jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Gritman (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-1977) authentication order has changed from 1.4.x to 1.5.x
Date Mon, 01 Jun 2009 19:03:08 GMT

    [ https://issues.apache.org/jira/browse/JCR-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12715206#action_12715206
] 

Jason Gritman commented on JCR-1977:
------------------------------------

We created a workaround for this issue by subclassing org.apache.jackrabbit.core.security.authentication.AuthContextProvider
and overridding isJAAS() to always return false. 

Next we had to create a complete copy of org.apache.jackrabbit.core.security.simple.SimpleSecurityManager
and have it call our new AuthContextProvider class in the init() method instead of the old
one.

Finally we added a <SecurityManager> element to our repository configuration referencing
the new class.

It seems like this issue could be fixed by allowing the <SecurityManger> node to pass
in a param for enabling/disabling JAAS.  This flag could then be passed to AuthContextProvider.

> authentication order has changed from 1.4.x to 1.5.x
> ----------------------------------------------------
>
>                 Key: JCR-1977
>                 URL: https://issues.apache.org/jira/browse/JCR-1977
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core
>    Affects Versions: 1.5.0, 1.5.2
>         Environment: JBoss 4.0.5 + deployed Liferay 4.2.2 on any Platform
>            Reporter: Thomas Fromm
>            Priority: Critical
>
> In 1.4.x inside RepositoryImpl.login(...) at first the local configuration is checked
for configured LoginModules and after it was unsuccessful, the JAAS component is asked:
>           AuthContext authCtx;
>             LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
>             if (lmc == null) {
>                         authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials);
>             } else {
> ...
> With 1.5.x this behaviour has moved to SimpleSecurityManager.init(..) and is changed:
>         LoginModuleConfig loginModConf = config.getLoginModuleConfig();
>         authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
>         if (authCtxProvider.isJAAS()) {
>             log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
>         } else if (authCtxProvider.isLocal()) {
> ...
> The problem is with JBoss JAAS implemantation, that authCtxProvider.isJAAS()  is always
true.
> Because for any reason, the result of Configuration.getAppConfigurationEntry(appName)
is never empty,
> when a jaas.config is specified for Liferay. Using different appName takes no effect,
always the configuration inside the jaas.config is used.
> I think still first the local configuration should be concerned, before using JAAS.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message