Jackrabbit relies on JAAS to perform principal authentication. However using JAAS in OSGi environment is often tricky because of classloading issues. I have done a poc to get JAAS work better in OSGi env. The relevant changes done in Sling and Jackrabbit are available at Git fork [1] and [6]. It involved adding a new JAAS support bundle in Sling and using new ConfigurationSpi [2] support added in JDK 1.6 . For this to work some changes were done in Jackrabbit code to make use of the new feature. For complete details refer to wiki entry at [3] and code diff [5]
At high level following changes were done in Jackrabbit * Make use of new method Configuration.getInstance(ConfigAlgoName,InputParams,ProviderName) to obtain JAAS config in JAASAuthContext class to fetch configuration * Expose a new attribute jaasConfigProviderName in Security element of repository configuration. With these changes done it would be possible to plugin in custom JAAS LoginModules without using fragment. Instead the usual way of extending the AbstractLoginModule can be used. Also it would be possible to make use of various features provided by OSGi env like dynamic configuration updates, dependency injection etc. It would be helpful to have such a feature be part of JR Core. Thoughts? Chetan Mehrotra [1] https://github.com/chetanmeh/jackrabbit/tree/jaas-osgi [2] http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/ConfigurationSpi.html [3] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling [4] http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/Configuration.html#getInstance(java.lang.String,%20javax.security.auth.login.Configuration.Parameters,%20java.lang.String) [5] https://github.com/chetanmeh/jackrabbit/compare/jaas-osgi [6] https://github.com/chetanmeh/sling/tree/jaas-osgi [7] https://github.com/chetanmeh/jackrabbit/compare/jaas-osgi.patch
