jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nils Weinander <nils.weinan...@mogul.com>
Subject Jackrabbut authentication, from another angle
Date Fri, 19 Mar 2010 15:39:50 GMT
Trying to wrap my head around Jackrabbit authentication following
my failure to set up JAAS login. What I want to do is to have
the spring-modules-jcr JcrTemplate to get a session which is
NOT authenticated with a fixed username/password provided in
the Spring application context:

<bean id="jcrSessionFactory" 
class="org.springmodules.jcr.JcrSessionFactory">
	<property name="repository" ref="repository"/>
	<property name="credentials">
		<bean class="javax.jcr.SimpleCredentials">
			<constructor-arg index="0" value="${repository.user}"/>
			<constructor-arg index="1">
				<bean factory-bean="password" factory-method="toCharArray"/>
			</constructor-arg>
		</bean>
	</property>
</bean>

<bean id="password" class="java.lang.String">
	<constructor-arg index="0" value="${repository.password}"/>
</bean>

I want to use the credentials of the user currently logged
in to the container. I assume that I cannot get hold of
these in the Spring declarations. If I don't include the
credentials property of the jcrSessionfactory bean and use
SimpleLoginModule, I get an anonymous login. When I try
a JAAS LoginModule from Jetty I get UnsupportedCallbackException
and it doesn't feel quite right anyway: if I have security-constraint
in web.xml around the entire webapp, the use is already logged
in when the Jackrabbit session is created. What I really
want is the logged in user's credentials to be passed on
to Jackrabbit.

Do I have to write my own LoginModule for that or is there
a ready way to do this?

-- 
mogul | nils weinander |
hudiksvallsgatan 4 113 30 stockholm sweden |
+46 8 4100 6456 | +46 709 78 28 37 |
nils.weinander@mogul.com | skype: nils.weinander |
www.mogul.com

Mime
View raw message