[jira] [Updated] (OAK-2051) Provide option to use Configuration SPI in JAAS authentication when running within AppServer

Mon, 25 Aug 2014 02:15:13 -0700 

     [ 
https://issues.apache.org/jira/browse/OAK-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chetan Mehrotra updated OAK-2051:
---------------------------------

    Attachment: OAK-2051.patch

Patch which exposes a new config property 
{{org.apache.jackrabbit.oak.authentication.configSpiName}} in 
AuthenticationConfiguration to capture the JAAS Config Provider Name. if this 
is set then {{LoginContextProviderImpl}} would use the SPI API to fetch JAAS 
config. So in brief following steps are required

# Set following properties in _Apache Felix JAAS Configuration Factory_ 
{{org.apache.felix.jaas.ConfigurationSpi}}
## Set the _Global Configuration Policy_ to _Default_
## Set the _JAAS Config Provider Name_ to _FelixJaasProvider_
# Set the {{org.apache.jackrabbit.oak.authentication.configSpiName}} to 
_FelixJaasProvider_ in _Apache Jackrabbit Oak AuthenticationConfiguration_ 
{{org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl}}

This would ensure that Oak related JAAS configuration does not effect Global 
JAAS Configuration typically used by App Server

[~anchela] [~tripod] Kindly review

> Provide option to use  Configuration SPI in JAAS authentication when running 
> within AppServer
> ---------------------------------------------------------------------------------------------
>
>                 Key: OAK-2051
>                 URL: https://issues.apache.org/jira/browse/OAK-2051
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: security
>            Reporter: Chetan Mehrotra
>            Assignee: Chetan Mehrotra
>             Fix For: 1.1, 1.0.6
>
>         Attachments: OAK-2051.patch
>
>
> LoginContextProviderImpl currently obtains JAAS configuration directly from 
> the Configuration class. This works fine where the JAAS config is provided in 
> std form like through file. This also works fine with Felix JAAS [1] where 
> Felix JAAS is configured to replace the default configuration and thats ok 
> when running in standalone env.
> However Felix JAAS also supports a SPI mode to fetch configuration which 
> would allow running in App server env where the application server is also 
> making use of JAAS. 
> Oak should provide an option to make use of the SPI mode when running in App 
> Server  env so as to isolate the Oak's use of JAAS logic from App Server's 
> usage
> [1] 
> http://felix.apache.org/documentation/subprojects/apache-felix-jaas.html#configuration-spi-with-default-policy-mode



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to