jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nils Weinander <nils.weinan...@mogul.com>
Subject Re: Jackrabbut authentication, from another angle
Date Mon, 22 Mar 2010 10:18:40 GMT

Thanks for the interesting suggestions!

> i would suggest create a class, that extends JcrSessionFactory, and
> authenticates agains spring-security (obtaining the user from the
> securitycontext).

At this moment I don't want to involve Spring Security. This could
still work if I could get hold of the servlet request (which I haven't
found out how to do yet).

Mat Lowery-2:
> http://jira.springframework.org/browse/SEJCR-22
> http://forum.springsource.org/showthread.php?t=79161

Nice! I see there is June 1 date for this, so it is not that
far off.

Justin Edelson:
> You should, IMHO, write a custom LoginModule for this which uses
> SpringSecurity's Authentication object as the Credentials.
> Alternatively, you could store the admin username/password in
> configuration and do:
> username = // get the username via SecurityContextHolder
> session = repository.login(adminUser, adminPass);
> return session.impersonate(username)
> Any other solution is going to require that the password be contained in
> the Authentication object, which isn't always the case. 

Session.impersonate() is what I wanted to use, in the custom
JcrSessionFactory suggested by Jose Felix, but I found that
even if I can get hold of the servlet request (and thus the 
user name), that will not help me as Session.impersonate()
expects a Credentials parameter and performs a Repository.login()
with that. So, I'm back on square one...

Nils Weinander
View this message in context: http://n4.nabble.com/Jackrabbut-authentication-from-another-angle-tp1599551p1677412.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

View raw message