hi note however, that this just covers the authentication part. as far as pluggable authorization is concerned this is definitely planned for OAK 1.0 but still work in progress.
see https://issues.apache.org/jira/browse/OAK-1268 for a short description what is planned in this area... we basically need that for our own closed user group handling but obviously this can be used for any other kind of additional access restrictions. kind regards angela On 12/9/13 5:41 PM, "Bertrand Delacretaz" <bdelacre...@apache.org> wrote: >Hi, > >On Mon, Dec 9, 2013 at 5:34 PM, Jukka Zitting <jukka.zitt...@gmail.com> >wrote: >> ...Assuming a working JAAS setup, you can configure a custom "optional" >> LoginModule that adds extra principals to the current subject based on >> whatever criteria you want (source IP, HTTP header, phase of the moon, >> etc.).... > >Ok, thanks! "phase of the moon", as in "any arbitrary external value" >is indeed the kind of use case we're looking at. > >This looks like another reason to use the Felix Jaas stuff [1] which >is good as this will be useful for Sling as well. > >-Bertrand > >[1] >http://felix.apache.org/documentation/subprojects/apache-felix-jaas.html
