i've gotten to the point where my stripped-down version of the simple Jackrabbit WebDAV server (there are actually two versions - i'm using the one without the remote JSR 170 extensions) receives requests and looks for credentials it can use to log into the repository.
to find the credentials, Jackrabbit's jcr-server implementation looks for an HTTP Authorization header, parses it, and instantiates a javax.jcr.SimpleCredentials to pass into javax.jcr.Repository.login().
i don't think it should be necessary to do that manually. i'd rather use existing components to handle credential extraction. i'm going to have to support Basic and probably also Digest. i'm definitely also going to need to have some sort of ticketing scheme in short order for people who don't have user accounts in my WebDAV server. that's stuff that more properly belongs in a security framework than in a WebDAV server.
i had a read through the Acegi Security reference and noted the BasicProcessingFilter and BasicProcessingFilterEntryPoint. obviously good starting points.
however, i don't actually want to actually authenticate up there in the servlet filters. i just want to extract the credentials so i can hand them off to JAAS via Jackrabbit, which will do the authentication.
what's the best way for me to approach this problem of credential extraction? i guess i'm assuming that leveraging Acegi Security would be beneficial, rather than using Jackrabbit's brute force approach.
als, re authen and authz - has anyone given serious thought to how to use Acegi Security inside JAAS?
maybe there is room for Acegi WebDAV after all, if only to provide a general purpose WebDAV server based on jcr-server but with no direct dependencies on Jackrabbit's core and which integrates Acegi Security (and Spring, to the extent that it can).
in any event, i need to get authentication and authorization working, even if just at a prototype level, in the next week or two, so i will appreciate hearing your thoughts. thanks!
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Acegiwebdav-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer
