On 22 Feb 2010, at 16:24, Cech. Ulrich wrote: > Hello to all, > > I played around with the "Authentication" methods in JackRabbit. > For a future production environment, I need some hints for following issues: > > 1. How can I change the password for the admin user? I read, that the admin > user is important, because JackRabbit otherwise cannot access some system > nodes in the repo. But I don't find a property for setting the password. If I > look at the implementation it seems the the adminId is equal to the password. > Or would it be a option to set the adminId to some "generated value", so no > one would guess this account? > Is there a "best practice"?
In general where there is an admistrative session established internal to the repository a trusted credential should be used, either a SimpleCredential with null password and an attribute, or a Credential implementation that indicates an Administrative login. Obviously there needs to be a LoginModule that understand these objects. This way its possible to establish an internal session that does not need a password, and hence you can change the password. If you look at Sling I think you will find that this is what is done there. There were also some threads on the subject [1] 1 http://markmail.org/thread/zqqcjqbne6zcdd5x 2 http://markmail.org/thread/ppvsmacmwnrateca 3 https://issues.apache.org/jira/browse/SLING-1282 > > 2. How do I remove the anonymous account? It is important, that only one user > can even read his "section", but not other "sections" of the repository, so > anonymous would be a security hit, because anonymous can read the whole > repository. You could add an ACL to the root node that dened jcr:all or jcr:read for anonymous ? > > 3. I don't find a method for reading all "registered" users in the > repository. I tried to access the path > "/rep:security/rep:authorizables/rep:users" but this node does not exist (or > I made some other mistake). You have to use the UserManager and the search capabilities in there, /rep:security is protected so a normal session wont be able to get to it. HTH Ian > > Thanks in advance for any help, > Ulrich > > > Treffen Sie AEB vom 2.-4. M?rz 2010 auf der LogiMAT in Stuttgart. Halle 5, > Stand 407. > Weitere Informationen und Terminvereinbarung unter: www.aeb.de/logimat
