Hi everyone. I'm trying to secure the JCR repository creating a custom LoginModule and AccessManager. The first one has gone OK, as it implements the JAAS standard interface. On the other hand, the second one must implement Jackrabbit's AccessManager interface, but as Sling's Jackrabbit Embedded Repository bundle does not export the jackrabbit-core packages (that includes the AccessManager interface), the only way to create my custom implementation has been to embed the dependency in my bundle's classpath. This then makes a ClassCastException occur in Jackrabbit's SessionImpl when my class is being casted to the AccessManager interface (line 335). As I guess you'll know, this is because my CustomAccessManager is implementing the AccessManager loaded by my bundle's classloader, while Jackrabbit's SessionImpl will expect the AccessManager loaded by the Jackrabbit Embedded Repository bundle.
I'd like to know if someone has already come up with (and hopefully resolved) the same problem as I have, because I guess it's quite a common scenario. The easiest solution would be to make the Sling's Jackrabbit Embedded Repository bundle to export the security package of jackrabbit-core but I suppose there must be some reason for it not to be doing so. I'll appreciate any indication. Thanks in advance. Sebastian Gomez. P.S: Here's the line of org.apache.jackrabbit.core.SessionImpl where the ClassCastException occurs, marked with a "=====>" (in case it's of any use): protected AccessManager createAccessManager(Subject subject, HierarchyManager hierMgr) throws AccessDeniedException, RepositoryException { AccessManagerConfig amConfig = rep.getConfig().getAccessManagerConfig(); try { AMContext ctx = new AMContext(new File(rep.getConfig().getHomeDir()), rep.getFileSystem(), subject, hierMgr, rep.getNamespaceRegistry(), wsp.getName()); ====> AccessManager accessMgr = (AccessManager) amConfig.newInstance(); accessMgr.init(ctx); return accessMgr; } catch (AccessDeniedException ade) { // re-throw throw ade; } catch (Exception e) { // wrap in RepositoryException String msg = "failed to instantiate AccessManager implementation: " + amConfig.getClassName(); log.error(msg, e); throw new RepositoryException(msg, e); } }