Excellent! Thanks a lot!
In fact, I had to change it a little. My configuration now looks like this:
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
my.custom.LoginModule required skip_on_previous_success=true;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
I have the Magnolia login module first and my custom login module afterwards.
Setting the flag to "requisite" somehow did not work for me, but with required
everything is hunky-dory. I can login with users from both login module sources
and I also get the expected error message when I enter an incorrect password.
So again: Thanks for the help!
-will
On 04.04.2011, at 02:17, Thomas Duffey wrote:
> Will,
>
> This isn't exactly what you're describing but here's one of my jaas.config
> files that authenticates against an LDAP directory first, then tries standard
> Magnolia authentication and also does the standard JCR authorization:
>
> magnolia {
> my.custom.LdapAuthenticationModule optional;
> info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite
> skip_on_previous_success=true;
> info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
> };
>
> Jackrabbit {
> org.apache.jackrabbit.core.security.SimpleLoginModule required;
> };
>
> You might be able to reorder the above and get what you need.
>
> Tom
>
> On Apr 2, 2011, at 4:54 PM, Will Scheidegger wrote:
>
>>
>> I think I have a vague idea of how things should be working now with the
>> Jaas login. I managed to write my own login module which (for now) has an
>> internal (hard-coded) hash of users that it uses to authenticate. Afterwards
>> he regular JCRAuthorizaionModule is used to complete things.
>>
>> I do have a sight problem with the jaas config file however. What I want the
>> following setup:
>>
>> 1. Try to authenticate the user with the standard JCRAutenticationModule
>> 2. If that fails, try to authenticate the user with my custom login module
>> 3. If 1 or 2 succeeded finish of with he JCRAuthorizationModule
>>
>> When I set 1 and 2 to "requisite" things will fail because either login
>> module 1 or 2 does not know anything about the user.
>> When I set 1 and 2 to "optional" it works as expected, but I will not get an
>> error message anymore when the login fails (because both modules doing the
>> login are optional)
>>
>> Is there a way to solve this? It seems to me like this should not be such an
>> uncommon scenario... but maybe it is because normally you would have only
>> one login module per user directory...?
>>
>> Thanks for the help!
>> -will
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
