbstractRepository.java:53)

Do none of the available LoginModules (default and simple) support
setting a custom PrincipalProvider?  I see how it is used in the
AbstractLoginModule.initialize(...) method but this exception is
thrown before it ever gets to that method.

Thanks in advance for you help,
Micah

Mime
View raw message