jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Edelson <justinedel...@gmail.com>
Subject Re: Jackrabbut authentication, from another angle
Date Fri, 19 Mar 2010 16:03:55 GMT
You should, IMHO, write a custom LoginModule for this which uses
SpringSecurity's Authentication object as the Credentials.

Alternatively, you could store the admin username/password in
configuration and do:
username = // get the username via SecurityContextHolder
session = repository.login(adminUser, adminPass);
return session.impersonate(username)

Any other solution is going to require that the password be contained in
the Authentication object, which isn't always the case.

That said, the OP didn't mention Spring Security, just container-based
authentication. That said, I'm a bit surprised that container-based auth
doesn't work with Jackrabbit, but I can't say I've ever tried.

Justin

On 3/19/10 11:54 AM, Mat Lowery wrote:
> http://jira.springframework.org/browse/SEJCR-22
> http://forum.springsource.org/showthread.php?t=79161
> 
> 
> On Fri, 2010-03-19 at 16:48 +0100, JOSE FELIX HERNANDEZ BARRIO wrote:
> 
>> i would suggest create a class, that extends JcrSessionFactory, and
>> authenticates agains spring-security (obtaining the user from the
>> securitycontext).
>> i think this class would be a very interesting improvement to spring-jcr.
>>
>>
>>
>> 2010/3/19 Nils Weinander <nils.weinander@mogul.com>
>>
>>> Trying to wrap my head around Jackrabbit authentication following
>>> my failure to set up JAAS login. What I want to do is to have
>>> the spring-modules-jcr JcrTemplate to get a session which is
>>> NOT authenticated with a fixed username/password provided in
>>> the Spring application context:
>>>
>>> <bean id="jcrSessionFactory"
>>> class="org.springmodules.jcr.JcrSessionFactory">
>>>        <property name="repository" ref="repository"/>
>>>        <property name="credentials">
>>>                <bean class="javax.jcr.SimpleCredentials">
>>>                        <constructor-arg index="0"
>>> value="${repository.user}"/>
>>>                        <constructor-arg index="1">
>>>                                <bean factory-bean="password"
>>> factory-method="toCharArray"/>
>>>                        </constructor-arg>
>>>                </bean>
>>>        </property>
>>> </bean>
>>>
>>> <bean id="password" class="java.lang.String">
>>>        <constructor-arg index="0" value="${repository.password}"/>
>>> </bean>
>>>
>>> I want to use the credentials of the user currently logged
>>> in to the container. I assume that I cannot get hold of
>>> these in the Spring declarations. If I don't include the
>>> credentials property of the jcrSessionfactory bean and use
>>> SimpleLoginModule, I get an anonymous login. When I try
>>> a JAAS LoginModule from Jetty I get UnsupportedCallbackException
>>> and it doesn't feel quite right anyway: if I have security-constraint
>>> in web.xml around the entire webapp, the use is already logged
>>> in when the Jackrabbit session is created. What I really
>>> want is the logged in user's credentials to be passed on
>>> to Jackrabbit.
>>>
>>> Do I have to write my own LoginModule for that or is there
>>> a ready way to do this?
>>>
>>> --
>>> mogul | nils weinander |
>>> hudiksvallsgatan 4 113 30 stockholm sweden |
>>> +46 8 4100 6456 | +46 709 78 28 37 |
>>> nils.weinander@mogul.com | skype: nils.weinander |
>>> www.mogul.com
>>>
>>
>>
>>
> 
> 
> 


Mime
View raw message