On Tuesday 08 March 2005 03:32 am, Dominique Pfister wrote: > Ben Alex wrote: > > I thought I'd chime in here as I have an interest in both security as > > well as configuration generally. We're using Spring > > (www.springframework.org) and Acegi Security > > (http://acegisecurity.sourceforge.net). We'd like to deploy Jackrabbit > > into an IoC container so it more easily integrates with the rest of a > > Spring-based application, and use Acegi Security's ACL and > > authentication capabilities. I did some refactoring of current code and > > easily implemented pluggable authentication using an interface as shown > > (BTW I haven't read the pluggable authentication thread): > > > > public interface AuthenticationToken { > > public void login(String applicationName, Credentials credentials) > > throws LoginException; > > public void logout(); > > public String getUserId() throws RepositoryException; > > public boolean isAnonymous(); > > public boolean isSystem(); > > } > > > > This sort of interface allows people to still use JAAS, but also Acegi > > Security, home-grown solutions (which are very common) etc. > > IMO, the concept of JAAS is abstract enough to handle this situation and > it should be possible to implement a custom LoginModule that will add > Principal information to the Subject being authenticated in such a way > that authorization calls made on the Subject will actually be forwarded > to Acegi.
What you're saying is if someone wants to adapt Jackrabbit to their own authentication scheme, they are going to have to create a JAAS adapter/implementation? This is doable, no doubt. But Ben's idea has the advantage of being simple. There is always a tension and balance between "abstract" and "simple" - but what I've seen over the years is that developers tend to choose simple over abstract (though not always, of course). If I was evaluating Jackrabbit and saw the "AuthenticationToken" interface, the cost in implementing it (learning curve + effort + time) would be so low that I wouldn't have to give it a second thought. However, if I saw that Jackrabbit was tied directly to JAAS, I would have to give it a second thought: "is the implementer on the team familiar with JAAS? What will his learning curve be, and how much time will it take him to get up to speed just enough to create this adapter? How much will the added complexity increase testing time (how many more test cases will be necessary to write)?" etc... Just my 2c. :) - Andy
