Hi Sebastien,
The main problem with exporting from the jackrabbit-core library is,
that the service provider API (or internal API) like PersistenceManager
or AccessManager is not properly separated from the actual
implementation. Therefore just exporting everything is unsuitable
because it leeks too many implementation details into the framework.
In addition it causes really problematic dependency resolution issues
because not only jackrabbit-core packages must be exported but also
packages of helper libraries used by jackrabbit-core. Honestly it is a
nightmare of some sort ;-)
What you might want to do test, though, is just export the
org.apache.jackrabbit.core.security package, leaving the rest. To do
this just add the following lines to the <configuration> element of the
bundle plugin:
<Export-Package>
org.apache.jackrabbit.core.security
</Export-Package>
Then rebuild the jackrabbit-core bundle and deploy it.
Please report back, whether this works, so we might well add this to the
setup in Sling.
Regards
Felix
Sebastian Gomez schrieb:
> Hi everyone.
> I'm trying to secure the JCR repository creating a custom LoginModule and
> AccessManager. The first one has gone OK, as it implements the JAAS standard
> interface. On the other hand, the second one must implement Jackrabbit's
> AccessManager interface, but as Sling's Jackrabbit Embedded Repository
> bundle does not export the jackrabbit-core packages (that includes the
> AccessManager interface), the only way to create my custom implementation
> has been to embed the dependency in my bundle's classpath. This then makes a
> ClassCastException occur in Jackrabbit's SessionImpl when my class is being
> casted to the AccessManager interface (line 335). As I guess you'll know,
> this is because my CustomAccessManager is implementing the AccessManager
> loaded by my bundle's classloader, while Jackrabbit's SessionImpl will
> expect the AccessManager loaded by the Jackrabbit Embedded Repository
> bundle.
>
> I'd like to know if someone has already come up with (and hopefully
> resolved) the same problem as I have, because I guess it's quite a common
> scenario. The easiest solution would be to make the Sling's Jackrabbit
> Embedded Repository bundle to export the security package of jackrabbit-core
> but I suppose there must be some reason for it not to be doing so. I'll
> appreciate any indication.
>
> Thanks in advance.
>
> Sebastian Gomez.
>
> P.S: Here's the line of org.apache.jackrabbit.core.SessionImpl where the
> ClassCastException occurs, marked with a "=====>" (in case it's of any use):
>
> protected AccessManager createAccessManager(Subject subject,
> HierarchyManager hierMgr)
> throws AccessDeniedException, RepositoryException {
> AccessManagerConfig amConfig =
> rep.getConfig().getAccessManagerConfig();
> try {
>
> AMContext ctx = new AMContext(new
> File(rep.getConfig().getHomeDir()),
> rep.getFileSystem(),
> subject,
> hierMgr,
> rep.getNamespaceRegistry(),
> wsp.getName());
> ====> AccessManager accessMgr = (AccessManager)
> amConfig.newInstance();
> accessMgr.init(ctx);
> return accessMgr;
> } catch (AccessDeniedException ade) {
> // re-throw
> throw ade;
> } catch (Exception e) {
> // wrap in RepositoryException
> String msg = "failed to instantiate AccessManager
> implementation: " + amConfig.getClassName();
> log.error(msg, e);
> throw new RepositoryException(msg, e);
> }
> }
>
