Thanks angela for providing this information. Since I am using the DefaultAccessManager, I think AbstractLoginModule offloads some work of dealing with the access manager which if I understand correctly, is adding the necessary principals to the subject. As you suggested, I could have done without it as well if I myself added the necessary principals to the subject in my login module's commit method.
On Tue, Oct 2, 2012 at 2:03 PM, Angela Schreiber <[email protected]> wrote: > hi all > > please note that there is no requirement whatsoever that > a LoginModule should extend from AbstractLoginModule. you can > configure any custom login module implementation. > > but: you have to make sure that the subject populated upon > commit() fits the access restrictions enforced by the configured > AccessManager and WorkspaceAccessManager. the setup might even > work without any principals if you configure the repository to use > e.g. a dummy authorization setup... that only depends on your > use-cases. > > kind regards > angela > > > On 9/29/12 5:38 AM, connuser1 connuser1 wrote: > >> Thanks Chetan!! My problem was resolved by your suggestion. >> >> I extended the >> org.apache.jackrabbit.core.**security.authentication.**DefaultLoginModule >> and >> just overrided its getPrincipal method to create a new user if it did not >> find one in the repository. This way I could use DefaultLoginModule's >> capability to authenticate against the repository. Hopefully it is the >> right approach. >> >> >> >> On Wed, Sep 26, 2012 at 4:07 PM, Chetan Mehrotra >> <[email protected]>**wrote: >> >> Hi, >>> >>> The access is failing because your login module does not add the >>> EveryonePrincipal to the set of principal associated with the Subject >>> for that session. >>> >>> Your LoginModule should extend from the AbstractLoginModule as it >>> takes cares of performing some common task. For example it would use >>> the default principal provider to fetch the group membership which >>> would always include membership to EveryonePrincipal. Also have a look >>> at SimpleLoginModule in jacrabbit-core module >>> >>> Chetan Mehrotra >>> >>>
