Hi Angela, I tried implementing the custom authentication in the following way, please let me know if i am in the right direction.
1. Created a class JRLoginModule that extends AbstractLoginModule 2. Added a new class JRAuthentication implements Authentication 3. In the "authenticate" method of JRAuthentication wrote my custom method for authentication 4. In the "getAuthentication" method of JRLoginModule, I created a new JRAuthentication object and returned. Is this the right way (or) do i need to do something else? Also for Custom authorisation 1. Created a class JRAuthorisation extends DefaultAccessManager 2. Overrided the "isGranted" methods. My problem is, How can i get handles to the node and user objects in my custom class. Kindly let me know your views. Thanks, Ajai G Angela Schreiber wrote: > > >> If i think better, actually my problem was not only the one about I've >> wrote earlier, but, the same as Ajai G, I'm tring to implement a custom >> authentication > > write your own implementation of javax.security.auth.spi.LoginModule and > change the repository's security config accordingly. > >> and authorization mechanism. > > write your own implementation of the o.a.j.core.security.AccessManager > interface and use that in the repository security config. > > eventually in addition > > - o.a.j.core.security.authorization.AccessControlProvider > - o.a.j.core.security.authorization.WorkspaceAccessManager > > and adjust the workspace security configurations accordingly. > > you may also replace the whole SecurityManager itself (again > repository config). > > there are various levels where you can plug your own stuff. > what exactly you need to replace depends on your needs. > > angela > > > -- View this message in context: http://www.nabble.com/Custom-Authentication---Authorization-tp24804589p25007807.html Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
