jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <tri...@apache.org>
Subject Re: Make "Whiteboard" accessible through ContentRepository
Date Thu, 13 Feb 2014 18:06:08 GMT
Hi,

On Thu, Feb 13, 2014 at 8:34 AM, Jukka Zitting <jukka.zitting@gmail.com> wrote:
> On Wed, Feb 12, 2014 at 10:15 AM, Tobias Bocanegra <tripod@apache.org> wrote:
>> But this LoginBackend is in the end something similar like a
>> specialized ServiceRegistry. So why not use the whiteboard instead?
>
> You're seeing service registries everywhere. :-)
I'm having nightmares of them :-) !

> No, the idea of the LoginBackend is to be contain all the
> authentication logic that uses whatever dependencies that are needed.
> See the end of this message for a quick draft of how this could work.

Well, but the LoginBackend would be specific to the type of
LoginModule. For LDAP its the LDAP backend, for repository users, its
the OakUserLoginBackend, etc. How would you wire this to the specific
LoginModule instance?

> Or we could even use a delegate LoginModule like in the
> ProxyLoginModule case Chetan described.
(I'll fork that thread and respond there)

Regards, Toby

>
> BR,
>
> Jukka Zitting
>
>
> // MyLoginModule.java
>
> public class MyLoginModule implements LoginModule {
>
>     private Subject subject;
>
>     private CallbackHandler callbackHandler;
>
>     private LoginBackend backend;
>
>     private boolean success;
>
>     private final Set<Principal> principals = newHashSet();
>
>     private final Set<Object> credentials = newHashSet();
>
>     // can be overridden to work with LoginModuleFactory, or other
> binding mechanisms
>     protected LoginBackend getLoginBackend(Map<String, ?> options) {
>         return (LoginBackend) options.get(LoginBackend.class.getName());
>     }
>
>     @Override
>     public void initialize(
>             Subject subject, CallbackHandler callbackHandler,
>             Map<String, ?> sharedState, Map<String, ?> options) {
>         this.subject = subject;
>         this.callbackHandler = callbackHandler;
>         this.backend = getLoginBackend(options);
>         this.success = false;
>     }
>
>     @Override
>     public boolean login() throws LoginException {
>         if (backend == null) {
>             return false;
>         }
>
>         // Perform login using credential information from callbackHandler.
>         // Return authenticated principals and the used credentials in the
>         // given sets. Throw LoginException if authentication fails.
>         backend.login(callbackHandler, principals, credentials);
>         success = true;
>         return true;
>     }
>
>     @Override
>     public boolean commit() throws LoginException {
>         if (backend == null) {
>             return false;
>         }
>
>         if (success) {
>             // add login details to the subject
>             subject.getPrincipals().addAll(principals);
>             subject.getPublicCredentials().addAll(credentials);
>         } else {
>             // clear state
>             principals.clear();
>             credentials.clear();
>         }
>         return true;
>     }
>
>     @Override
>     public boolean abort() throws LoginException {
>         if (backend == null) {
>             return false;
>         }
>
>         // clear state
>         principals.clear();
>         credentials.clear();
>         success = false;
>         return false;
>     }
>
>     @Override
>     public boolean logout() throws LoginException {
>         if (backend == null) {
>             return false;
>         }
>
>         if (success) {
>             // remove login details from the subject
>             subject.getPrincipals().removeAll(principals);
>             subject.getPublicCredentials().removeAll(credentials);
>         }
>
>         // clear state
>         principals.clear();
>         credentials.clear();
>         success = false;
>         return true;
>     }
>
> }

Mime
View raw message