Brian Moseley wrote:
Jackrabbit uses JAAS internally to authenticate access to its repository, so my first attempt at integration was providing a custom LoginModule implemented using Acegi Security.
For the benefit of the archives, I proposed a very small interface so Jackrabbit would be compatible with any security system. It was rejected. So we find ourselves forced to use JAAS despite there being no technical reason nor it being mandated by JSR 170.
i've since been reminded that the JCR spec allows us to bypass the JCR implementation's internal authentication, and i've reimplemented my server to do just that. so i no longer need the custom LoginModule i developed.
It beats me what business a content repository has authenticating users in the first place. Surely the container the repository is running in would do that. Especially with more complex authentication mechanisms existing out there like X509, Digest and Single Sign On. The repository should just be passed an Object that represents the authenticated user, courtesy of the container. The repository then associates that Object with the content repository session and can enforce ACLs.
however, the class is extremely generic and may be of use to others, so i'd like to contribute it to Acegi Security, or at least make it available in the mailing list archives for others who might need such a thing.
Thanks for that Brian. It looks good.
Ray, would you please find a suitable home for it among your other JAAS classes and perhaps write a test or docs?
Cheers Ben
------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/Info/Sentarus/hamr30 _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
