I am trying to write a LoginModule that authenticates users with Jackrabbit repository. However, I want it to check the credentials that are stored in repository itself. So the problem is, in my LoginModule I have to connect to the repository again, making it an infinite loop. Is there something I can do about it?
+2
A:
There a 2 basic approaches:
Provide a admin login to the Jackrabbit repository that the LoginModule is configured with so that it will always be able to connect to the repository. When connected as the admin user query the repository with the supplied credentials (for the normal user that is being authenticated) in order to authenticate them.
Alternatively have all of the users set up with an Jackrabbit login, so instead of connecting with the Admin login you try to connect with the supplied credentials and if you connect then the user is successfully connected (with this approach I often will do a simple query to double check the connection is valid, e.g. look up the user's real name in the repository).
In both cases the LoginModule should contain code that connects directly to Jackrabbit and shouldn't require a LoginModule to connect itself to the repository.
Michael Barker
2010-01-01 10:43:59
Thanks. Regarding 1: we decided it is not secure, as there is an admin user with hardcoded credentials. Regarding 2: we would need to hardcode all the usernames (and perhaps passwords), which is not flexible. We opted out to using a separate repository for user credentials with access only from inside Java code.
pitr
2010-01-03 23:38:29
+1
A:
In the JeCARS project there is a custom LoginModule (org.jecars.CARS_LoginModule). It uses a hardcoded admin user for the first access, and because the repository can only be accessed by servlet a check at this point is performed to prevent the external use of the admin user.
Waverick
2010-01-06 08:12:22