For our app we wanted each session associated with a user. Our application does not use JAAS; our authentication is handled at the organization level. I got around it by extending the JcrSessionFactory (using spring modules) to associate the User information (we have a lightweight User object with id and role on a threadlocal) and just putting the user name on the simple credentials instance that is used to generate the JR session.
Would the "correct" way have been to use JAAS regardless of the fact that our authentication is handled by a custom system, or is the solution described above acceptable? On Wed, Aug 20, 2008 at 3:57 AM, Angela Schreiber <[EMAIL PROTECTED]> wrote: > Warner Onstine wrote: > >> Or I just found this comment in the repository DTD: >> "the LoginModule element optionally specifies a JAAS login module to >> authenticate users. This feature allows the use of Jackrabbit in a >> non-JAAS environment." >> >> Is it possible to use a different type of LoginModule? If so what do I >> need to do here? Another interface I need to implement? >> > > > http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/spi/LoginModule.html > > http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html#Steps > > hope that helps > angela > -- --------------------- Michael Harris
