I tried this and it seems to be working:

Configuration currentConfiguration = Configuration.getConfiguration();
Configuration.setConfiguration(new Configuration() {
    @Override
    public AppConfigurationEntry[] getAppConfigurationEntry(String
applicationName) {
        if
(AuthenticationConfiguration.DEFAULT_APP_NAME.equals(applicationName)) {
            return new AppConfigurationEntry[] {
                    new
AppConfigurationEntry(CustomLoginModule.class.getName(),
LoginModuleControlFlag.SUFFICIENT, new HashMap<>())
            };
        } else {
            return
currentConfiguration.getAppConfigurationEntry(applicationName);
        }
    }
});

I guess it's not ideal though. Do you know if there's a way to pass the
configuration to oak without having to use the static method
*Configuration.setConfiguration*?

Marco.

On Tue, Mar 10, 2020 at 8:37 AM Angela Schreiber <[email protected]> wrote:

> Hi Marco
>
> I never had to do that but I would first try to compose the new
> configuration from the existing non-oak entries with additional
> oak-entries. In other words aggregating the result of getConfiguration()
> with the custom AppConfigurationEntry.
>
> Kind regards
> Angela
> ------------------------------
> *From:* Marco Piovesana <[email protected]>
> *Sent:* Monday, March 9, 2020 3:23 PM
> *To:* [email protected] <[email protected]>
> *Subject:* Re: custom authentication module
>
> Hi Angela,
> I defined a custom configuration as you suggested by doing:
>
> Configuration.setConfiguration(new Configuration() {
>     @Override
>     public AppConfigurationEntry[] getAppConfigurationEntry(String
> applicationName) {
>         return new AppConfigurationEntry[] {
>                 new
> AppConfigurationEntry(CustomLoginModule.class.getName(),
> LoginModuleControlFlag.SUFFICIENT, new HashMap<>())
>         };
>     }
> });
>
> This works fine when oak is executed standalone, but I have a problem when
> I embed it within a JavaEE application. In this case there's already a
> configuration for other resources (e.g. jms) and this solution overrides
> that configuration.
> How can define the login modules for a specific application (in my case
> "jackrabbit.oak") without having to redefine the whole Configuration?
>
> Marco.
>
> On Thu, Feb 27, 2020 at 1:49 PM Marco Piovesana <[email protected]>
> wrote:
>
> > Hi Angela,
> > thanks for the clarification! I did see that in L4_userIDTest but I
> wasn't
> > sure it was meant to be used also in production. I've created OAK-8929
> for
> > the documentation update.
> >
> > Marco.
> >
> >
> > On Thu, Feb 27, 2020 at 6:50 PM Angela Schreiber
> <[email protected]>
> > wrote:
> >
> >> Hi Marco
> >>
> >> The section you are referring to talks about replacing the
> authentication
> >> setup altogether... so replacing all parts of it.
> >>
> >> However, if your task is 'just' to configure an additional LoginModule
> or
> >> replacing an existing one (but otherwise leaving the broader
> authentication
> >> setup in place), that doesn't require replacing the
> >> AuthenticationConfiguration. Instead that should be straight forward by
> >> calling
> >>
> >>
> >>
> javax.security.auth.login.Configuration.setConfiguration(yourCustomConfiguration)
> >>
> >> yourCustomConfiguration would define which LoginModules are being used
> >> for your authentication, their order and a LoginModuleControlFlag for
> each
> >> of them.
> >>
> >> Since the documentation is apparently not clear about this: may I ask
> you
> >> to create a documentation issue such that we can fix that? Thanks.
> >>
> >> You can see an example on how this is done in a non-OSGi setup in
> >> org.apache.jackrabbit.oak.AbstractSecurityTest that is located in
> oak-core.
> >> From there yo can also find those derived tests that in fact defined a
> >> different configuration... there should a few of those floating around
> in
> >> Oak.
> >>
> >> Hope that helps
> >> Angela
> >>
> >> ________________________________
> >> From: Marco Piovesana <[email protected]>
> >> Sent: Thursday, February 27, 2020 11:00 AM
> >> To: [email protected] <[email protected]>
> >> Subject: custom authentication module
> >>
> >> Hi all,
> >> I'm trying to define a custom LoginModule that extends the
> >> AbstractLoginModule in a NON-OSGi setup. Reading the documentation here
> >> <https://jackrabbit.apache.org/oak/docs/security/authentication.html>
> at
> >> the section "Pluggability" I think I understood that I have to options
> to
> >> do it: defining my own SecurityProvider or using a JAAS configuration.
> >> I tried to look at the source code and the examples but I'm having a
> hard
> >> time understanding exactly how to do it. Is there anyone that can help
> me
> >> out?
> >>
> >> Marco.
> >>
> >
> >
> >
>
> --
>
> marco piovesanA
> Enterprise Application
>
>
>
> *ESTECO* | EXPLORE DESIGN PERFECTION
>
> AREA Science Park, Padriciano 99 - 34149 Trieste - ITALY
> Phone: +39 040 3755548 - Fax: +39 040 3755549
> [Website] <http://www.esteco.com> | [Twitter]
> <https://twitter.com/esteco_mF> | [Facebook]
> <https://www.facebook.com/esteco.spa> | [Linkedin]
> <https://www.linkedin.com/company/748217>
> Pursuant to Legislative Decree No. 196/2003, you are hereby informed that
> this message contains confidential information intended only for the use of
> the addressee. If you are not the addressee, and have received this message
> by mistake, please delete it and immediately notify us. You may not copy or
> disseminate this message to anyone. Thank you. Please consider the
> environment before printing this email.
>

Reply via email to