[
https://issues.apache.org/jira/browse/SLING-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803395#action_12803395
]
Ian Boston commented on SLING-1282:
-----------------------------------
Uploaded patch set for this to http://codereview.appspot.com/190100
Issues:
Jackrabbit binds directly to SImpleCredentials which is final.
So I have had to use a wrapped callback handler to intercept requests for the
User ID and Impersonation where the final AdministrativeCredentials and
AnonCredentials are used. This appears to be perfectly Ok for the UserID, but I
am concerned that two things might be broken and not picked up by either
integration testing or unit testing
Impersonation
JAAS based authentication which will further rely on the CallbackHandler
mechanisms.
If someone has the time, I would appreciate a check as I dont think I should
commit as it is.
Thanks
Ian
> Adminisrative logins depend on password in the code or config
> -------------------------------------------------------------
>
> Key: SLING-1282
> URL: https://issues.apache.org/jira/browse/SLING-1282
> Project: Sling
> Issue Type: Bug
> Components: JCR
> Affects Versions: JCR Jackrabbit Server 2.0.6
> Reporter: Ian Boston
> Assignee: Ian Boston
> Fix For: JCR Jackrabbit Server 2.0.6
>
>
> Administrative logins use SimpleCredentials which means that they have to
> have a password. Although this is a configuration parameter changing the
> admin password creates some JVM timing difficulties especially when operating
> in a cluster. (JVMs would probably need to be restarted with new config
> immediately after changing the admin password.)
> It would be better to use special credentials to indicate internal logins to
> the repository (eg public final class AdministrativeCredentials implements
> Credentials)
> same is true for Anon/Guest users, although less important.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
