jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Harris" <michael.e.har...@gmail.com>
Subject Re: question on jaas config
Date Thu, 21 Aug 2008 12:00:19 GMT
Fabian

that is essentially what I did, but just did it in an extension to the
JackrabbitSessionFactory that comes witht he spring modules.




On 8/21/08, Fabián Mandelbaum <fmandelbaum@gmail.com> wrote:
>
> Another possible, though not as elegant, nor as sofisticated, as the one
> implementing the LoginModule interface would be:
>
> 1) Authenticate the user with your 'usual' authentication code.
>
> 2) Once authenticated, pass that user's name and password to
> SimpleCredentials constructor, and use those SimpleCredentials to login
> to JackRabbit.
>
> For example, something like:
>
> User user = LDAPService.authenticate("user", "password");
> Session session = null;
> if (user != null) {
>    try {
>       Repository repository = getJCRRepo();
>       session = repository.login(new
> SimpleCredentials(user.getUsername(), user.getPassword()));
>    }
>    catch (Exception e) {
>       log.error("Cannot login", e);
>    }
> }
> else {
>    log.error("Cannot authenticate, user and/or password is wrong");
> }
> if (session != null) {
>    // Do something with the repo here
> }
>
> Needless to say, the getJCRRepo() call should give you a proper repo,
> looked up using JNDI, or even a TransientRepository, whatever you will
> use in your application. Also the LDAPService.authenticate() call is
> supposed to take user and password as parameters, and authenticate those
> against an LDAP directory, returning null if authentication fails, or a
> non-null User object with some user params set. These two calls are just
> examples, do it like you want on your code.
>
> Actually, the session = repository... line could even be:
>
> session = repository.login(new SimpleCredentials("john", "doe"));
>
> or any other non-empty user/pass combination, because the user should
> have already been authenticated by the LDAPService.authenticate call.
>
> Hope this late, dirty, simple, workaround helps.
>
> Michael Harris escribió:
> > On Wed, Aug 20, 2008 at 9:53 AM, Alexander Klimetschek <aklimets@day.com
> >wrote:
> >
> >
> >> On Wed, Aug 20, 2008 at 2:52 PM, Michael Harris
> >> <michael.e.harris@gmail.com> wrote:
> >>
> >>> For our app we wanted each session associated with a user.  Our
> >>>
> >> application
> >>
> >>> does not use JAAS; our authentication is handled at the organization
> >>>
> >> level.
> >>
> >> What do you mean by organization level?
> >>
> >
> >
> > I mean that the organization for whom i work handles authentication
> across
> > multiple applications with a single custom solution.
> >
> >
> >
> >
> >>
> >>> I got around it by extending the JcrSessionFactory (using spring
> >>>
> >>  modules)
> >>
> >>> to associate the User information (we have a lightweight User object
> with
> >>>
> >> id
> >>
> >>> and role on a threadlocal) and just putting the user name on the simple
> >>> credentials instance that is used to generate the JR session.
> >>>
> >>> Would the "correct" way have been to use JAAS regardless of the fact
> that
> >>> our authentication is handled by a custom system, or is the solution
> >>> described above acceptable?
> >>>
> >> The "correct" way would be to implement a JAAS LoginModule that uses
> >> the User object you already have. Even if it would be always present
> >> (ie. authentication would never fail with Jackrabbit), you still have
> >> proper userid for things like JCR observation.
> >>
> >> Regards,
> >> Alex
> >>
> >>
> >> --
> >> Alexander Klimetschek
> >> alexander.klimetschek@day.com
> >>
> >>
> >
> >
> >
> >
>
>


-- 
---------------------
Michael Harris

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message