Versions Compared

Old Version 23

changes.mady.by.user Gavan Stockdale

Saved on

compared with

New Version Current

changes.mady.by.user Julie Legendre

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleContent moved

A copy of the content of this page has been moved to JAAS security setup page in the main Magnolia documentation and will be maintained there.


Excerpt

Tutorial that provides a brief introduction to Java Authentication and Authorization Service (JAAS) based on a dual module approach.

Table of Contents

JAAS

Magnolia CMS uses Java Authentication and Authorization ServiceMagnolia CMS uses Sun's Java SE Security (JAAS). JAAS creates two distinct processes for:

  • username Username and password request, and
  • authentication Authentication and authorization.

Although it is possible to use other servlets, the default engine is Tomcat. Configuration is done in WEB-INF/config/jaas.config file:

Code Block
magnolia {info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;};

The default configuration uses two classes: 

  • one for user login and password authentication, and
  • one for authorization of user and password.

Each of these classes extends

Javadoc
info.magnolia.jaas.sp.AbstractLoginModule
info.magnolia.jaas.sp.AbstractLoginModule
. You can use this framework to implement your own login logic.

Login Procedure

The following (simplified) login procedure assumes you have two JAAS modules configured:


...

The commit() method includes the values from both authentication and authorization. The authentication module provides all user properties, while the authorization module adds the roles and groups and the respective ACLs to the user object.

Example

Creating a new user class implementing

Javadoc
info.magnolia.cms.security.User
info.magnolia.cms.security.User
:

...