hi mike btw: the documentation already explains the requirements for the token-creation in the default implementation in setion "Token Creation" at http://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanageme nt.html
>So this leads me to a few more questions, I hope you don't mind. > >1. How can I set the default timeout? I though I could pass it in as >the 3rd argument to the AppConfigurationEntry, but that doesn't seem >to change the defaults. the configuration parameters belong to the TokenConfiguration. in an OSGI-base setup you can change the timeout in the corresponding property. otherwise, you need to pass the configuration parameters to the security provider during the repo setup. something like long timeout = ....; ConfigurationParameters config = ConfigurationParameters.of(TokenConfiguration.NAME, ConfigurationParameters.of(TokenProvider.PARAM_TOKEN_EXPIRATION, timeout)); SecurityProvider sp = new SecurityProviderImpl(getSecurityConfigParameters()) Repository repo = new Jcr().with(sp).createRepository(); >2. If I want to reset the token (with a new timeout) and I'm working >with a jar repository, how would I do this? The code I found wants an >Oak Root node not a JCR Node. Also, how do I get a references to the >Security Provider? When I tried to configure it as a @Bean I get an >OSGI error (NoClassDefFoundError: org/osgi/framework/BundleContext) > >===== >Node root = session.getRootNode(); // Should be a oak Root >TokenConfiguration tc = >securityProvider.getConfiguration(TokenConfiguration.class); >TokenProvider tp = tc.getTokenProvider(root); >TokenInfo tokenInfo = tp.createToken(_credentials); >==== You can't create the token provider from JCR objects. Instead you need to get started from the Oak ContentRepository in order to create a new ContentSession from which you can obtain the Root object. For the SecurityProvider see above. In general though i would try to leave the refresh to the implementation. >3. If I wanted to use custom token, such as a JWT token. How do I >configure it, after I implement TokenProvider? You need to make sure you setup (additionally) comes with your custom TokenConfiguration that returns your own implementation of the TokenProvider. In an OSGI-based setup this would mean that you register your TokenConfiguration as service. The default setup will automatically pick it up and the right provider should then issue/manage the tokens based on the 'doCreateToken' and 'getTokenInfo' calls. In a non-OSGI-based setup it's probably a bit harder but should still be feasible by either adding the configuration using the protected bind-method or a derived SecurityProvider. hope that helps angela > > >Thank you again, >--mike > > > >On Wed, Apr 1, 2015 at 11:04 AM, Angela Schreiber <[email protected]> >wrote: >> hi mike >> >> exactly... i guess, i need to improve the docu ;-) >> >> for the time being you can look at the various loginmodule >> related test cases in oak. >> >> e.g. TokenDefaultLoginModuleTest.testTokenCreationAndLogin >> >> but it should also work with any other auth-setup that >> properly validates simplecredentials and has the token-lm >> being calling during #commit in the configuration. >> also you may plug your custom tokenprovider implementation >> in case you have different credentials or need a different >> token... >> >> hope that helps >> angela >> >> On 01/04/15 17:47, "Mike Nimer" <[email protected]> wrote: >> >>>thanks for helping me on this. To make sure I understand this, if my >>>initial login uses simple credentials, and I add an empty ".token" >>>property >>>- after login I will have a token value set in the Credentials object. >>>Assuming the TokenLoginModule is configured correctly. right? And >>>that's >>>the token I can pass around in future requests? >>>--mike >>> >>> >>>On Wed, Apr 1, 2015 at 10:26 AM, Angela Schreiber <[email protected]> >>>wrote: >>> >>>> hi mike >>>> >>>> can't help you with spring security but with the second question: >>>> >>>> the TokenLoginModule will issue a new login token during the commit >>>> phase if the shared state contains credentials that are supported by >>>> the configured token provider. see doCreateToken(Credentials) for >>>> details. >>>> >>>> the default impl of the token provider handles the default jcr >>>> simplecredentials and issues a new token if the latter contains >>>> an empty ".token" attribute. that should provide a backwards >>>> compatible behaviour to jackrabbit 2.x. >>>> >>>> hope that helps >>>> angela >>>> >>>> >>>> On 01/04/15 05:46, "Mike Nimer" <[email protected]> wrote: >>>> >>>> >I'm looking for some help configuring the TokenLoginModule with >>>>Spring >>>> >Security and I'm hoping someone has some sample code or documentation >>>>to >>>> >share. >>>> > >>>> >I have added the TokenLoginModule using the spring >>>> >DefaultJaasAuthenticationProvider & InMemoryConfiguration however I'm >>>> >getting this error on startup and I'm not sure how to get past it. >>>> > >>>> >authorityGranters cannot be null or empty >>>> > >>>> >A second question, if I wanted to use a REST service endpoint for >>>>login >>>> >how >>>> >can I create a new Token, for future requests, since the >>>>TokenProvider >>>> >class is not public. >>>> > >>>> >Thanks, >>>> >--mike >>>> >>>> >>
