Hi,
> what i understood:
>
> - you added your own LoginModule to the repository.xml
> security configuration.
> - and want this to be used.
Right.
> what is the reason for having the jaas.config pointing
> to a different LoginModule?
Liferay needs it for their webservice wrapper.
> if you have it configured in the repository.xml you
> don't need the jaas.config after all.
Thats right. But ATM the jboss implementation (or their understanding of how
to implement jaas) is the problem.
In detail: even if I have configured my loginmodule the AuthContextProvider
checks at first, if any JAAS configuration is available.
With JBoss JAAS impl the AuthContextProvider.isJAAS() alsways returns true
(when Liferay is deployed), because
Configuration.getAppConfigurationEntry(appName) returns always the
configuration specified inside jaas.config. The used name doenst matter. :-(
In Jackrabbit 1.4.x versions there was the implementation little bit different
in RepositoryImpl.login(...):
AuthContext authCtx;
LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
if (lmc == null) {
authCtx = new AuthContext.JAAS(repConfig.getAppName(),
credentials);
} else {
...
So at first it was checked, if there exists any configured login module,
before using JAAS.
