[jira] Resolved: (JCR-1977) authentication order has changed from 1.4.x to 1.5.x

Thu, 18 Jun 2009 02:25:43 -0700 

     [ 
https://issues.apache.org/jira/browse/JCR-1977?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

angela resolved JCR-1977.
-------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.0
         Assignee: angela

rev. 785981
Changed AuthContextProvider to prefer 'local' LoginModule over JAAS. This means 
that the 'local' configuration always takes precedence and JAAS configuration 
is only respected if no local config is present.

> authentication order has changed from 1.4.x to 1.5.x
> ----------------------------------------------------
>
>                 Key: JCR-1977
>                 URL: https://issues.apache.org/jira/browse/JCR-1977
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-core, security
>    Affects Versions: 1.5.0, 1.5.2
>         Environment: JBoss 4.0.5 + deployed Liferay 4.2.2 on any Platform
>            Reporter: Thomas Fromm
>            Assignee: angela
>            Priority: Critical
>             Fix For: 2.0.0
>
>
> In 1.4.x inside RepositoryImpl.login(...) at first the local configuration is 
> checked for configured LoginModules and after it was unsuccessful, the JAAS 
> component is asked:
>           AuthContext authCtx;
>             LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
>             if (lmc == null) {
>                         authCtx = new 
> AuthContext.JAAS(repConfig.getAppName(), credentials);
>             } else {
> ...
> With 1.5.x this behaviour has moved to SimpleSecurityManager.init(..) and is 
> changed:
>         LoginModuleConfig loginModConf = config.getLoginModuleConfig();
>         authCtxProvider = new AuthContextProvider(config.getAppName(), 
> loginModConf);
>         if (authCtxProvider.isJAAS()) {
>             log.info("init: using JAAS LoginModule configuration for " + 
> config.getAppName());
>         } else if (authCtxProvider.isLocal()) {
> ...
> The problem is with JBoss JAAS implemantation, that authCtxProvider.isJAAS()  
> is always true.
> Because for any reason, the result of 
> Configuration.getAppConfigurationEntry(appName) is never empty,
> when a jaas.config is specified for Liferay. Using different appName takes no 
> effect, always the configuration inside the jaas.config is used.
> I think still first the local configuration should be concerned, before using 
> JAAS.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to