Hi Marco

I never had to do that but I would first try to compose the new configuration 
from the existing non-oak entries with additional oak-entries. In other words 
aggregating the result of getConfiguration() with the custom 
AppConfigurationEntry.

Kind regards
Angela
________________________________
From: Marco Piovesana <[email protected]>
Sent: Monday, March 9, 2020 3:23 PM
To: [email protected] <[email protected]>
Subject: Re: custom authentication module

Hi Angela,
I defined a custom configuration as you suggested by doing:

Configuration.setConfiguration(new Configuration() {
    @Override
    public AppConfigurationEntry[] getAppConfigurationEntry(String
applicationName) {
        return new AppConfigurationEntry[] {
                new
AppConfigurationEntry(CustomLoginModule.class.getName(),
LoginModuleControlFlag.SUFFICIENT, new HashMap<>())
        };
    }
});

This works fine when oak is executed standalone, but I have a problem when
I embed it within a JavaEE application. In this case there's already a
configuration for other resources (e.g. jms) and this solution overrides
that configuration.
How can define the login modules for a specific application (in my case
"jackrabbit.oak") without having to redefine the whole Configuration?

Marco.

On Thu, Feb 27, 2020 at 1:49 PM Marco Piovesana <[email protected]>
wrote:

> Hi Angela,
> thanks for the clarification! I did see that in L4_userIDTest but I wasn't
> sure it was meant to be used also in production. I've created OAK-8929 for
> the documentation update.
>
> Marco.
>
>
> On Thu, Feb 27, 2020 at 6:50 PM Angela Schreiber <[email protected]>
> wrote:
>
>> Hi Marco
>>
>> The section you are referring to talks about replacing the authentication
>> setup altogether... so replacing all parts of it.
>>
>> However, if your task is 'just' to configure an additional LoginModule or
>> replacing an existing one (but otherwise leaving the broader authentication
>> setup in place), that doesn't require replacing the
>> AuthenticationConfiguration. Instead that should be straight forward by
>> calling
>>
>>
>> javax.security.auth.login.Configuration.setConfiguration(yourCustomConfiguration)
>>
>> yourCustomConfiguration would define which LoginModules are being used
>> for your authentication, their order and a LoginModuleControlFlag for each
>> of them.
>>
>> Since the documentation is apparently not clear about this: may I ask you
>> to create a documentation issue such that we can fix that? Thanks.
>>
>> You can see an example on how this is done in a non-OSGi setup in
>> org.apache.jackrabbit.oak.AbstractSecurityTest that is located in oak-core.
>> From there yo can also find those derived tests that in fact defined a
>> different configuration... there should a few of those floating around in
>> Oak.
>>
>> Hope that helps
>> Angela
>>
>> ________________________________
>> From: Marco Piovesana <[email protected]>
>> Sent: Thursday, February 27, 2020 11:00 AM
>> To: [email protected] <[email protected]>
>> Subject: custom authentication module
>>
>> Hi all,
>> I'm trying to define a custom LoginModule that extends the
>> AbstractLoginModule in a NON-OSGi setup. Reading the documentation here
>> <https://jackrabbit.apache.org/oak/docs/security/authentication.html> at
>> the section "Pluggability" I think I understood that I have to options to
>> do it: defining my own SecurityProvider or using a JAAS configuration.
>> I tried to look at the source code and the examples but I'm having a hard
>> time understanding exactly how to do it. Is there anyone that can help me
>> out?
>>
>> Marco.
>>
>
>
>

--

marco piovesanA
Enterprise Application



*ESTECO* | EXPLORE DESIGN PERFECTION

AREA Science Park, Padriciano 99 - 34149 Trieste - ITALY
Phone: +39 040 3755548 - Fax: +39 040 3755549
[Website] <http://www.esteco.com> | [Twitter]
<https://twitter.com/esteco_mF> | [Facebook]
<https://www.facebook.com/esteco.spa> | [Linkedin]
<https://www.linkedin.com/company/748217>
Pursuant to Legislative Decree No. 196/2003, you are hereby informed that
this message contains confidential information intended only for the use of
the addressee. If you are not the addressee, and have received this message
by mistake, please delete it and immediately notify us. You may not copy or
disseminate this message to anyone. Thank you. Please consider the
environment before printing this email.

Reply via email to