You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Pontus Amberg (Created) (JIRA)" <ji...@apache.org> on 2011/12/20 23:09:31 UTC
[jira] [Created] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Try JACC / JSR-115 to get Subject in RepositoryImpl
---------------------------------------------------
Key: JCR-3188
URL: https://issues.apache.org/jira/browse/JCR-3188
Project: Jackrabbit Content Repository
Issue Type: Improvement
Components: jackrabbit-core
Affects Versions: 2.3.5
Environment: JCA Jackrabbit, JEE container, preauthenticated subject
Reporter: Pontus Amberg
The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Attachment: JACC_patch.diff.zip
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
> Attachments: JACC_patch.diff.zip
>
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Status: Open (was: Patch Available)
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Status: Patch Available (was: Open)
Adds geronimo-jacc_1.1_spec to jackrabbit-core & jackrabbit-parent.
Adds logic to extendAuthentication() in RepositoryImpl that tries to fetch the Subject with JACC if Subject.getSubject() fails.
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Attachment: JACC_patch2.diff.zip
Updated the patch so that it now also works for Glassfish. Had to move the Subject lookup before extendAuthentication() to prevent AnonymousPrincipal to be added to the subject even if the subject already is authenticated in Glassfish. If anonymous is added SimpleAccessManager will only allow reads from the repository.
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
> Attachments: JACC_patch2.diff.zip
>
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Attachment: (was: JACC_patch.diff.zip)
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
LuceneQueryBuilder.visit on RelationQueryNode seems to handle null
relPaths oddly
Posted by Dave Brosius <db...@apache.org>.
Seems like absolute paths with similar and spellcheck operations are
flawed if I'm reading the code correctly.
public Object visit(RelationQueryNode node, Object data) throws
RepositoryException {
PathQueryNode relPath = node.getRelativePath();
if (*relPath* == null
&& node.getOperation() != QueryConstants.OPERATION_SIMILAR
&& node.getOperation() != QueryConstants.OPERATION_SPELLCHECK) {
exceptions.add(new InvalidQueryException("@* not supported
in predicate"));
return data;
}
LocationStepQueryNode[] steps = *relPath*.getPathSteps();
[jira] [Commented] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173571#comment-13173571 ]
Pontus Amberg commented on JCR-3188:
------------------------------------
I've deployed Jackrabbit JCA as described here http://wiki.apache.org/jackrabbit/JackrabbitOnJBoss . I've also updated the
repository.xml to use an existing domain already configured in JBoss login-config.xml as described here
http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity and with the included patch I'm able to get a session using
repository.login() without specifying credentials if the user already is authenticated.
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
> Attachments: JACC_patch.diff.zip
>
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (JCR-3188) Try JACC / JSR-115 to get Subject in
RepositoryImpl
Posted by "Pontus Amberg (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pontus Amberg updated JCR-3188:
-------------------------------
Affects Version/s: (was: 2.3.5)
2.3.6
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.6
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
> Attachments: JACC_patch2.diff.zip
>
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without specifying any credentials in the repository.login() method if the user already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira