jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Fromm ...@inubit.com>
Subject Re: Different authentication behaviour between 1.4.x and 1.5.x :-(
Date Thu, 12 Feb 2009 08:18:48 GMT

> what i understood:
> - you added your own LoginModule to the repository.xml
>    security configuration.
> - and want this to be used.


> what is the reason for having the jaas.config pointing
> to a different LoginModule?

Liferay needs it for their webservice wrapper.

> if you have it configured in the repository.xml you
> don't need the jaas.config after all.

Thats right. But ATM the jboss implementation (or their understanding of how 
to implement jaas) is the problem.

In detail: even if I have configured my loginmodule the AuthContextProvider 
checks at first, if any JAAS configuration is available.
With JBoss JAAS impl the AuthContextProvider.isJAAS() alsways returns true 
(when Liferay is deployed), because 
Configuration.getAppConfigurationEntry(appName) returns always the 
configuration specified inside jaas.config. The used name doenst matter. :-(

In Jackrabbit 1.4.x versions there was the implementation little bit different 
in RepositoryImpl.login(...):

           AuthContext authCtx;
            LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
            if (lmc == null) {
			authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials);
            } else {

So at first it was checked, if there exists any configured login module, 
before using JAAS.

View raw message