hi yusuf
I am trying to configure jackrabbit with ldap server and I need to use the
acl based security.
After some research, I came to a conclusion that the
trust_credentials_attribute parameter in the DefaultLoginModule is the thing
that will make me achive the integration.
I will handle the ldap login in my application and on successful login i
will login to the jackrabbit rep, but I don't want to maintain the user
passwords in jackrabbit so I need to allow login what ever the password is.
I think this is the purpose of trust_credentials_attribute
as far as i know the 'trust_credentials_attribute' parameter of the
login module is just the configuration option to turn on the
pre-authenticated-login functionality (by default this is disabled).
this doesn't mean that having the config option authentication
against the repository is omitted altogether but rather that
in this case the test for pre-authenticated subjects is evaluated.
see AbstractLoginModule#isPreAuthenticated for the very details.
the method documentation states:
* Returns <code>true</code> if the credentials should be
* considered as pre-authenticated and a password check is
* not required.
* This base class implementation returns <code>true</code> if the
* <code>creds</code> object is a SimpleCredentials instance and the
* configured {@link #getPreAuthAttributeName() trusted
* credentials property} is set to a non-<code>null</code> value
* in the credentials attributes. [...]
and of course you are free to do something different in your custom
extension from the AbstractLoginModule.
hope that helps
angela
