Hi Marco I never had to do that but I would first try to compose the new configuration from the existing non-oak entries with additional oak-entries. In other words aggregating the result of getConfiguration() with the custom AppConfigurationEntry.
Kind regards Angela ________________________________ From: Marco Piovesana <[email protected]> Sent: Monday, March 9, 2020 3:23 PM To: [email protected] <[email protected]> Subject: Re: custom authentication module Hi Angela, I defined a custom configuration as you suggested by doing: Configuration.setConfiguration(new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) { return new AppConfigurationEntry[] { new AppConfigurationEntry(CustomLoginModule.class.getName(), LoginModuleControlFlag.SUFFICIENT, new HashMap<>()) }; } }); This works fine when oak is executed standalone, but I have a problem when I embed it within a JavaEE application. In this case there's already a configuration for other resources (e.g. jms) and this solution overrides that configuration. How can define the login modules for a specific application (in my case "jackrabbit.oak") without having to redefine the whole Configuration? Marco. On Thu, Feb 27, 2020 at 1:49 PM Marco Piovesana <[email protected]> wrote: > Hi Angela, > thanks for the clarification! I did see that in L4_userIDTest but I wasn't > sure it was meant to be used also in production. I've created OAK-8929 for > the documentation update. > > Marco. > > > On Thu, Feb 27, 2020 at 6:50 PM Angela Schreiber <[email protected]> > wrote: > >> Hi Marco >> >> The section you are referring to talks about replacing the authentication >> setup altogether... so replacing all parts of it. >> >> However, if your task is 'just' to configure an additional LoginModule or >> replacing an existing one (but otherwise leaving the broader authentication >> setup in place), that doesn't require replacing the >> AuthenticationConfiguration. Instead that should be straight forward by >> calling >> >> >> javax.security.auth.login.Configuration.setConfiguration(yourCustomConfiguration) >> >> yourCustomConfiguration would define which LoginModules are being used >> for your authentication, their order and a LoginModuleControlFlag for each >> of them. >> >> Since the documentation is apparently not clear about this: may I ask you >> to create a documentation issue such that we can fix that? Thanks. >> >> You can see an example on how this is done in a non-OSGi setup in >> org.apache.jackrabbit.oak.AbstractSecurityTest that is located in oak-core. >> From there yo can also find those derived tests that in fact defined a >> different configuration... there should a few of those floating around in >> Oak. >> >> Hope that helps >> Angela >> >> ________________________________ >> From: Marco Piovesana <[email protected]> >> Sent: Thursday, February 27, 2020 11:00 AM >> To: [email protected] <[email protected]> >> Subject: custom authentication module >> >> Hi all, >> I'm trying to define a custom LoginModule that extends the >> AbstractLoginModule in a NON-OSGi setup. Reading the documentation here >> <https://jackrabbit.apache.org/oak/docs/security/authentication.html> at >> the section "Pluggability" I think I understood that I have to options to >> do it: defining my own SecurityProvider or using a JAAS configuration. >> I tried to look at the source code and the examples but I'm having a hard >> time understanding exactly how to do it. Is there anyone that can help me >> out? >> >> Marco. >> > > > -- marco piovesanA Enterprise Application *ESTECO* | EXPLORE DESIGN PERFECTION AREA Science Park, Padriciano 99 - 34149 Trieste - ITALY Phone: +39 040 3755548 - Fax: +39 040 3755549 [Website] <http://www.esteco.com> | [Twitter] <https://twitter.com/esteco_mF> | [Facebook] <https://www.facebook.com/esteco.spa> | [Linkedin] <https://www.linkedin.com/company/748217> Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you. Please consider the environment before printing this email.
