You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by Guillaume Belrose <ka...@gmail.com> on 2011/09/08 10:09:18 UTC

Plan to integrate Apache Shiro with Jackrabbit?

Hi all,

I am wondering if there are any thoughts/plans to integrate Jackrabbit
with Apache Shiro (http://shiro.apache.org/)? Shiro is a departure
from the JAAS model which is what Jackrabbit uses.

Cheers,

Guillaume.

Re: Plan to integrate Apache Shiro with Jackrabbit?

Posted by Alexander Klimetschek <ak...@adobe.com>.

On 08.09.11 10:09, "Guillaume Belrose" <ka...@gmail.com> wrote:
>I am wondering if there are any thoughts/plans to integrate Jackrabbit
>with Apache Shiro (http://shiro.apache.org/)? Shiro is a departure
>from the JAAS model which is what Jackrabbit uses.

Jackrabbit implements the JCR 2.0 specification that comes with its own
authentication and authorization model for all JCR operations.

For authentication, JAAS LoginModules are used in Jackrabbit's
implementation (so you can reuse existing LoginModules) and Jackrabbit's
specific API and implementation reuses java.security.* interfaces such as
Principal to work with those login modules, but there is no java security
style "code-level checking" going on (at least not that I am aware of ;-)).

Not sure what of Apache Shiro could be reused, but it will always have to
be wrapped under the JCR authentication and authorization mechanisms.

Regards,
Alex

-- 
Alexander Klimetschek
Developer // Adobe (Day) // Berlin - Basel