Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-415

Magnolia breaks JAAS configuration

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • None
    • 2.1 Final
    • core
    • None

    Description

      When Magnolia is executed inside a JAAS environment(in my case Jetspeed), all pre-configured login modules settings are lost. The fact is that JAAS relies upon the system variable 'java.security.auth.login.config' pointing to a general jaas.config file that stores all login-module settings.
      Magnolia initialization class ConfigLoader(line 88) rewrites this property with the custom value 'WEB-INF/config/jaas.config'.

      The original code is:
      System.setProperty("java.security.auth.login.config", Path
      .getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));

      To solve the problem it may be modified in:
      if(System.getProperty("java.security.auth.login.config")==null)
      System.setProperty("java.security.auth.login.config", Path
      .getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));

      In this manner if JAAS was already configured, Magnolia doesn't overwrite pre-existing settings. Of course the deployer must add in the general jaas.config file the definition of the Jackrabbit login module.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              scharles Sameer Charles
              meschieri Marco Meschieri
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoD