You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Chetan Mehrotra (JIRA)" <ji...@apache.org> on 2012/10/16 17:47:03 UTC
[jira] [Created] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
Chetan Mehrotra created SLING-2623:
--------------------------------------
Summary: Simplifying usage of JAAS based authentication with Repository in OSGi
Key: SLING-2623
URL: https://issues.apache.org/jira/browse/SLING-2623
Project: Sling
Issue Type: New Feature
Components: JCR
Reporter: Chetan Mehrotra
Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
Feature Details
===========
A - New org.apache.sling.jcr.jackrabbit.base bundle
------------
A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
* DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
* PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
B - Changes in Jackrabbit Server bundle
------------
The Jackrabbit server bundle has been modified to make use of the new features
* Repository config is modified to
** Use the DelegatingLoginModule
** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
* SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
* pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
C - Changes in Form authentication bundle
------------
The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
"Changes in Sling" section of [1] provides more details on the changes done
[1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
[2] https://issues.apache.org/jira/browse/FELIX-3705
[3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
[4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
Posted by "Chetan Mehrotra (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chetan Mehrotra updated SLING-2623:
-----------------------------------
Attachment: org.apache.sling.jcr.jackrabbit.base-0.0.1-SNAPSHOT-src.tar.gz
Just the source files for the new org.apache.sling.jcr.jackrabbit.base bundle.
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Attachments: org.apache.sling.jcr.jackrabbit.base-0.0.1-SNAPSHOT-src.tar.gz, SLING-2623.patch, SLING-2623-svn-compat.diff
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
Posted by "Carsten Ziegeler (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481312#comment-13481312 ]
Carsten Ziegeler commented on SLING-2623:
-----------------------------------------
Hi Chetan,
could you please provide svn based patches?
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Attachments: SLING-2623.patch
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
Posted by "Chetan Mehrotra (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chetan Mehrotra updated SLING-2623:
-----------------------------------
Attachment: SLING-2623-svn-compat.diff
svn compatible diff. If applying through eclipse select the reverse option
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Attachments: SLING-2623.patch, SLING-2623-svn-compat.diff
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2623) Simplifying usage of JAAS based
authentication with Repository in OSGi
Posted by "Chetan Mehrotra (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chetan Mehrotra updated SLING-2623:
-----------------------------------
Attachment: SLING-2623.patch
Complete patch as generated by git. Once consensus is reached on the proposed approach smaller fine grained patches can be provided.
To see a better view have a look at https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Attachments: SLING-2623.patch
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication support. I have been working on a poc to enable similar pluggable support based on JAAS. Complete details are provided at [1]. This work consisted of two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate issues can be created to implement specific parts. All changes can be seen at [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based PrincipalProviderRegistry which follows the whiteboard pattern to collect PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's API. Any other bundle which earlier implemented the LoginModulePlugin can extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a LoginModuleFactory. This uses the new approach to provide LoginModules as explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira