jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabián Mandelbaum <fmandelb...@gmail.com>
Subject Re: question on jaas config
Date Thu, 21 Aug 2008 11:29:04 GMT
Another possible, though not as elegant, nor as sofisticated, as the one
implementing the LoginModule interface would be:

1) Authenticate the user with your 'usual' authentication code.

2) Once authenticated, pass that user's name and password to
SimpleCredentials constructor, and use those SimpleCredentials to login
to JackRabbit.

For example, something like:

User user = LDAPService.authenticate("user", "password");
Session session = null;
if (user != null) {
    try {
       Repository repository = getJCRRepo();
       session = repository.login(new
SimpleCredentials(user.getUsername(), user.getPassword()));
    }
    catch (Exception e) {
       log.error("Cannot login", e);
    }
}
else {
    log.error("Cannot authenticate, user and/or password is wrong");
}
if (session != null) {
    // Do something with the repo here
}

Needless to say, the getJCRRepo() call should give you a proper repo,
looked up using JNDI, or even a TransientRepository, whatever you will
use in your application. Also the LDAPService.authenticate() call is
supposed to take user and password as parameters, and authenticate those
against an LDAP directory, returning null if authentication fails, or a
non-null User object with some user params set. These two calls are just
examples, do it like you want on your code.

Actually, the session = repository... line could even be:

session = repository.login(new SimpleCredentials("john", "doe"));

or any other non-empty user/pass combination, because the user should
have already been authenticated by the LDAPService.authenticate call.

Hope this late, dirty, simple, workaround helps.

Michael Harris escribió:
> On Wed, Aug 20, 2008 at 9:53 AM, Alexander Klimetschek <aklimets@day.com>wrote:
>
>   
>> On Wed, Aug 20, 2008 at 2:52 PM, Michael Harris
>> <michael.e.harris@gmail.com> wrote:
>>     
>>> For our app we wanted each session associated with a user.  Our
>>>       
>> application
>>     
>>> does not use JAAS; our authentication is handled at the organization
>>>       
>> level.
>>
>> What do you mean by organization level?
>>     
>
>
> I mean that the organization for whom i work handles authentication across
> multiple applications with a single custom solution.
>
>
>
>   
>>     
>>> I got around it by extending the JcrSessionFactory (using spring
>>>       
>>  modules)
>>     
>>> to associate the User information (we have a lightweight User object with
>>>       
>> id
>>     
>>> and role on a threadlocal) and just putting the user name on the simple
>>> credentials instance that is used to generate the JR session.
>>>
>>> Would the "correct" way have been to use JAAS regardless of the fact that
>>> our authentication is handled by a custom system, or is the solution
>>> described above acceptable?
>>>       
>> The "correct" way would be to implement a JAAS LoginModule that uses
>> the User object you already have. Even if it would be always present
>> (ie. authentication would never fail with Jackrabbit), you still have
>> proper userid for things like JCR observation.
>>
>> Regards,
>> Alex
>>
>>
>> --
>> Alexander Klimetschek
>> alexander.klimetschek@day.com
>>
>>     
>
>
>
>   


Mime
View raw message