jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcel Reutegger (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2358) Prefer JAAS configuration if present
Date Fri, 16 Oct 2009 12:04:31 GMT

    [ https://issues.apache.org/jira/browse/JCR-2358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766510#action_12766510

Marcel Reutegger commented on JCR-2358:

I see your point about the issues with JAAS configuration files. I also faced them several
times. Though, I have to say, that's also our fault, because of code such as:

        // check if jaas-loginModule or fallback is configured
        Configuration logins = null;
        try {
            logins = Configuration.getConfiguration();
        } catch (Exception e) {
            // means no JAAS configuration file OR no permission to read it

You'd get syntax errors as an exception, but we ignore them :-/

But still, it is difficult to distinguish between syntax errors and e.g. no configuration
at all. In both cases you get a SecurityException, only differing in their message.

> Prefer JAAS configuration if present
> ------------------------------------
>                 Key: JCR-2358
>                 URL: https://issues.apache.org/jira/browse/JCR-2358
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core
>    Affects Versions: 1.6.0
>            Reporter: Marcel Reutegger
>            Priority: Minor
> Contrary to JavaDoc the AuthContextProvider prefers the local configuration in repository.xml.
When the class was first introduced in 1.5, the implementation did what was documented, but
then JCR-1977 was reported. I think we shouldn't have fixed it that way. Prefering JAAS over
the local configuration makes sense IMO and works well if Configuration.getAppConfigurationEntry()
is correctly implemented and behaves as specified/expected.
> I suggest we revert to the 1.5 preference sequence and introduce a parameter that instructs
the AuthContextProvider to ignore the JAAS configuration (as a workaround for the buggy application

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message