Removing Jacrabbit Login

[Odie1001 <ga...@htk.co.uk>]

Hi

I have setup a JCR repository in TOMCAT 6 and it is working fine. We are
using the default setup where to access a repository a username and password
is required (but it can be anything).

We have a thirdparty app that is trying to retreive an xml doc stored in
this repository however there is no way for this app to pass a username and
password prameter to the repository. Is there away to remove the login
security for Jackrabbit so that the app can retreive the xml file?

Any suggestions would be helpful.


-- 
View this message in context: http://www.nabble.com/Removing-Jacrabbit-Login-tp25956293p25956293.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: Removing Jacrabbit Login

[Odie1001 <ga...@htk.co.uk>]

Hi Alexander

THanks for the info. We are coding around this issue now.

Thanks for the quick responce.

Gavin



Alexander Klimetschek wrote:
> 
> On Mon, Oct 19, 2009 at 12:53, Odie1001 <ga...@htk.co.uk> wrote:
>> I have setup a JCR repository in TOMCAT 6 and it is working fine. We are
>> using the default setup where to access a repository a username and
>> password
>> is required (but it can be anything).
>>
>> We have a thirdparty app that is trying to retreive an xml doc stored in
>> this repository however there is no way for this app to pass a username
>> and
>> password prameter to the repository.
> 
> Why? How is it accessing the JCR? Using the JCR API remotely? Or using
> webdav? All access methods that I know provide a way to pass the
> credentials. If you use a custom server interface, you can use "admin"
> credentials there (albeit I would not recommend that, rather always
> try to do end-user login the whole way).
> 
>> Is there away to remove the login security for Jackrabbit so that
>> the app can retreive the xml file?
> 
> As you said, it can be anything, I guess you use a Jackrabbit pre-1.5
> with SimpleLoginModule that only separates between "admin",
> "anonymous" and other users, allowing all passwords. This is already a
> reduced security. Otherwise there is no way to go around a login, as
> the JCR API requires a login to acquire a session.
> 
> Regards,
> Alex
> 
> -- 
> Alexander Klimetschek
> alexander.klimetschek@day.com
> 
> 

-- 
View this message in context: http://www.nabble.com/Removing-Jacrabbit-Login-tp25956293p25974867.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: Removing Jacrabbit Login

[Alexander Klimetschek <ak...@day.com>]

On Mon, Oct 19, 2009 at 12:53, Odie1001 <ga...@htk.co.uk> wrote:
> I have setup a JCR repository in TOMCAT 6 and it is working fine. We are
> using the default setup where to access a repository a username and password
> is required (but it can be anything).
>
> We have a thirdparty app that is trying to retreive an xml doc stored in
> this repository however there is no way for this app to pass a username and
> password prameter to the repository.

Why? How is it accessing the JCR? Using the JCR API remotely? Or using
webdav? All access methods that I know provide a way to pass the
credentials. If you use a custom server interface, you can use "admin"
credentials there (albeit I would not recommend that, rather always
try to do end-user login the whole way).

> Is there away to remove the login security for Jackrabbit so that
> the app can retreive the xml file?

As you said, it can be anything, I guess you use a Jackrabbit pre-1.5
with SimpleLoginModule that only separates between "admin",
"anonymous" and other users, allowing all passwords. This is already a
reduced security. Otherwise there is no way to go around a login, as
the JCR API requires a login to acquire a session.

Regards,
Alex

-- 
Alexander Klimetschek
alexander.klimetschek@day.com