hi all
please note that there is no requirement whatsoever that
a LoginModule should extend from AbstractLoginModule. you can
configure any custom login module implementation.
but: you have to make sure that the subject populated upon
commit() fits the access restrictions enforced by the configured
AccessManager and WorkspaceAccessManager. the setup might even
work without any principals if you configure the repository to use
e.g. a dummy authorization setup... that only depends on your
use-cases.
kind regards
angela
On 9/29/12 5:38 AM, connuser1 connuser1 wrote:
Thanks Chetan!! My problem was resolved by your suggestion.
I extended the
org.apache.jackrabbit.core.security.authentication.DefaultLoginModule and
just overrided its getPrincipal method to create a new user if it did not
find one in the repository. This way I could use DefaultLoginModule's
capability to authenticate against the repository. Hopefully it is the
right approach.
On Wed, Sep 26, 2012 at 4:07 PM, Chetan Mehrotra
<[email protected]>wrote:
Hi,
The access is failing because your login module does not add the
EveryonePrincipal to the set of principal associated with the Subject
for that session.
Your LoginModule should extend from the AbstractLoginModule as it
takes cares of performing some common task. For example it would use
the default principal provider to fetch the group membership which
would always include membership to EveryonePrincipal. Also have a look
at SimpleLoginModule in jacrabbit-core module
Chetan Mehrotra
