jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Harris" <michael.e.har...@gmail.com>
Subject Re: question on jaas config
Date Wed, 20 Aug 2008 14:25:56 GMT
On Wed, Aug 20, 2008 at 9:53 AM, Alexander Klimetschek <aklimets@day.com>wrote:

> On Wed, Aug 20, 2008 at 2:52 PM, Michael Harris
> <michael.e.harris@gmail.com> wrote:
> > For our app we wanted each session associated with a user.  Our
> application
> > does not use JAAS; our authentication is handled at the organization
> level.
>
> What do you mean by organization level?


I mean that the organization for whom i work handles authentication across
multiple applications with a single custom solution.



>
>
> > I got around it by extending the JcrSessionFactory (using spring
>  modules)
> > to associate the User information (we have a lightweight User object with
> id
> > and role on a threadlocal) and just putting the user name on the simple
> > credentials instance that is used to generate the JR session.
> >
> > Would the "correct" way have been to use JAAS regardless of the fact that
> > our authentication is handled by a custom system, or is the solution
> > described above acceptable?
>
> The "correct" way would be to implement a JAAS LoginModule that uses
> the User object you already have. Even if it would be always present
> (ie. authentication would never fail with Jackrabbit), you still have
> proper userid for things like JCR observation.
>
> Regards,
> Alex
>
>
> --
> Alexander Klimetschek
> alexander.klimetschek@day.com
>



-- 
---------------------
Michael Harris

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message