[MAGNOLIA-415] Magnolia breaks JAAS configuration Created: 27/May/05  Updated: 27/May/05  Resolved: 27/May/05

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 2.1 Final
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Marco Meschieri Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

When Magnolia is executed inside a JAAS environment(in my case Jetspeed), all pre-configured login modules settings are lost. The fact is that JAAS relies upon the system variable 'java.security.auth.login.config' pointing to a general jaas.config file that stores all login-module settings.
Magnolia initialization class ConfigLoader(line 88) rewrites this property with the custom value 'WEB-INF/config/jaas.config'.

The original code is:
System.setProperty("java.security.auth.login.config", Path
.getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));

To solve the problem it may be modified in:
if(System.getProperty("java.security.auth.login.config")==null)
System.setProperty("java.security.auth.login.config", Path
.getAbsoluteFileSystemPath("WEB-INF/config/jaas.config"));

In this manner if JAAS was already configured, Magnolia doesn't overwrite pre-existing settings. Of course the deployer must add in the general jaas.config file the definition of the Jackrabbit login module.



 Comments   
Comment by Sameer Charles [ 27/May/05 ]

It has been fixed already, please check if you have a latest copy

Generated at Mon Feb 12 03:17:12 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.