Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
2.1 Final
-
None
Description
When Magnolia is executed inside a JAAS environment(in my case Jetspeed), all pre-configured login modules settings are lost. The fact is that JAAS relies upon the system variable 'java.security.auth.login.config' pointing to a general jaas.config file that stores all login-module settings.
Magnolia initialization class ConfigLoader(line 88) rewrites this property with the custom value 'WEB-INF/config/jaas.config'.
The original code is:
System.setProperty("java.security.auth.login.config", Path
.getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));
To solve the problem it may be modified in:
if(System.getProperty("java.security.auth.login.config")==null)
System.setProperty("java.security.auth.login.config", Path
.getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));
In this manner if JAAS was already configured, Magnolia doesn't overwrite pre-existing settings. Of course the deployer must add in the general jaas.config file the definition of the Jackrabbit login module.