X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas.cfg;h=a06230ff792cf109bd3c09b2a1e3e0f75fbf7ac0;hb=a9731453273884138ca48036fe6fe49da729c49b;hp=8cd11ba447cc481dbbca80d776db1c3ebd2d85f4;hpb=50911fdcc6df5cd35e71a0a4ecddf03f98f742a2;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg index 8cd11ba44..a06230ff7 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg @@ -1,47 +1,36 @@ USER { - org.argeo.cms.internal.auth.UserAdminLoginModule requisite; + org.argeo.cms.auth.HttpSessionLoginModule sufficient; + org.argeo.cms.auth.SpnegoLoginModule optional; + com.sun.security.auth.module.Krb5LoginModule optional; + org.argeo.cms.auth.UserAdminLoginModule sufficient; }; -OLD_USER { - org.argeo.cms.internal.auth.EndUserLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; +DATA_ADMIN { + org.argeo.cms.auth.DataAdminLoginModule requisite; }; -ANONYMOUS { - org.argeo.cms.internal.auth.UserAdminLoginModule requisite anonymous=true; -}; - -OLD_ANONYMOUS { - org.argeo.cms.internal.auth.AnonymousLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; -}; - -SYSTEM { - org.argeo.security.core.SystemLoginModule requisite; -}; - -KERNEL { - com.sun.security.auth.module.UnixLoginModule requisite; - com.sun.security.auth.module.KeyStoreLoginModule requisite keyStoreURL="${osgi.configuration.area}/node.p12" keyStoreType=PKCS12 keyStoreProvider=BC; - org.argeo.cms.internal.auth.KernelLoginModule requisite; -}; - -OLD_SYSTEM { - org.argeo.cms.internal.auth.SystemLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; +NODE { + com.sun.security.auth.module.Krb5LoginModule optional + keyTab="${osgi.instance.area}node/krb5.keytab" + useKeyTab=true + storeKey=true + debug=true; + org.argeo.cms.auth.DataAdminLoginModule requisite; }; KEYRING { - org.argeo.security.crypto.KeyringLoginModule required; + org.argeo.cms.auth.KeyringLoginModule required; }; SINGLE_USER { - com.sun.security.auth.module.UnixLoginModule requisite; - org.argeo.cms.internal.auth.SingleUserLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; + com.sun.security.auth.module.Krb5LoginModule optional + principal="${user.name}" + storeKey=true + useTicketCache=true + debug=true; + org.argeo.cms.auth.SingleUserLoginModule requisite; }; Jackrabbit { org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite; }; -