You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2013/03/19 14:49:15 UTC
[jira] [Commented] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
[ https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13606349#comment-13606349 ]
Antonio Sanso commented on SLING-2623:
--------------------------------------
[~chetanm] I have been working towards a slightly different approach.
just try to resume here.
What we might do is ship Sling without the LoginModule part in the repository.xml, namely
<!--<LoginModule class="org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultLoginModule">
<param name="anonymousId" value="anonymous"/>
<param name="adminId" value="admin"/>
</LoginModule> -->
This will means that Jackrabbit will use JAAS since the AuthContextProvider#islocal will return false.
At this stage we can leverage the Felix JAAS mechanism of FELIX-3705 .
We obviously will keep org.apache.sling.jcr.jackrabbit.server.impl.security.PluggableDefaultLoginModule in a compatibilty bundle for backward compatibilty.
I will come soon with a patch.
WDYT?
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Assignee: Antonio Sanso
> Attachments: org.apache.sling.jcr.jackrabbit.base-0.0.1-SNAPSHOT-src.tar.gz, SLING-2623.patch, SLING-2623-svn-compat.diff
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira