hi
Does anyone have an insight into this problem? Are there people on this list using pre-built JAAS LoginModules with Jackrabbit?
i didn't up to now. basically the access evaluation should work even if there is not admin/system principal. the workspace access if i'm not mistaken just uses it as shortcut (and so does the the access control provider) and otherwise starts the general access evaluation process.
If I start with a working configuration (using DefaultAccessManager and DefaultLoginModule), and add a login.conf file that configures the Sun LdapLoginModule, my Session logins throw exceptions "Unable to access workspace 'default'".
but i'd say that this is not primarily caused by the principal classes but rather by the fact that your user doesn't have any acl-entries set thus isn't allowed anything. what happens is: - default security manager retrieves adminId from config (or uses default values) - .. and creates system users: > admin, anonymous and administrators > adds admin to administrators group - acl provider creates minimal acls on the root > allowing read for everybody > allowing all permissions for the admins now, with your custom login-module i assume that you - don't pass the adminId to the security manager - don't have everybody principal added to the set of principals present with the subject. consequently, the ac-evaluation will not find any matching aces for your set of principals. regards angela
