Problems Implementing a Custom AccessManager

Tue, 16 Dec 2008 08:37:57 -0800 

Hi everyone.
I'm trying to secure the JCR repository creating a custom LoginModule and
AccessManager. The first one has gone OK, as it implements the JAAS standard
interface. On the other hand, the second one must implement Jackrabbit's
AccessManager interface, but as Sling's Jackrabbit Embedded Repository
bundle does not export the jackrabbit-core packages (that includes the
AccessManager interface), the only way to create my custom implementation
has been to embed the dependency in my bundle's classpath. This then makes a
ClassCastException occur in Jackrabbit's SessionImpl when my class is being
casted to the AccessManager interface (line 335). As I guess you'll know,
this is because my CustomAccessManager is implementing the AccessManager
loaded by my bundle's classloader, while Jackrabbit's SessionImpl will
expect the AccessManager loaded by the Jackrabbit Embedded Repository
bundle.

I'd like to know if someone has already come up with (and hopefully
resolved) the same problem as I have, because I guess it's quite a common
scenario. The easiest solution would be to make the Sling's Jackrabbit
Embedded Repository bundle to export the security package of jackrabbit-core
but I suppose there must be some reason for it not to be doing so. I'll
appreciate any indication.

Thanks in advance.

Sebastian Gomez.

P.S: Here's the line of org.apache.jackrabbit.core.SessionImpl where the
ClassCastException occurs, marked with a "=====>" (in case it's of any use):

protected AccessManager createAccessManager(Subject subject,
                                                HierarchyManager hierMgr)
            throws AccessDeniedException, RepositoryException {
        AccessManagerConfig amConfig =
rep.getConfig().getAccessManagerConfig();
        try {

            AMContext ctx = new AMContext(new
File(rep.getConfig().getHomeDir()),
                    rep.getFileSystem(),
                    subject,
                    hierMgr,
                    rep.getNamespaceRegistry(),
                    wsp.getName());
====>            AccessManager accessMgr = (AccessManager)
amConfig.newInstance();
            accessMgr.init(ctx);
            return accessMgr;
        } catch (AccessDeniedException ade) {
            // re-throw
            throw ade;
        } catch (Exception e) {
            // wrap in RepositoryException
            String msg = "failed to instantiate AccessManager
implementation: " + amConfig.getClassName();
            log.error(msg, e);
            throw new RepositoryException(msg, e);
        }
    }

Reply via email to