jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Meschberger <fmesc...@gmail.com>
Subject Re: AW: UserManagement
Date Wed, 24 Feb 2010 07:49:54 GMT
Hi,

On 23.02.2010 11:48, Angela Schreiber wrote:
> Cech. Ulrich wrote:
>> Hi Angela,
>>
>> <Authorizable#remove>
>> But the next start of the repository, the anonymous account
>> is automatically recreated although the anonymous "account"
>> is commented out in repository.xml.
>> I tried this already. After "restart" of the repository,
>> I could login with "anonymous" again. I think this is some
>> Build-in functionality of Jackrabbit.
> 
> a yes. that's right... the default always creates the
> admin and anonymous user. so either have to prevent
> the anonymous from login (changing pw or change permissions of
> the everyone or anonymous principal depending on your ac) or
> provide your own security manager that doesn't create the anonymous.

How about a functionality to disable users, such they are prevented from
logging in by the LoginModule/UserManager ?

This has a number of advantageous consequences, IMHO:

  * You don't have to set a "dummy" password or set some
    ACLs to lock a user out of the system
  * You quickly prevent access to a user
  * You still have the traces of the user in the system
  * Re-enabling can be done easily
  * No matter what ACL setting such users will not be
    able to access the system anymore -- not even with
    password guessing or impersonation

Regards
Felix

> 
>> <there is no API method for that. but with the user manager
>> implementation in JR it should work with the following...>
>> Ok, that worked. Thanks.
>> But how do you get the properties of an Authorizable?
> 
> what properties are you talking about?
> the API call Authorizable#getProperty et al. only deal with
> non-protected JCR properties that are modifiable by the
> corresponding set methods... for the other props the corresp.
> API calls should be used.
> if you want to look at the properties in the regular item
> hierarchy you have to navigate to the corresponding node.
> NOTE: depending on your configuration the users may be stored
> in a separate workspace.
> 
>> <User#changePassword>
>> Yes, the changing works, but I want to verify the old password
>> Like shown in the SLING-code, 
> 
> but this is the jackrabbit-users list.
> if you want the API to expose a changePw(old, new) method, please
> create a corresponding enhancement request.
> 
>> but the same problem as before,
>> no properties nor the propertyNames are returned to verify
>> against.
> 
> see above.
> 
> regards
> angela
> 

Mime
View raw message