On Tue, Apr 14, 2015 at 10:25 PM, Angela Schreiber wrote:
> Since I initialize the JCR with
>>an instance of the Oak, it would be nice to reach in and get the
>>underlaying oak repo
I am seeing similar requirement for that at OAK-2760 where the
HttpServer has to access both ContentRepository and
hi mike
>Unfortunately I needed the User Manager which is only accessible from
>the JCR Repository. And I think their was a 2nd reason, but I don't
>remember it. So unless there is another way, this seems to be one of
>those decisions you need to make at the start of the project. Either
>you crea
Angela, thank you again for helping me with this.
>In a non-OSGI-based setup it's probably a bit harder but should still
be feasible by either adding the configuration using the protected
bind-method
or a derived SecurityProvider.
Let me try this and see what I can figure out.
>You can't create
hi mike
btw: the documentation already explains the requirements for the
token-creation in the default implementation in setion "Token Creation"
at
http://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanageme
nt.html
>So this leads me to a few more questions, I hope you don't mind
Found it! This is the part I was missing when I was digging through
the unit tests before. And it's a lot easier then trying to configure
JAAS. With this I can use a simple Spring Security Filter to
authenticate the token.
for future reference:
After I create the JCR Reposito
hi mike
exactly... i guess, i need to improve the docu ;-)
for the time being you can look at the various loginmodule
related test cases in oak.
e.g. TokenDefaultLoginModuleTest.testTokenCreationAndLogin
but it should also work with any other auth-setup that
properly validates simplecredentials
thanks for helping me on this. To make sure I understand this, if my
initial login uses simple credentials, and I add an empty ".token" property
- after login I will have a token value set in the Credentials object.
Assuming the TokenLoginModule is configured correctly. right? And that's
the tok
hi mike
can't help you with spring security but with the second question:
the TokenLoginModule will issue a new login token during the commit
phase if the shared state contains credentials that are supported by
the configured token provider. see doCreateToken(Credentials) for
details.
the defaul
I'm looking for some help configuring the TokenLoginModule with Spring
Security and I'm hoping someone has some sample code or documentation to
share.
I have added the TokenLoginModule using the spring
DefaultJaasAuthenticationProvider & InMemoryConfiguration however I'm
getting this error on star