jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From connuser1 connuser1 <connus...@gmail.com>
Subject Re: No session returned on repository.login
Date Fri, 12 Oct 2012 14:02:57 GMT
Thanks angela for providing this information.
Since I am using the DefaultAccessManager, I think AbstractLoginModule
offloads some work of dealing with the access manager which if I understand
correctly, is adding the necessary principals to the subject. As you
suggested, I could have done without it as well if I myself added the
necessary principals to the subject in my login module's commit method.

On Tue, Oct 2, 2012 at 2:03 PM, Angela Schreiber <anchela@adobe.com> wrote:

> hi all
>
> please note that there is no requirement whatsoever that
> a LoginModule should extend from AbstractLoginModule. you can
> configure any custom login module implementation.
>
> but: you have to make sure that the subject populated upon
> commit() fits the access restrictions enforced by the configured
> AccessManager and WorkspaceAccessManager. the setup might even
> work without any principals if you configure the repository to use
> e.g. a dummy authorization setup... that only depends on your
> use-cases.
>
> kind regards
> angela
>
>
> On 9/29/12 5:38 AM, connuser1 connuser1 wrote:
>
>> Thanks Chetan!! My problem was resolved by your suggestion.
>>
>> I extended the
>> org.apache.jackrabbit.core.**security.authentication.**DefaultLoginModule
>>  and
>> just overrided its getPrincipal method to create a new user if it did not
>> find one in the repository. This way I could use DefaultLoginModule's
>> capability to authenticate against the repository. Hopefully it is the
>> right approach.
>>
>>
>>
>> On Wed, Sep 26, 2012 at 4:07 PM, Chetan Mehrotra
>> <chetan.mehrotra@gmail.com>**wrote:
>>
>>  Hi,
>>>
>>> The access is failing because your login module does not add the
>>> EveryonePrincipal  to the set of principal associated with the Subject
>>> for that session.
>>>
>>> Your LoginModule should extend from the AbstractLoginModule as it
>>> takes cares of performing some common task. For example it would use
>>> the default principal provider to fetch the group membership which
>>> would always include membership to EveryonePrincipal. Also have a look
>>> at SimpleLoginModule in jacrabbit-core module
>>>
>>> Chetan Mehrotra
>>>
>>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message