jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Fromm (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCR-1977) authentication order has changed from 1.4.x to 1.5.x
Date Thu, 12 Feb 2009 08:53:59 GMT
authentication order has changed from 1.4.x to 1.5.x

                 Key: JCR-1977
                 URL: https://issues.apache.org/jira/browse/JCR-1977
             Project: Jackrabbit Content Repository
          Issue Type: Bug
          Components: jackrabbit-core
    Affects Versions: 1.5.2, 1.5.0
         Environment: JBoss 4.0.5 + deployed Liferay 4.2.2 on any Platform
            Reporter: Thomas Fromm
            Priority: Critical

In 1.4.x inside RepositoryImpl.login(...) at first the local configuration is checked for
configured LoginModules and after it was unsuccessful, the JAAS component is asked:

          AuthContext authCtx;
            LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
            if (lmc == null) {
                        authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials);
            } else {

With 1.5.x this behaviour has moved to SimpleSecurityManager.init(..) and is changed:
        LoginModuleConfig loginModConf = config.getLoginModuleConfig();
        authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
        if (authCtxProvider.isJAAS()) {
            log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
        } else if (authCtxProvider.isLocal()) {

The problem is with JBoss JAAS implemantation, that authCtxProvider.isJAAS()  is always true.
Because for any reason, the result of Configuration.getAppConfigurationEntry(appName) is never
when a jaas.config is specified for Liferay. Using different appName takes no effect, always
the configuration inside the jaas.config is used.

I think still first the local configuration should be concerned, before using JAAS.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message