Andy Depue wrote:
At this point, I'm thinking that I should make sure my understanding of things is correct before writing more, as I don't want to waste any time writing a response to a misunderstood question, if that's the case. :)
nope, you have the gist of the problem. JCR expects to authenticate the request itself (Jackrabbit does this via JAAS).
i guess one approach could be to have Acegi Security do the authentication upstream and then have the WebDAV adapter pass to Repository.login() a javax.jcr.Credentials implementation that carries the authenticated principal along to a dumb JAAS LoginModule.
alternately, the Credentials implementation could just contain what ever contextual information is necessary for a slightly smarter LoginModule to extract the authenticated principal from the context.
in either case, the WebDAV adapter itself should have to do no more work than finding the credentials in a well known place and handing them to the repository. it should be the job of the security filters and the LoginModule to do all the dirty work.
sound right?
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Acegiwebdav-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer
