hi mike exactly... i guess, i need to improve the docu ;-)
for the time being you can look at the various loginmodule related test cases in oak. e.g. TokenDefaultLoginModuleTest.testTokenCreationAndLogin but it should also work with any other auth-setup that properly validates simplecredentials and has the token-lm being calling during #commit in the configuration. also you may plug your custom tokenprovider implementation in case you have different credentials or need a different token... hope that helps angela On 01/04/15 17:47, "Mike Nimer" <[email protected]> wrote: >thanks for helping me on this. To make sure I understand this, if my >initial login uses simple credentials, and I add an empty ".token" >property >- after login I will have a token value set in the Credentials object. >Assuming the TokenLoginModule is configured correctly. right? And >that's >the token I can pass around in future requests? >--mike > > >On Wed, Apr 1, 2015 at 10:26 AM, Angela Schreiber <[email protected]> >wrote: > >> hi mike >> >> can't help you with spring security but with the second question: >> >> the TokenLoginModule will issue a new login token during the commit >> phase if the shared state contains credentials that are supported by >> the configured token provider. see doCreateToken(Credentials) for >> details. >> >> the default impl of the token provider handles the default jcr >> simplecredentials and issues a new token if the latter contains >> an empty ".token" attribute. that should provide a backwards >> compatible behaviour to jackrabbit 2.x. >> >> hope that helps >> angela >> >> >> On 01/04/15 05:46, "Mike Nimer" <[email protected]> wrote: >> >> >I'm looking for some help configuring the TokenLoginModule with Spring >> >Security and I'm hoping someone has some sample code or documentation >>to >> >share. >> > >> >I have added the TokenLoginModule using the spring >> >DefaultJaasAuthenticationProvider & InMemoryConfiguration however I'm >> >getting this error on startup and I'm not sure how to get past it. >> > >> >authorityGranters cannot be null or empty >> > >> >A second question, if I wanted to use a REST service endpoint for login >> >how >> >can I create a new Token, for future requests, since the TokenProvider >> >class is not public. >> > >> >Thanks, >> >--mike >> >>
