Andy Depue wrote:
On Tuesday 08 March 2005 03:32 am, Dominique Pfister wrote:
<snip/>
IMO, the concept of JAAS is abstract enough to handle this situation and
it should be possible to implement a custom LoginModule that will add
Principal information to the Subject being authenticated in such a way
that authorization calls made on the Subject will actually be forwarded
to Acegi.
What you're saying is if someone wants to adapt Jackrabbit to their own authentication scheme, they are going to have to create a JAAS adapter/implementation? This is doable, no doubt. But Ben's idea has the advantage of being simple.
Have a look at the LoginModule docs [1]. Does it look so complicated?
Furthermore, using this standard interface potentially allows your specific authentication scheme to become part of a larger picture in a JAAS-enabled environment. You've written a LoginModule adapter for your stuff to be able to use Jackrabbit? Now you can use it everywhere. Either in the standard java security file, but also as a configuration of other libraries that hopefully rely on the JAAS standard interfaces and allow you to provide them with a custom LoginModule.
Sylvain
[1] http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/spi/LoginModule.html
-- Sylvain Wallez Anyware Technologies http://www.apache.org/~sylvain http://www.anyware-tech.com { XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
