jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JCR-2355) Support easy pre-authenticated login
Date Thu, 15 Oct 2009 11:24:31 GMT

    [ https://issues.apache.org/jira/browse/JCR-2355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766020#action_12766020

Felix Meschberger commented on JCR-2355:

I agree that the security might be hampered with when this is used unknowningly.

Still, it must explicitly be enabled on a repository configuration level and the default is,
that it is not enabled.

I am perfectly ok to raise the requirements for the attribute above the basic presence. For
example, we could say, the attribute must be set to a session which has certain access rights.
This would limit the use of this functionality to code, which already has access to the repository
at a certain level.

On another you raised your veto. Do you stand by this veto ? In this case, since you are a
member of the PMC, I would have to remove the code again.

> Support easy pre-authenticated login
> ------------------------------------
>                 Key: JCR-2355
>                 URL: https://issues.apache.org/jira/browse/JCR-2355
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core
>    Affects Versions: 2.0-alpha11
>            Reporter: Felix Meschberger
>             Fix For: 2.0-alpha12
>         Attachments: JCR-2355.patch
> Some applications authenticate users themselves and just need to access the repository
on behalf of these pre-authenticated users.
> Examples of such pre-authentications include SSO solutions or web applications using
a web-based authentication protocol not easily implementable in a JAAS LoginModule, for example
OpenID or similar.
> In such situations a password may not be provided in SimpleCredentials and thus regular
login with user name and password is not possible.
> Therefore I propose the enhancement of the AbstractLoginModule to allow for setting a
specific attribute in the SimpleCredentials attribute map. If this attribute is set, authentication
and login succeeds and a session for the user named in the SimpleCredentials is created.
> As a starter we might just check for the presence of the attribute.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message