This document describes how to

Feel free to make changes to this document. A seperate document for basic setup is located under JackrabbitOnJBoss

This document is based on Jackrabbit-1.1, and can be used with either the JCA approach above, or the .WAR server approach.

Files that will be modified:


Configuring Security Authentication Policy

The security authentication policy will tie jackrabbit and the jboss security systems together. The default security policy is called Jackrabbit, but can be changed if necessary (especially if you already have an existing domain configured in jboss login-config.xml that you would like to re-use).

The security policy is repository-wide, regardless of workspace(s). If you need different security/authentication, you will need different repositories (i.e. new repository.xml for each repository). However, if you can use the same authentication but have different authorization requirements, you can use the same repository with a custom AccessManager.

repository.xml

<!-- remove this loginmodule to only use the login-config.xml configured modules.

-->

$JBOSS_HOME/server/<default>/conf/login-config.xml

Caution: name attribute of application-policy tag in login module definition could be whatever you want, until it matches appName of Security tag in repository.xml.


Configuring Authorization/Jackrabbit AccessManager

TODO

Custom access manager when using Jboss for security is referenced at SimpleJbossAccessManager


JBoss Mbean Dynamic Login Config option

This is for deployment of the authentication login modules outside of the login-config.xml. The reasoning is usually company-policy-oriented and/or preference. This is a jboss-specific option not related to Jackrabbit -- all jackrabbit configuration related to login-config.xml will now go into the jackrabbit-login-config.xml below.

See http://wiki.jboss.org/wiki/DynamicLoginConfig .

<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="org.apache.jackrabbit:service=DynamicLoginConfig">

</mbean> </server>

Place what would be your normal login-config.xml configuration here.

In addition, if you have custom login module libraries only used for this security authentication configuration, those can also be placed here.


JackrabbitOnJbossSecurity (last edited 2009-09-20 23:45:08 by localhost)