jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Klimetschek" <aklim...@day.com>
Subject Re: question on jaas config
Date Wed, 20 Aug 2008 13:53:05 GMT
On Wed, Aug 20, 2008 at 2:52 PM, Michael Harris
<michael.e.harris@gmail.com> wrote:
> For our app we wanted each session associated with a user.  Our application
> does not use JAAS; our authentication is handled at the organization level.

What do you mean by organization level?

> I got around it by extending the JcrSessionFactory (using spring  modules)
> to associate the User information (we have a lightweight User object with id
> and role on a threadlocal) and just putting the user name on the simple
> credentials instance that is used to generate the JR session.
> Would the "correct" way have been to use JAAS regardless of the fact that
> our authentication is handled by a custom system, or is the solution
> described above acceptable?

The "correct" way would be to implement a JAAS LoginModule that uses
the User object you already have. Even if it would be always present
(ie. authentication would never fail with Jackrabbit), you still have
proper userid for things like JCR observation.


Alexander Klimetschek

View raw message