jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2358) Prefer JAAS configuration if present
Date Fri, 16 Oct 2009 14:35:31 GMT

    [ https://issues.apache.org/jira/browse/JCR-2358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766544#action_12766544
] 

Felix Meschberger commented on JCR-2358:
----------------------------------------

I concurr with Jukka, that we should not revert the behaviour. It should be an explicit decision
to use external JAAS as opposed to internal configuration. Maybe we could even add an option
to the login module configuration, which says "use JAAS".

If this "use JAAS" option is not set and configuration missing, this would be a configuration
error.
If this "use JAAS" options is set, JAAS is used and any existing configuration in repository.xml
would be ignored. And if in this case the JAAS configuration cannot be loaded, this would
again be a configuration error.

> Prefer JAAS configuration if present
> ------------------------------------
>
>                 Key: JCR-2358
>                 URL: https://issues.apache.org/jira/browse/JCR-2358
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core
>    Affects Versions: 1.6.0
>            Reporter: Marcel Reutegger
>            Priority: Minor
>
> Contrary to JavaDoc the AuthContextProvider prefers the local configuration in repository.xml.
When the class was first introduced in 1.5, the implementation did what was documented, but
then JCR-1977 was reported. I think we shouldn't have fixed it that way. Prefering JAAS over
the local configuration makes sense IMO and works well if Configuration.getAppConfigurationEntry()
is correctly implemented and behaves as specified/expected.
> I suggest we revert to the 1.5 preference sequence and introduce a parameter that instructs
the AuthContextProvider to ignore the JAAS configuration (as a workaround for the buggy application
servers).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message