jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Harris" <michael.e.har...@gmail.com>
Subject Re: How to set up Jackrabbit with JAAS
Date Tue, 26 Aug 2008 12:52:17 GMT
Kurz

from what I understand, as part of JAAS (which is j2ee) your login module
would be managed by your app container.  you would create configuration to
tell the container about your module.  You can create a security package
somewhere in your codebase to contain the module.

I had a similar issue where security is handled by an app that the company i
work for uses across many applications.  What I needed was that each session
has the appropriate user info attached to it.  What I did was extend the
JCRSessionFactory (Spring Modules) to use the logged in username to create
the simplecredentials that JR uses by default.  You might be able to do
something similar.  In this case, since the logging in and privileges are
assigned to the user are handled somewhere else, you don't need JAAS to do
any authentication.

Note that users on this list pointed out the "correct" way to do it is still
with JAAS, and I don't disagree.


good luck.

On Tue, Aug 26, 2008 at 8:29 AM, Kurz Wolfgang <wolfgang.kurz@gwvs.de>wrote:

> I searched the mailing archive and I found a lot about the Login Module but
> somehow I am confused as to where I would integrate this module.
>
> My Application has a LDAP Security setup working with spring security and
> all I need to secure now is the Jackrabbit web-application that runs on a
> different server and provides RMI access for my application. The Jackrabbit
> web-application I left as I downloaded it and initiate a standard
> repository.
>
> So I am guessing I have to implement that LoginModule somewhere in the
> Jackrabbit web-application that I downloaded? And if so, where would I add
> the LoginModule in that application? There is lots of complicated JAAS
> documentation but nothing about how to implement that into the given
> web-application.
>
> Does anyone know where I can find more information? I am really lost as
> where to start implementing this stuff.
>
> -----Urspr√ľngliche Nachricht-----
> Von: Michael Harris [mailto:michael.e.harris@gmail.com]
> Gesendet: Montag, 25. August 2008 16:43
> An: users@jackrabbit.apache.org
> Betreff: Re: How to set up Jackrabbit with JAAS
>
> Kurz
>
> Ive gathered from viewing these emails that the correct way is to implement
> your own JAAS LoginModule.
>
> Search the email archive for LoginModule and there are some references to
> how to do that.  Unfortunately I cannot help more because I handled
> security
> integration in a different (i.e. non-correct wrt the standard that JR
> expects) way.
>
> On Mon, Aug 25, 2008 at 10:18 AM, Kurz Wolfgang <wolfgang.kurz@gwvs.de
> >wrote:
>
> > Hello everyone,
> >
> > i set up the Jackrabbit web application as a RMI server.
> >
> > My own webapplication connects to the repository and uses the data
> > that's in the repository.
> >
> > Now I would like to secure the Jackrabbit webapplication so that only my
> > application can access it.
> >
> > I tried to configure the repository.xml file but whatever username I put
> > in there it doesn't matter as I always get a connection with whatever I
> > put there.
> >
> > Since I could find anything in the web and the Security Section still
> > says TODO I thought I would ask here if anyone can point me to a place
> > where I can read how to set this up or if anyone can just tell me how to
> > do it.
> >
> > Thx a lot in advance for any hints you guys can share!
> >
> >
>
>
> --
> ---------------------
> Michael Harris
>



-- 
---------------------
Michael Harris

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message