Return-Path: Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: (qmail 60778 invoked from network); 18 Jun 2009 09:25:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 18 Jun 2009 09:25:25 -0000 Received: (qmail 80969 invoked by uid 500); 18 Jun 2009 09:25:36 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 80903 invoked by uid 500); 18 Jun 2009 09:25:36 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 80895 invoked by uid 99); 18 Jun 2009 09:25:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 09:25:36 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Jun 2009 09:25:28 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D9731234C1ED for ; Thu, 18 Jun 2009 02:25:07 -0700 (PDT) Message-ID: <1970759082.1245317107889.JavaMail.jira@brutus> Date: Thu, 18 Jun 2009 02:25:07 -0700 (PDT) From: "angela (JIRA)" To: dev@jackrabbit.apache.org Subject: [jira] Updated: (JCR-1977) authentication order has changed from 1.4.x to 1.5.x In-Reply-To: <301499795.1234428839628.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/JCR-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] angela updated JCR-1977: ------------------------ Component/s: security > authentication order has changed from 1.4.x to 1.5.x > ---------------------------------------------------- > > Key: JCR-1977 > URL: https://issues.apache.org/jira/browse/JCR-1977 > Project: Jackrabbit Content Repository > Issue Type: Bug > Components: jackrabbit-core, security > Affects Versions: 1.5.0, 1.5.2 > Environment: JBoss 4.0.5 + deployed Liferay 4.2.2 on any Platform > Reporter: Thomas Fromm > Assignee: angela > Priority: Critical > Fix For: 2.0.0 > > > In 1.4.x inside RepositoryImpl.login(...) at first the local configuration is checked for configured LoginModules and after it was unsuccessful, the JAAS component is asked: > AuthContext authCtx; > LoginModuleConfig lmc = repConfig.getLoginModuleConfig(); > if (lmc == null) { > authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials); > } else { > ... > With 1.5.x this behaviour has moved to SimpleSecurityManager.init(..) and is changed: > LoginModuleConfig loginModConf = config.getLoginModuleConfig(); > authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf); > if (authCtxProvider.isJAAS()) { > log.info("init: using JAAS LoginModule configuration for " + config.getAppName()); > } else if (authCtxProvider.isLocal()) { > ... > The problem is with JBoss JAAS implemantation, that authCtxProvider.isJAAS() is always true. > Because for any reason, the result of Configuration.getAppConfigurationEntry(appName) is never empty, > when a jaas.config is specified for Liferay. Using different appName takes no effect, always the configuration inside the jaas.config is used. > I think still first the local configuration should be concerned, before using JAAS. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.