Marcel Reutegger wrote:
I have slightly changed the login behaviour of Jackrabbit to comply with the spec. The SimpleLoginModule in Jackrabbit used to allow logins with null credentials and interpreted it as anonymous login. However null logins should rather indicate that a subject has already been authenticated by some other mechanism.
See also: http://issues.apache.org/jira/browse/JCR-81
very cool. however, i have a question about how this works in practice.
i'm using Acegi Security to authenticate and authorize access to my webapp before jackrabbit is ever encountered. currently i'm passing dummy credentials to Repository.login() and using my own LoginModule to pull principals out of Acegi Security and place them in the Subject.
i'd love to remove JAAS from of the equation altogether and pass null credentials into Repository.login(). however, i don't understand how to get a Subject into AccessControlContext. i'm digging through the JAAS docs, but a pointer or example would be much appreciated.
as was brought up before, it would be really great if jackrabbit had its own security interfaces that i could implement using Acegi Security directly, but oh well :)
