Jackrabbit Content Repository
  1. Jackrabbit Content Repository
  2. JCR-1977

authentication order has changed from 1.4.x to 1.5.x

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5, 1.5.2
    • Fix Version/s: 1.6
    • Component/s: jackrabbit-core, security
    • Labels:
      None
    • Environment:
      JBoss 4.0.5 + deployed Liferay 4.2.2 on any Platform

      Description

      In 1.4.x inside RepositoryImpl.login(...) at first the local configuration is checked for configured LoginModules and after it was unsuccessful, the JAAS component is asked:

      AuthContext authCtx;
      LoginModuleConfig lmc = repConfig.getLoginModuleConfig();
      if (lmc == null)

      { authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials); }

      else {
      ...

      With 1.5.x this behaviour has moved to SimpleSecurityManager.init(..) and is changed:
      LoginModuleConfig loginModConf = config.getLoginModuleConfig();
      authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
      if (authCtxProvider.isJAAS())

      { log.info("init: using JAAS LoginModule configuration for " + config.getAppName()); }

      else if (authCtxProvider.isLocal()) {
      ...

      The problem is with JBoss JAAS implemantation, that authCtxProvider.isJAAS() is always true.
      Because for any reason, the result of Configuration.getAppConfigurationEntry(appName) is never empty,
      when a jaas.config is specified for Liferay. Using different appName takes no effect, always the configuration inside the jaas.config is used.

      I think still first the local configuration should be concerned, before using JAAS.

        Activity

          People

          • Assignee:
            angela
            Reporter:
            Thomas Fromm
          • Votes:
            3 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development