[
https://issues.apache.org/jira/browse/JCR-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173571#comment-13173571
]
Pontus Amberg commented on JCR-3188:
------------------------------------
I've deployed Jackrabbit JCA as described here
http://wiki.apache.org/jackrabbit/JackrabbitOnJBoss . I've also updated the
repository.xml to use an existing domain already configured in JBoss
login-config.xml as described here
http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity and with the
included patch I'm able to get a session using
repository.login() without specifying credentials if the user already is
authenticated.
> Try JACC / JSR-115 to get Subject in RepositoryImpl
> ---------------------------------------------------
>
> Key: JCR-3188
> URL: https://issues.apache.org/jira/browse/JCR-3188
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core
> Affects Versions: 2.3.5
> Environment: JCA Jackrabbit, JEE container, preauthenticated subject
> Reporter: Pontus Amberg
> Attachments: JACC_patch.diff.zip
>
>
> The extendAuthentication() method in RepositoryImpl could try to use JACC
> /JSR-115 ( http://jcp.org/en/jsr/detail?id=115 ) to get a preauthenticated
> subject if Subject.getSubject() fails ( see JCR-1584 ).
> This seems to make it possible in for example JBoss to get a session without
> specifying any credentials in the repository.login() method if the user
> already is authenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
