Jukka Zitting wrote:
I thought I'd chime in here as I have an interest in both security as well as configuration generally. We're using Spring (www.springframework.org) and Acegi Security (http://acegisecurity.sourceforge.net). We'd like to deploy Jackrabbit into an IoC container so it more easily integrates with the rest of a Spring-based application, and use Acegi Security's ACL and authentication capabilities. I did some refactoring of current code and easily implemented pluggable authentication using an interface as shown (BTW I haven't read the pluggable authentication thread):Hi,
Sylvain:
No, it currently doesn't work. But having pluggable authentication is planned and should come soon. We're waiting for Jukka to finish the ongoing configuration refactoring before adding this new feature.
I'm progressing quite nicely, and should be mostly ready in a day or two. :-) I'll send a summary of my config changes when I'm done.
BR,
Jukka Zitting
public interface AuthenticationToken {
public void login(String applicationName, Credentials credentials) throws LoginException;
public void logout();
public String getUserId() throws RepositoryException;
public boolean isAnonymous();
public boolean isSystem();
}
This sort of interface allows people to still use JAAS, but also Acegi Security, home-grown solutions (which are very common) etc.
I am also involved in a separate Spring-based WebDAV server project, which was started before we became aware Jackrabbit would offer this capability. It seems the "ongoing configuration refactoring" mentioned in the above quote might be just what we need. We'd be very happy to help out with configuration refactoring so that Jackrabbit operated well in an IoC container, without making any dependency or binding on any such container. You can read more about what we're trying to achieve and why we'd like to use Jackrabbit inside on IoC container at http://www.mail-archive.com/acegiwebdav-developer%40lists.sourceforge.net/msg00006.html.
It would be great if Jukka could give us some ideas on what the configuration refactoring is moving towards. We'd be hoping it includes the elimination of large, application-wide configuration objects; the use of getters/setters on classes to set configuration properties and collaborating objects; and the use of finer-grained interfaces so that smaller pieces of Jackrabbit can be customised, enhanced or replaced (eg like the above security example). As I said earlier, we're happy to help out with any configuration refactoring (if you would like us to).
Best regards
Ben Alex
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Acegiwebdav-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegiwebdav-developer
