You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Chetan Mehrotra (JIRA)" <ji...@apache.org> on 2014/08/25 11:14:57 UTC

[jira] [Updated] (OAK-2051) Provide option to use Configuration SPI in JAAS authentication when running within AppServer

     [ https://issues.apache.org/jira/browse/OAK-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chetan Mehrotra updated OAK-2051:
---------------------------------

    Attachment: OAK-2051.patch

Patch which exposes a new config property {{org.apache.jackrabbit.oak.authentication.configSpiName}} in AuthenticationConfiguration to capture the JAAS Config Provider Name. if this is set then {{LoginContextProviderImpl}} would use the SPI API to fetch JAAS config. So in brief following steps are required

# Set following properties in _Apache Felix JAAS Configuration Factory_ {{org.apache.felix.jaas.ConfigurationSpi}}
## Set the _Global Configuration Policy_ to _Default_
## Set the _JAAS Config Provider Name_ to _FelixJaasProvider_
# Set the {{org.apache.jackrabbit.oak.authentication.configSpiName}} to _FelixJaasProvider_ in _Apache Jackrabbit Oak AuthenticationConfiguration_ {{org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl}}

This would ensure that Oak related JAAS configuration does not effect Global JAAS Configuration typically used by App Server

[~anchela] [~tripod] Kindly review

> Provide option to use  Configuration SPI in JAAS authentication when running within AppServer
> ---------------------------------------------------------------------------------------------
>
>                 Key: OAK-2051
>                 URL: https://issues.apache.org/jira/browse/OAK-2051
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: security
>            Reporter: Chetan Mehrotra
>            Assignee: Chetan Mehrotra
>             Fix For: 1.1, 1.0.6
>
>         Attachments: OAK-2051.patch
>
>
> LoginContextProviderImpl currently obtains JAAS configuration directly from the Configuration class. This works fine where the JAAS config is provided in std form like through file. This also works fine with Felix JAAS [1] where Felix JAAS is configured to replace the default configuration and thats ok when running in standalone env.
> However Felix JAAS also supports a SPI mode to fetch configuration which would allow running in App server env where the application server is also making use of JAAS. 
> Oak should provide an option to make use of the SPI mode when running in App Server  env so as to isolate the Oak's use of JAAS logic from App Server's usage
> [1] http://felix.apache.org/documentation/subprojects/apache-felix-jaas.html#configuration-spi-with-default-policy-mode



--
This message was sent by Atlassian JIRA
(v6.2#6252)