Trying to wrap my head around Jackrabbit authentication following
my failure to set up JAAS login. What I want to do is to have
the spring-modules-jcr JcrTemplate to get a session which is
NOT authenticated with a fixed username/password provided in
the Spring application context:
<bean id="jcrSessionFactory"
class="org.springmodules.jcr.JcrSessionFactory">
<property name="repository" ref="repository"/>
<property name="credentials">
<bean class="javax.jcr.SimpleCredentials">
<constructor-arg index="0" value="${repository.user}"/>
<constructor-arg index="1">
<bean factory-bean="password"
factory-method="toCharArray"/>
</constructor-arg>
</bean>
</property>
</bean>
<bean id="password" class="java.lang.String">
<constructor-arg index="0" value="${repository.password}"/>
</bean>
I want to use the credentials of the user currently logged
in to the container. I assume that I cannot get hold of
these in the Spring declarations. If I don't include the
credentials property of the jcrSessionfactory bean and use
SimpleLoginModule, I get an anonymous login. When I try
a JAAS LoginModule from Jetty I get UnsupportedCallbackException
and it doesn't feel quite right anyway: if I have security-constraint
in web.xml around the entire webapp, the use is already logged
in when the Jackrabbit session is created. What I really
want is the logged in user's credentials to be passed on
to Jackrabbit.
Do I have to write my own LoginModule for that or is there
a ready way to do this?
--
mogul | nils weinander |
hudiksvallsgatan 4 113 30 stockholm sweden |
+46 8 4100 6456 | +46 709 78 28 37 |
[email protected] | skype: nils.weinander |
www.mogul.com
