Dear All,
I have evaluating JackRabbit 2 (2.10.3) for couple of days and its
usefulness for one of my projects. I have reached almost everything I needed
including an external LoginModule authentication using a JAAS-compliant module
which works. However I have encountered an issue I do not know how to solve or
maybe I have misunderstood something.
I am going to use JackRabbit as a content server and communicate with it via
WebDav HTTP interfaces (remotely). That works including mentioned JAAS
LoginModule integration (KeyCloak) First lines of my test application are:
repository =
JcrUtils.getRepository("http://localhost:8080/jackrabbit-webapp /server");
session = repository.login(new SimpleCredentials("test1",
"test".toCharArray()), "default");
where test1 and test are valid Keycloak user credentials and the login process
is successful. The problem is that many operations called before I call the
session.logout() when I create nodes, search for nodes, remove nodes etc. -
being theoretically applied in a correct, logged session - on the server's side
are still preceded by JAAS authentication again and again - actually at each
atomic operation I am performing within the session. Instead I would rather
expect that logged once, before calling session.logout() JAAS login is omitted
so I can work in a performant way. I do not know why at the DAV servlet side,
the session is not cached/maintained/recognized so the again login is not
needed since it already has taken place. And - unfortunately - the performance
decrease I am observing that is really significant and unacceptable.
Does anyone can let me know whether I am doing something wrong, do I have to
configure something in a better so the session is recognized/stored or is it a
correct way it should work?
Any help would be much appreciated. Thank you.
Best regards,
Krzysztof Lembicz
