You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Angela Schreiber <an...@adobe.com> on 2012/10/02 10:33:14 UTC
Re: No session returned on repository.login
hi all
please note that there is no requirement whatsoever that
a LoginModule should extend from AbstractLoginModule. you can
configure any custom login module implementation.
but: you have to make sure that the subject populated upon
commit() fits the access restrictions enforced by the configured
AccessManager and WorkspaceAccessManager. the setup might even
work without any principals if you configure the repository to use
e.g. a dummy authorization setup... that only depends on your
use-cases.
kind regards
angela
On 9/29/12 5:38 AM, connuser1 connuser1 wrote:
> Thanks Chetan!! My problem was resolved by your suggestion.
>
> I extended the
> org.apache.jackrabbit.core.security.authentication.DefaultLoginModule and
> just overrided its getPrincipal method to create a new user if it did not
> find one in the repository. This way I could use DefaultLoginModule's
> capability to authenticate against the repository. Hopefully it is the
> right approach.
>
>
>
> On Wed, Sep 26, 2012 at 4:07 PM, Chetan Mehrotra
> <ch...@gmail.com>wrote:
>
>> Hi,
>>
>> The access is failing because your login module does not add the
>> EveryonePrincipal to the set of principal associated with the Subject
>> for that session.
>>
>> Your LoginModule should extend from the AbstractLoginModule as it
>> takes cares of performing some common task. For example it would use
>> the default principal provider to fetch the group membership which
>> would always include membership to EveryonePrincipal. Also have a look
>> at SimpleLoginModule in jacrabbit-core module
>>
>> Chetan Mehrotra
>>
Re: No session returned on repository.login
Posted by connuser1 connuser1 <co...@gmail.com>.
Thanks angela for providing this information.
Since I am using the DefaultAccessManager, I think AbstractLoginModule
offloads some work of dealing with the access manager which if I understand
correctly, is adding the necessary principals to the subject. As you
suggested, I could have done without it as well if I myself added the
necessary principals to the subject in my login module's commit method.
On Tue, Oct 2, 2012 at 2:03 PM, Angela Schreiber <an...@adobe.com> wrote:
> hi all
>
> please note that there is no requirement whatsoever that
> a LoginModule should extend from AbstractLoginModule. you can
> configure any custom login module implementation.
>
> but: you have to make sure that the subject populated upon
> commit() fits the access restrictions enforced by the configured
> AccessManager and WorkspaceAccessManager. the setup might even
> work without any principals if you configure the repository to use
> e.g. a dummy authorization setup... that only depends on your
> use-cases.
>
> kind regards
> angela
>
>
> On 9/29/12 5:38 AM, connuser1 connuser1 wrote:
>
>> Thanks Chetan!! My problem was resolved by your suggestion.
>>
>> I extended the
>> org.apache.jackrabbit.core.**security.authentication.**DefaultLoginModule
>> and
>> just overrided its getPrincipal method to create a new user if it did not
>> find one in the repository. This way I could use DefaultLoginModule's
>> capability to authenticate against the repository. Hopefully it is the
>> right approach.
>>
>>
>>
>> On Wed, Sep 26, 2012 at 4:07 PM, Chetan Mehrotra
>> <ch...@gmail.com>**wrote:
>>
>> Hi,
>>>
>>> The access is failing because your login module does not add the
>>> EveryonePrincipal to the set of principal associated with the Subject
>>> for that session.
>>>
>>> Your LoginModule should extend from the AbstractLoginModule as it
>>> takes cares of performing some common task. For example it would use
>>> the default principal provider to fetch the group membership which
>>> would always include membership to EveryonePrincipal. Also have a look
>>> at SimpleLoginModule in jacrabbit-core module
>>>
>>> Chetan Mehrotra
>>>
>>>