Thanks for the interesting suggestions! JOSE FELIX HERNANDEZ BARRIO: > i would suggest create a class, that extends JcrSessionFactory, and > authenticates agains spring-security (obtaining the user from the > securitycontext).
At this moment I don't want to involve Spring Security. This could still work if I could get hold of the servlet request (which I haven't found out how to do yet). Mat Lowery-2: > http://jira.springframework.org/browse/SEJCR-22 > http://forum.springsource.org/showthread.php?t=79161 Nice! I see there is June 1 date for this, so it is not that far off. Justin Edelson: > You should, IMHO, write a custom LoginModule for this which uses > SpringSecurity's Authentication object as the Credentials. > > Alternatively, you could store the admin username/password in > configuration and do: > username = // get the username via SecurityContextHolder > session = repository.login(adminUser, adminPass); > return session.impersonate(username) > > Any other solution is going to require that the password be contained in > the Authentication object, which isn't always the case. Session.impersonate() is what I wanted to use, in the custom JcrSessionFactory suggested by Jose Felix, but I found that even if I can get hold of the servlet request (and thus the user name), that will not help me as Session.impersonate() expects a Credentials parameter and performs a Repository.login() with that. So, I'm back on square one... ----- ____________________________________________________________ Nils Weinander -- View this message in context: http://n4.nabble.com/Jackrabbut-authentication-from-another-angle-tp1599551p1677412.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
