Return-Path: X-Original-To: apmail-jackrabbit-dev-archive@www.apache.org Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D9C1ED8A4 for ; Mon, 10 Sep 2012 15:28:50 +0000 (UTC) Received: (qmail 37451 invoked by uid 500); 10 Sep 2012 15:28:50 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 37344 invoked by uid 500); 10 Sep 2012 15:28:50 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 37337 invoked by uid 99); 10 Sep 2012 15:28:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Sep 2012 15:28:50 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of chetan.mehrotra@gmail.com designates 209.85.223.170 as permitted sender) Received: from [209.85.223.170] (HELO mail-ie0-f170.google.com) (209.85.223.170) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Sep 2012 15:28:46 +0000 Received: by ieak14 with SMTP id k14so6768551iea.1 for ; Mon, 10 Sep 2012 08:28:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=P0qCt1tLWur8PqBB6G/mh/8JfqodPaWB/CxQjmlSldI=; b=DNoLdNigiOMb5sNFecwzr73dovNgxVnowJ7/cHLEgreCfYIwSxrnrXI4nL8OdX0ILS tZJSQb1UbvLOY52tr2Bzx1uXOWX7PBhXk/Tev9qkWmqCnWh64wOiW71KM8ogPIY0CJ/i 0ni/ljVUInAvfvJq+xMi4ThX+mz/UjrdgyhPNHXL2aRzxhh9ztA8N28d8YWeigNnPjm7 MlCDbYrh/D4IWAD6gONwRYzsu7HMitkyGJUR59bez1j1d2gnR+M6qz8oUDrxG/8NNBJy x00uZm+UU9JdAzaG+LJOZdTCvtv8mGgRLo9AQx4dpQzFSTyYh4/olvrXSBa+G3EgURcS ZnTA== MIME-Version: 1.0 Received: by 10.50.170.40 with SMTP id aj8mr11953987igc.40.1347290905633; Mon, 10 Sep 2012 08:28:25 -0700 (PDT) Received: by 10.42.163.70 with HTTP; Mon, 10 Sep 2012 08:28:25 -0700 (PDT) Date: Mon, 10 Sep 2012 20:58:25 +0530 Message-ID: Subject: Improving Jackrabbit integration with OSGi - JAAS From: Chetan Mehrotra To: dev@jackrabbit.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Jackrabbit relies on JAAS to perform principal authentication. However using JAAS in OSGi environment is often tricky because of classloading issues. I have done a poc to get JAAS work better in OSGi env. The relevant changes done in Sling and Jackrabbit are available at Git fork [1] and [6]. It involved adding a new JAAS support bundle in Sling and using new ConfigurationSpi [2] support added in JDK 1.6 . For this to work some changes were done in Jackrabbit code to make use of the new feature. For complete details refer to wiki entry at [3] and code diff [5] At high level following changes were done in Jackrabbit * Make use of new method Configuration.getInstance(ConfigAlgoName,InputParams,ProviderName) to obtain JAAS config in JAASAuthContext class to fetch configuration * Expose a new attribute jaasConfigProviderName in Security element of repository configuration. With these changes done it would be possible to plugin in custom JAAS LoginModules without using fragment. Instead the usual way of extending the AbstractLoginModule can be used. Also it would be possible to make use of various features provided by OSGi env like dynamic configuration updates, dependency injection etc. It would be helpful to have such a feature be part of JR Core. Thoughts? Chetan Mehrotra [1] https://github.com/chetanmeh/jackrabbit/tree/jaas-osgi [2] http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/ConfigurationSpi.html [3] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling [4] http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/Configuration.html#getInstance(java.lang.String,%20javax.security.auth.login.Configuration.Parameters,%20java.lang.String) [5] https://github.com/chetanmeh/jackrabbit/compare/jaas-osgi [6] https://github.com/chetanmeh/sling/tree/jaas-osgi [7] https://github.com/chetanmeh/jackrabbit/compare/jaas-osgi.patch