Angela, Thinking about it some more doesn't using the UserManager require that a user already be logged into a session? So an admin user would have to log into a session to obtain the UserManager and create users prior to other users logging into a session and expecting a non anonymous principal from being associated with the session. I'm not sure if that will work in my situation as I won't know all usernames/password to add to the UserManager ahead of time. In my situation actually I'll already have a principal before I'll call Repository.login(Credentials). So I'm already translating that principal into credentials and ideally the subject of the session would have a principal that is the same or at least has the same name. So in this situation would I think I would want a PrincipalProvider. Am I correct in that assumption?
I think I misunderstood in your previous response what use case you wanted me to log an issue for. I have logged another issue[1] with respect to the the available login modules not supporting custom PrincipalProviders. Thanks in advance for you help, Micah [1] - https://issues.apache.org/jira/browse/JCR-1641 On Thu, Jun 5, 2008 at 1:57 AM, Angela Schreiber <[EMAIL PROTECTED]> wrote: > hi micah > > first of all: principal discovery and/or user management is not > covered by JSR 283 and left to the implementation. > > what jackrabbit core currently does: >> retrieve adminId and anonymousId from the config in order to > initialize those users (if missing some internal default > id value is used). >> it's not meant that other users must be configured in the > repository.xml >> instead you should be able to obtain the UserManager from the > JackrabbitSession in order to create additional users/groups > as you need them. >> the default principal provider obtains principals from > the user manager. > >> Looking through the code I >> came to the conclusion I'd need to write a PrincipalProvider that >> would support the multiple Principals with various names. Is that a >> correct assumption? > > see above. it's not required unless you want the principals > not to be obtained from the user manager. > >> And running a test that calls RepositoryImpl.login(Credentials) gives >> me the following stack trace: > > that's probably a bug. can you open an issue for that? > > regards > angela > >
