Warning | ||
---|---|---|
| ||
A copy of the content of this page has been moved to JAAS security setup page in the main Magnolia documentation and will be maintained there. |
Excerpt |
---|
Tutorial that provides a brief introduction to JAAS security set up, Java Authentication and Authorization Service (JAAS) based on a dual module approach. |
Table of Contents |
---|
...
JAAS
Magnolia CMS uses Sun's Java SE Security (JAAS)Java Authentication and Authorization Service. JAAS creates two distinct processes for:
- username Username and password request, and
- authentication Authentication and authorization.
Although it is possible to use other servlets, the default engine is Tomcat. Configuration is done in WEB-INF/config/jaas.config
file:
Code Block |
---|
magnolia {info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;}; |
The default configuration uses two classes:
- one for user login and password authentication, and
- one for authorization of user and password.
Each of these classes extends
Javadoc | ||||
---|---|---|---|---|
|
Login Procedure
The following (simplified) login procedure assumes you have two JAAS modules configured:
...