[jira] [Commented] (JCR-4050) Allow creation of users with existing password hashes

[angela (JIRA)]

    [ 
https://issues.apache.org/jira/browse/JCR-4050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15621540#comment-15621540
 ] 

angela commented on JCR-4050:
-----------------------------

There exists in fact a way to create users with existing password hashes and 
which is actually intended for synchronizing content between repositories: the 
JCR xml import. If import of the protected user properties is properly enabled 
this would exactly do, what you were looking for. Since the Xml import by 
default ignores protected JCR nodes/properties, we defined plugins for both 
Jackrabbit Core and Oak that provides that missing functionality.

For Oak it's documented at 
http://jackrabbit.apache.org/oak/docs/security/user/default.html#XML_Import
For Jackrabbit Core there exists no official documentation but the mechanism is 
the same: configure the protected item imports you wish to be active in the 
workspace.xml of your target workspace. For example something like this:

{code}
<Workspace name="your_workspace_name" [...]>       
       [...]
        <!--
        XML Import configuration of the workspace
        -->
        <Import>
            <ProtectedItemImporter 
class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
            <ProtectedItemImporter 
class="org.apache.jackrabbit.core.security.user.UserImporter">
                <param name="importBehavior" value="besteffort"/>
            </ProtectedItemImporter>
        </Import>
    </Workspace>
{code}

Hope that helps


>  Allow creation of users with existing password hashes
> ------------------------------------------------------
>
>                 Key: JCR-4050
>                 URL: https://issues.apache.org/jira/browse/JCR-4050
>             Project: Jackrabbit Content Repository
>          Issue Type: New Feature
>          Components: jackrabbit-api, jackrabbit-core, security
>            Reporter: Jeffrey Bornemann
>            Priority: Minor
>
> We utilize the UserManager API within Grabbit for syncing authorizable nodes 
> between servers.
> Unfortunately, when it comes to syncing users, and specifically setting 
> passwords from existing users; we have no public API facing way to create 
> users with existing password hashes. We currently have to resort to using 
> reflection, grabbing internal tree objects, and a bunch of nastiness that we 
> would love to avoid with this change.
> Other consumers may also find this useful. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)