jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Harris" <michael.e.har...@gmail.com>
Subject Re: question on jaas config
Date Wed, 20 Aug 2008 12:52:05 GMT
For our app we wanted each session associated with a user.  Our application
does not use JAAS; our authentication is handled at the organization level.
I got around it by extending the JcrSessionFactory (using spring  modules)
to associate the User information (we have a lightweight User object with id
and role on a threadlocal) and just putting the user name on the simple
credentials instance that is used to generate the JR session.

Would the "correct" way have been to use JAAS regardless of the fact that
our authentication is handled by a custom system, or is the solution
described above acceptable?

On Wed, Aug 20, 2008 at 3:57 AM, Angela Schreiber <anchela@day.com> wrote:

> Warner Onstine wrote:
>> Or I just found this comment in the repository DTD:
>> "the LoginModule element optionally specifies a JAAS login module to
>>    authenticate users. This feature allows the use of Jackrabbit in a
>>    non-JAAS environment."
>> Is it possible to use a different type of LoginModule? If so what do I
>> need to do here? Another interface I need to implement?
> http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/spi/LoginModule.html
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html#Steps
> hope that helps
> angela

Michael Harris

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message