jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <tri...@adobe.com>
Subject Re: Make "Whiteboard" accessible through ContentRepository
Date Thu, 13 Feb 2014 09:32:16 GMT
hi,

On Thursday, February 13, 2014, Chetan Mehrotra <chetan.mehrotra@gmail.com>
wrote:

> On Thu, Feb 13, 2014 at 12:45 PM, Tobias Bocanegra <tripod@apache.org<javascript:;>>
> wrote:
> > I don't quite follow. can you give an example of what would be in the
> > jaas.conf and where you instantiate the ProxyLoginModule ?
>
> A rough sketch would be ...
>
> jaas.config
>
> ----
> oakAuth {
> org.apache.jackrabbit.oak.security.ProxyLoginModule REQUIRED
>
> loginModuleFactoryClass="org.apache.jackrabbit.oak.security.LdapLoginModuleFactory"
>     authIdentity="{USERNAME}"
>     useSSL=false
>     debug=true;
> };
> ----
>
> public class ProxyLoginModule implements LoginModule{
>     private LoginModule delegate;
>
>     public void initialize(Subject subject, CallbackHandler
> callbackHandler,
>         Map<String, ?> sharedState, Map<String, ?> options){
>         LMFactoryProviderCallBack lmfcb = new LMFactoryProviderCallBack()
>         factory =  callbackHandler.handle([lmfcb]);
>         LoginModuleFactory factory = lmfcb.getLoginModuleFactoryProvider()
>
> .getFactory(options.get(loginModuleFactoryClass));
>         delegate = factory.createLoginModule();
>         delegate.initialize(subject, callbackHandler, sharedState,
> options);
>     }
>
>     ...
>     //Use delegate for other operations
> }
>
> The flow would involve following steps
>
> 1. User mentions the ProxyLoginModule in jaas entry and provide the
> factory class name in the config. JAAS logic would be instantiating
> the Proxy LM
> 2. Oak provides a callback using which Proxy LM can obtain the factory
> 3. Upon init the proxy would initialize the delegate from factory
> 4. The delegate is used for later calls
> 5. LM if required can still use the config from jaas or ot is
> configured via factory itself
>
> Note here I preferred using the callback to get LM access the outer
> layer services instead of using a custom config.
>
> The custom config mode works fine in standalone case where the
> application is the sole user of JAAS system. Hence it works fine for
> Karaf/OSGi env But that might not work properly in App server env
> where app server itself uses jaas. So to avoid interfering in embedded
> mode callback should be preferred.
>
> Chetan Mehrotra
>
ok, that how I thought it would be. if we can live with the restriction
that we need to use a proxy login module for our LMs, we're good.

btw: if you look at the current ExternalLoginModule , I already used a LMF
but only for the osgi case. if we could use a ProxyLM, that would simplify
the code a lot.

regards Toby

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message