On 08.09.11 10:09, "Guillaume Belrose" <[email protected]> wrote: >I am wondering if there are any thoughts/plans to integrate Jackrabbit >with Apache Shiro (http://shiro.apache.org/)? Shiro is a departure >from the JAAS model which is what Jackrabbit uses.
Jackrabbit implements the JCR 2.0 specification that comes with its own authentication and authorization model for all JCR operations. For authentication, JAAS LoginModules are used in Jackrabbit's implementation (so you can reuse existing LoginModules) and Jackrabbit's specific API and implementation reuses java.security.* interfaces such as Principal to work with those login modules, but there is no java security style "code-level checking" going on (at least not that I am aware of ;-)). Not sure what of Apache Shiro could be reused, but it will always have to be wrapped under the JCR authentication and authorization mechanisms. Regards, Alex -- Alexander Klimetschek Developer // Adobe (Day) // Berlin - Basel
