[
https://issues.apache.org/jira/browse/JCR-2358?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12766510#action_12766510
]
Marcel Reutegger commented on JCR-2358:
---------------------------------------
I see your point about the issues with JAAS configuration files. I also faced
them several times. Though, I have to say, that's also our fault, because of
code such as:
// check if jaas-loginModule or fallback is configured
Configuration logins = null;
try {
logins = Configuration.getConfiguration();
} catch (Exception e) {
// means no JAAS configuration file OR no permission to read it
}
You'd get syntax errors as an exception, but we ignore them :-/
But still, it is difficult to distinguish between syntax errors and e.g. no
configuration at all. In both cases you get a SecurityException, only differing
in their message.
> Prefer JAAS configuration if present
> ------------------------------------
>
> Key: JCR-2358
> URL: https://issues.apache.org/jira/browse/JCR-2358
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 1.6.0
> Reporter: Marcel Reutegger
> Priority: Minor
>
> Contrary to JavaDoc the AuthContextProvider prefers the local configuration
> in repository.xml. When the class was first introduced in 1.5, the
> implementation did what was documented, but then JCR-1977 was reported. I
> think we shouldn't have fixed it that way. Prefering JAAS over the local
> configuration makes sense IMO and works well if
> Configuration.getAppConfigurationEntry() is correctly implemented and behaves
> as specified/expected.
> I suggest we revert to the 1.5 preference sequence and introduce a parameter
> that instructs the AuthContextProvider to ignore the JAAS configuration (as a
> workaround for the buggy application servers).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
