Jackrabbit Content Repository
  1. Jackrabbit Content Repository
  2. JCR-3293

AbstractLoginModule: get rid of trust_credentials_attribute

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: jackrabbit-core
    • Labels:
      None

      Description

      based on JCR-2355 we added a very simplistic way to indicate to the login module that the given credentials have
      been preauthenticated. as already stated in the original issue this poses a major security issue as it leaves the
      repository access untrusted.

      i would like to raise those security concern again and would therefore like to get rid of that hack in the long run.
      the suggested procedure:

      • deprecate the attribute (immediately)
      • log a warning if it is used (immediately)
      • document how to fix code that is currently relying on that attribute
      • remove support altogether for the next major release

        Activity

        Hide
        Konrad Windszus added a comment -

        What is the proposed alternative then? For example if you want to support SSO?
        Logging in with the administrator and impersonate as the SSO user?

        Show
        Konrad Windszus added a comment - What is the proposed alternative then? For example if you want to support SSO? Logging in with the administrator and impersonate as the SSO user?
        Hide
        angela added a comment -

        the proposed alternative is to populate the subject up front and use null-login which is designed to tell the repository that it's not responsible for taking care of the authentication... pre-authenticated mode is this called in jackrabbit.

        Show
        angela added a comment - the proposed alternative is to populate the subject up front and use null-login which is designed to tell the repository that it's not responsible for taking care of the authentication... pre-authenticated mode is this called in jackrabbit.
        Hide
        Felix Meschberger added a comment -

        Codewise, something like this, I think:

        Subject s = getAndPopulateTheSubject();
        Session session = Subject.doAs(s, new PrivilegedExceptionAction() {
            public Session run() throws RepositoryException {
                return repository.login();
            }
        });
        

        (plus proper exception handling and unwrapping, of course)

        Show
        Felix Meschberger added a comment - Codewise, something like this, I think: Subject s = getAndPopulateTheSubject(); Session session = Subject.doAs(s, new PrivilegedExceptionAction() { public Session run() throws RepositoryException { return repository.login(); } }); (plus proper exception handling and unwrapping, of course)
        Hide
        angela added a comment -

        exactly... just a minor detail: i would use repository.login(workspaceName) instead.

        note that the nature of the subject pretty much depends on the setup of the repository in particular on the access control / permission management. the standard setup requires that the subject of a given session gets the complete set of principals set which are then used to evaluate the effective permissions. in this situation the principal management (or the internal principal provider) acts as link between the user on one side and the permission eval on the other.

        Show
        angela added a comment - exactly... just a minor detail: i would use repository.login(workspaceName) instead. note that the nature of the subject pretty much depends on the setup of the repository in particular on the access control / permission management. the standard setup requires that the subject of a given session gets the complete set of principals set which are then used to evaluate the effective permissions. in this situation the principal management (or the internal principal provider) acts as link between the user on one side and the permission eval on the other.

          People

          • Assignee:
            Unassigned
            Reporter:
            angela
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:

              Development