Hi Marco The section you are referring to talks about replacing the authentication setup altogether... so replacing all parts of it.
However, if your task is 'just' to configure an additional LoginModule or replacing an existing one (but otherwise leaving the broader authentication setup in place), that doesn't require replacing the AuthenticationConfiguration. Instead that should be straight forward by calling javax.security.auth.login.Configuration.setConfiguration(yourCustomConfiguration) yourCustomConfiguration would define which LoginModules are being used for your authentication, their order and a LoginModuleControlFlag for each of them. Since the documentation is apparently not clear about this: may I ask you to create a documentation issue such that we can fix that? Thanks. You can see an example on how this is done in a non-OSGi setup in org.apache.jackrabbit.oak.AbstractSecurityTest that is located in oak-core. From there yo can also find those derived tests that in fact defined a different configuration... there should a few of those floating around in Oak. Hope that helps Angela ________________________________ From: Marco Piovesana <[email protected]> Sent: Thursday, February 27, 2020 11:00 AM To: [email protected] <[email protected]> Subject: custom authentication module Hi all, I'm trying to define a custom LoginModule that extends the AbstractLoginModule in a NON-OSGi setup. Reading the documentation here <https://jackrabbit.apache.org/oak/docs/security/authentication.html> at the section "Pluggability" I think I understood that I have to options to do it: defining my own SecurityProvider or using a JAAS configuration. I tried to look at the source code and the examples but I'm having a hard time understanding exactly how to do it. Is there anyone that can help me out? Marco.
