Hi Marco

The section you are referring to talks about replacing the authentication setup 
altogether... so replacing all parts of it.

However, if your task is 'just' to configure an additional LoginModule or 
replacing an existing one (but otherwise leaving the broader authentication 
setup in place), that doesn't require replacing the 
AuthenticationConfiguration. Instead that should be straight forward by calling

javax.security.auth.login.Configuration.setConfiguration(yourCustomConfiguration)

yourCustomConfiguration would define which LoginModules are being used for your 
authentication, their order and a LoginModuleControlFlag for each of them.

Since the documentation is apparently not clear about this: may I ask you to 
create a documentation issue such that we can fix that? Thanks.

You can see an example on how this is done in a non-OSGi setup in 
org.apache.jackrabbit.oak.AbstractSecurityTest that is located in oak-core. 
From there yo can also find those derived tests that in fact defined a 
different configuration... there should a few of those floating around in Oak.

Hope that helps
Angela

________________________________
From: Marco Piovesana <[email protected]>
Sent: Thursday, February 27, 2020 11:00 AM
To: [email protected] <[email protected]>
Subject: custom authentication module

Hi all,
I'm trying to define a custom LoginModule that extends the
AbstractLoginModule in a NON-OSGi setup. Reading the documentation here
<https://jackrabbit.apache.org/oak/docs/security/authentication.html> at
the section "Pluggability" I think I understood that I have to options to
do it: defining my own SecurityProvider or using a JAAS configuration.
I tried to look at the source code and the examples but I'm having a hard
time understanding exactly how to do it. Is there anyone that can help me
out?

Marco.

Reply via email to