jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: DefaultLoginModule and trust_credentials_attribute
Date Wed, 26 Jan 2011 14:56:37 GMT
hi yusuf

> I am trying to configure jackrabbit with ldap server and I need to use the
> acl based security.
>
> After some research, I came to a conclusion that the
> trust_credentials_attribute parameter in the DefaultLoginModule is the thing
> that will make me achive the integration.
>
> I will handle the ldap login in my application and on successful login i
> will login to the jackrabbit rep, but I don't want to maintain the user
> passwords in jackrabbit so I need to allow login what ever the password is.
> I think this is the purpose of trust_credentials_attribute

as far as i know the 'trust_credentials_attribute' parameter of the
login module is just the configuration option to turn on the 
pre-authenticated-login functionality (by default this is disabled).

this doesn't mean that having the config option authentication
against the repository is omitted altogether but rather that
in this case the test for pre-authenticated subjects is evaluated.

see AbstractLoginModule#isPreAuthenticated for the very details.
the method documentation states:

      * Returns <code>true</code> if the credentials should be
      * considered as pre-authenticated and a password check is
      * not required.
      * This base class implementation returns <code>true</code> if the
      * <code>creds</code> object is a SimpleCredentials instance and the
      * configured {@link #getPreAuthAttributeName() trusted
      * credentials property} is set to a non-<code>null</code> value
      * in the credentials attributes. [...]

and of course you are free to do something different in your custom
extension from the AbstractLoginModule.

hope that helps
angela

Mime
View raw message