jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Time for jackrabbit-jcr-auth?
Date Tue, 19 Feb 2013 10:44:14 GMT
hi jukka

honestly, i fail to see the duplication apart from the fact the
there is a certain structure and flow of control given by the
java LoginModule base class.

the authentication in jackrabbit core was heavily depending on
jackrabbit core internals while the rewrite in oak doesn't make
use of JCR API altogether but only uses OAK API and the various
security related plugins (token provider API, principal look up
and so forth)...

in addition, what has been forced into a single login-module in
jackrabbit-core with a lot of ugly configuration options, has
been properly split up in oak in order to allow for proper
pluggability of different login-modules.

so, i don't see how a jackrabbit-jcr-auth module will add any benefit
in this particular situation... could it be that you mix your personal
view on how authentication may look like with the way it actually

in summary and based on the APIs used the level of repo intergration
is actually the same for both authorization and authentication.

kind regards

On 2/19/13 10:52 AM, Jukka Zitting wrote:
> Hi,
> When looking at the login() code for OAK-634 I realized that there's a
> a lot of duplication between jackrabbit-core and oak-core in this
> area.
> Would it make sense to split out the authentication code to something
> like jackrabbit-jcr-auth that could be used by both jackrabbit-core
> and oak-core.
> AFAICT there aren't too many places in the authentication code that
> require deep integration with the repository internals (unlike in
> authorization), so it should be possible to extract the relevant code
> to a separate component. Or am I mistaken?
> BR,
> Jukka Zitting

View raw message