You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Anand Bhagwat <ab...@gmail.com> on 2008/04/02 12:13:31 UTC
Question regarding Custom Authentication and Authorization with springmodules
Hi,
I intend to use jackrabbit with custom authentication and authorization. So
each user which logs in to application would have different access rights on
repository and typically he would be having a separate session. I am also
planning to use springmodules for JCR and I saw some samples for it. Below
is one such sample.
But the problem in this approach is that JcrSessionFactory is been
initialized with a fix set of credentials. So my question is there any way
that I can use custom authentication and authorization and still use
springmodules to get benefits offered by springmodules like declarative
transactions, JcrTemplate etc.
Spring Context -->
<bean id="repository"
class="org.springmodules.jcr.jackrabbit.RepositoryFactoryBean">
<!-- normal factory beans params -->
<property name="configuration" value="classpath:jackrabbit-repo.xml"/>
<property name="homeDir" value="/repo"/>
</bean>
<bean id="sessionFactory"
class="org.springmodules.jcr.JcrSessionFactory">
<property name="repository" ref="repository"/>
<property name="credentials">
<bean class="javax.jcr.SimpleCredentials">
<constructor-arg index="0" value="bogus"/>
<!-- create the credentials using a bean factory -->
<constructor-arg index="1">
<bean factory-bean="password"
factory-method="toCharArray"/>
</constructor-arg>
</bean>
</property>
</bean>
<!-- create the password to return it as a char[] -->
<bean id="password" class="java.lang.String">
<constructor-arg index="0" value="pass"/>
</bean>
<bean id="jcrTemplate" class="org.springmodules.jcr.JcrTemplate">
<property name="sessionFactory" ref="sessionFactory"/>
<property name="allowCreate" value="true"/>
</bean>
Thanks,
Anand.
Re: Question regarding Custom Authentication and Authorization with springmodules
Posted by harvey waters <ha...@googlemail.com>.
I use Spring Modules, Acegi and JackRabbit. My configuration uses the acegi
context object. I had to create my own Session Factoryobject that was able
use Spring's "lookup-method" to tie the whole thing together. Its
complicated but it works. Acegi looks after all the authentication and
jackrabbit (+ my own acl stuff) looks after authorisation of the content.
It took a while to get going but Acegi enables me to configure different
authentication types (I use NTLM for windows single sign on) and JackRabbit
allows me to do content authorisation to a very low level of granularity.
Before we get caught by Jukka, I guess I should state that this thread
should be on the 'users' mail list rather than the developers ;)
<bean id="securityContext" scope="prototype"
class="org.acegisecurity.context.SecurityContextHolder"
factory-method="getContext">
</bean>
<bean id="authentication" scope="prototype"
factory-bean="securityContext" factory-method="getAuthentication">
</bean>
<bean id="principalBean" scope="prototype"
factory-bean="authentication" factory-method="getName">
</bean>
<bean id="credentials" class="javax.jcr.SimpleCredentials"
scope="prototype">
<constructor-arg index="0">
<ref bean="principalBean" />
</constructor-arg>
<constructor-arg index="1">
<bean factory-bean="password" factory-method="toCharArray" />
</constructor-arg>
</bean>
<bean id="jcrsessionFactory" scope="singleton"
class="com.MyOwnImplemetation.JcrSessionFactory">
<constructor-arg index="0" >
<ref bean="sessionHolderProvider"/>
</constructor-arg>
<property name="repository">
<ref bean="repository" />
</property>
<lookup-method name="getUSERCredentials" bean="credentials" />
</bean>
On Wed, Apr 2, 2008 at 11:13 AM, Anand Bhagwat <ab...@gmail.com>
wrote:
> Hi,
> I intend to use jackrabbit with custom authentication and authorization.
> So
> each user which logs in to application would have different access rights
> on
> repository and typically he would be having a separate session. I am also
> planning to use springmodules for JCR and I saw some samples for it. Below
> is one such sample.
> But the problem in this approach is that JcrSessionFactory is been
> initialized with a fix set of credentials. So my question is there any way
> that I can use custom authentication and authorization and still use
> springmodules to get benefits offered by springmodules like declarative
> transactions, JcrTemplate etc.
>
> Spring Context -->
>
> <bean id="repository"
> class="org.springmodules.jcr.jackrabbit.RepositoryFactoryBean">
> <!-- normal factory beans params -->
> <property name="configuration"
> value="classpath:jackrabbit-repo.xml"/>
> <property name="homeDir" value="/repo"/>
> </bean>
>
> <bean id="sessionFactory"
> class="org.springmodules.jcr.JcrSessionFactory">
> <property name="repository" ref="repository"/>
> <property name="credentials">
> <bean class="javax.jcr.SimpleCredentials">
> <constructor-arg index="0" value="bogus"/>
> <!-- create the credentials using a bean factory -->
> <constructor-arg index="1">
> <bean factory-bean="password"
> factory-method="toCharArray"/>
> </constructor-arg>
> </bean>
> </property>
> </bean>
>
> <!-- create the password to return it as a char[] -->
> <bean id="password" class="java.lang.String">
> <constructor-arg index="0" value="pass"/>
> </bean>
>
> <bean id="jcrTemplate" class="org.springmodules.jcr.JcrTemplate">
> <property name="sessionFactory" ref="sessionFactory"/>
> <property name="allowCreate" value="true"/>
> </bean>
>
> Thanks,
> Anand.
>