I had thought of this approach, as it would require no modification to their servlet code (as far as authentication is concerned, and barring that they don't throw an exception or otherwise halt things if you're not using basic auth) - but one assumption that must hold true for this to work is that Jackrabbit must call LoginModule from the same thread in which the Acegi servlet filters authenticated the user, as the ContextHolder holds Authentications per-thread. If not, you either have to pass something from the servlet to Jackrabbit or you have to expose the Authentication from the ContextHolder of the target thread.
- Andy On Thursday 17 March 2005 01:58 pm, Ben Alex wrote: > Hi guys > > Sorry to chime in a bit late... > > I think let Acegi Security handle the full authentication as per normal, > with your choice of authentication processing filters. Importantly, this > allows not just BASIC but also Digest, CAS, form, X509 and anything else > you'd like to authenticate with. Then write a JAAS LoginModule that does > not use the CallbackHandler in any way, meaning whatever the Jackrabbit > repository extracts from BASIC authentication headers etc is effectively > ignored (as an aside, the WebDAV spec mandates digest authentication - > not BASIC). Anyway, your custom LoginModule will simply look at the > ContextHolder and obtain the current Authentication, using that as if > the LoginModule had completed the authentication itself. Recall > net.sf.acegisecurity.Authentication is a subclass of > java.security.Principal, so this will work. Also, as Jackrabbit > introduces ACL security and _presumably_ uses Principal.getName(), this > approach will continue to work as Acegi Security's > AbstractAuthenticationToken satisfies the getName() method by returning > the authentication object's getPrincipal().toString(). > > Cheers > Ben > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Acegiwebdav-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Acegiwebdav-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer
