jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Klimetschek <aklim...@day.com>
Subject Re: Removing Jacrabbit Login
Date Tue, 20 Oct 2009 12:00:47 GMT
On Mon, Oct 19, 2009 at 12:53, Odie1001 <gavin.wood@htk.co.uk> wrote:
> I have setup a JCR repository in TOMCAT 6 and it is working fine. We are
> using the default setup where to access a repository a username and password
> is required (but it can be anything).
> We have a thirdparty app that is trying to retreive an xml doc stored in
> this repository however there is no way for this app to pass a username and
> password prameter to the repository.

Why? How is it accessing the JCR? Using the JCR API remotely? Or using
webdav? All access methods that I know provide a way to pass the
credentials. If you use a custom server interface, you can use "admin"
credentials there (albeit I would not recommend that, rather always
try to do end-user login the whole way).

> Is there away to remove the login security for Jackrabbit so that
> the app can retreive the xml file?

As you said, it can be anything, I guess you use a Jackrabbit pre-1.5
with SimpleLoginModule that only separates between "admin",
"anonymous" and other users, allowing all passwords. This is already a
reduced security. Otherwise there is no way to go around a login, as
the JCR API requires a login to acquire a session.


Alexander Klimetschek

View raw message