I am trying to write a LoginModule that authenticates users with Jackrabbit repository. However, I want it to check the credentials that are stored in repository itself. So the problem is, in my LoginModule I have to connect to the repository again, making it an infinite loop. Is there something I can do about it?
There a 2 basic approaches:
Provide a admin login to the Jackrabbit repository that the LoginModule is configured with so that it will always be able to connect to the repository. When connected as the admin user query the repository with the supplied credentials (for the normal user that is being authenticated) in order to authenticate them.
Alternatively have all of the users set up with an Jackrabbit login, so instead of connecting with the Admin login you try to connect with the supplied credentials and if you connect then the user is successfully connected (with this approach I often will do a simple query to double check the connection is valid, e.g. look up the user's real name in the repository).
In both cases the LoginModule should contain code that connects directly to Jackrabbit and shouldn't require a LoginModule to connect itself to the repository.
In the JeCARS project there is a custom LoginModule (org.jecars.CARS_LoginModule). It uses a hardcoded admin user for the first access, and because the repository can only be accessed by servlet a check at this point is performed to prevent the external use of the admin user.