[
https://issues.apache.org/jira/browse/SLING-2623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588580#comment-13588580
]
Justin Edelson commented on SLING-2623:
---------------------------------------
As a follow up to this issue, we should probably deprecate LoginModulePlugin,
although I unfortunately think we need to continue to support it in the near
term.
> Simplifying usage of JAAS based authentication with Repository in OSGi
> ----------------------------------------------------------------------
>
> Key: SLING-2623
> URL: https://issues.apache.org/jira/browse/SLING-2623
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Chetan Mehrotra
> Attachments:
> org.apache.sling.jcr.jackrabbit.base-0.0.1-SNAPSHOT-src.tar.gz,
> SLING-2623.patch, SLING-2623-svn-compat.diff
>
>
> Currently Sling uses LoginModulePlugin to provide pluggable authentication
> support. I have been working on a poc to enable similar pluggable support
> based on JAAS. Complete details are provided at [1]. This work consisted of
> two parts
> 1. Simplify usage of JAAS in OSGi env - This is currently being
> discussed/implemented as a new bundle in Apache Felix. Refer to FELIX-3705 [2]
> 2. Modify Sling to make use of new JAAS support - This is implemented in
> Sling fork at [3]. Details about changes required in Sling are provide below
> This issue is created to capture the overall details. If required separate
> issues can be created to implement specific parts. All changes can be seen at
> [3]. Kindly provide your feedback/comments on the proposed approach :)
> Feature Details
> ===========
> A - New org.apache.sling.jcr.jackrabbit.base bundle
> ------------
> A new jar/bundle is added which provide some common classes which simplify
> Jackrabbit integration in OSGi env. Currently it provides two features
> * DelegatingLoginModule - This LoginModule acts as a bridge between OSGi and
> JR layer. It is based on Approach B explained in [1]
> * PrincipalProviderTracker - It is used to provide an OSGi based
> PrincipalProviderRegistry which follows the whiteboard pattern to collect
> PrincipalProviders
> B - Changes in Jackrabbit Server bundle
> ------------
> The Jackrabbit server bundle has been modified to make use of the new features
> * Repository config is modified to
> ** Use the DelegatingLoginModule
> ** Use the OsgiAwareSecurityManager which uses the OSGi based
> PrincipalProviderRegistry
> * SlingDefaultLoginModule - A new module is exposed as part of this bundle's
> API. Any other bundle which earlier implemented the LoginModulePlugin can
> extend this login module and integrate with Sling Repository authentication
> * pom.xml - It has been modified to expose the supported LoginModules and
> certain security related packages
> C - Changes in Form authentication bundle
> ------------
> The Form authentication bundle has been modified to regsiter a
> LoginModuleFactory. This uses the new approach to provide LoginModules as
> explained at [2],[4]
> "Changes in Sling" section of [1] provides more details on the changes done
> [1] https://github.com/chetanmeh/c/wiki/Jaas-in-OSGi-with-Jackrabbit-and-Sling
> [2] https://issues.apache.org/jira/browse/FELIX-3705
> [3] https://github.com/chetanmeh/sling/compare/jaas-osgi-adv
> [4] https://github.com/chetanmeh/c/wiki/JAAS-in-OSGi
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
