Found it! This is the part I was missing when I was digging through
the unit tests before. And it's a lot easier then trying to configure
JAAS. With this I can use a simple Spring Security Filter to
authenticate the token.
for future reference:
====================
After I create the JCR Repository call:
javax.security.auth.login.Configuration.setConfiguration(getConfiguration());
protected javax.security.auth.login.Configuration getConfiguration() {
return new javax.security.auth.login.Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
AppConfigurationEntry tokenEntry = new AppConfigurationEntry(
TokenLoginModule.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
Collections.<String, Object>emptyMap());
AppConfigurationEntry defaultEntry = new AppConfigurationEntry(
LoginModuleImpl.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
Collections.<String, Object>emptyMap());
return new AppConfigurationEntry[] {tokenEntry, defaultEntry};
}
};
}
==========================
So this leads me to a few more questions, I hope you don't mind.
1. How can I set the default timeout? I though I could pass it in as
the 3rd argument to the AppConfigurationEntry, but that doesn't seem
to change the defaults.
2. If I want to reset the token (with a new timeout) and I'm working
with a jar repository, how would I do this? The code I found wants an
Oak Root node not a JCR Node. Also, how do I get a references to the
Security Provider? When I tried to configure it as a @Bean I get an
OSGI error (NoClassDefFoundError: org/osgi/framework/BundleContext)
=====
Node root = session.getRootNode(); // Should be a oak Root
TokenConfiguration tc =
securityProvider.getConfiguration(TokenConfiguration.class);
TokenProvider tp = tc.getTokenProvider(root);
TokenInfo tokenInfo = tp.createToken(_credentials);
====
3. If I wanted to use custom token, such as a JWT token. How do I
configure it, after I implement TokenProvider?
Thank you again,
--mike
On Wed, Apr 1, 2015 at 11:04 AM, Angela Schreiber <[email protected]> wrote:
> hi mike
>
> exactly... i guess, i need to improve the docu ;-)
>
> for the time being you can look at the various loginmodule
> related test cases in oak.
>
> e.g. TokenDefaultLoginModuleTest.testTokenCreationAndLogin
>
> but it should also work with any other auth-setup that
> properly validates simplecredentials and has the token-lm
> being calling during #commit in the configuration.
> also you may plug your custom tokenprovider implementation
> in case you have different credentials or need a different
> token...
>
> hope that helps
> angela
>
> On 01/04/15 17:47, "Mike Nimer" <[email protected]> wrote:
>
>>thanks for helping me on this. To make sure I understand this, if my
>>initial login uses simple credentials, and I add an empty ".token"
>>property
>>- after login I will have a token value set in the Credentials object.
>>Assuming the TokenLoginModule is configured correctly. right? And
>>that's
>>the token I can pass around in future requests?
>>--mike
>>
>>
>>On Wed, Apr 1, 2015 at 10:26 AM, Angela Schreiber <[email protected]>
>>wrote:
>>
>>> hi mike
>>>
>>> can't help you with spring security but with the second question:
>>>
>>> the TokenLoginModule will issue a new login token during the commit
>>> phase if the shared state contains credentials that are supported by
>>> the configured token provider. see doCreateToken(Credentials) for
>>> details.
>>>
>>> the default impl of the token provider handles the default jcr
>>> simplecredentials and issues a new token if the latter contains
>>> an empty ".token" attribute. that should provide a backwards
>>> compatible behaviour to jackrabbit 2.x.
>>>
>>> hope that helps
>>> angela
>>>
>>>
>>> On 01/04/15 05:46, "Mike Nimer" <[email protected]> wrote:
>>>
>>> >I'm looking for some help configuring the TokenLoginModule with Spring
>>> >Security and I'm hoping someone has some sample code or documentation
>>>to
>>> >share.
>>> >
>>> >I have added the TokenLoginModule using the spring
>>> >DefaultJaasAuthenticationProvider & InMemoryConfiguration however I'm
>>> >getting this error on startup and I'm not sure how to get past it.
>>> >
>>> >authorityGranters cannot be null or empty
>>> >
>>> >A second question, if I wanted to use a REST service endpoint for login
>>> >how
>>> >can I create a new Token, for future requests, since the TokenProvider
>>> >class is not public.
>>> >
>>> >Thanks,
>>> >--mike
>>>
>>>
>
