X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2Fjaas.cfg;h=f3d5570721e4ec123d148ea6518dfb3dae108196;hb=34ba1b915e1d406f6574c0be93e1e9da3eab1978;hp=cc1a07499c135d0f077e5f91c47cd3471ac60d3f;hpb=6ddb7b6b224a00344a182761e42b2241a721224f;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg index cc1a07499..f3d557072 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg @@ -1,18 +1,41 @@ USER { - org.argeo.cms.internal.auth.EndUserLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; + org.argeo.cms.auth.HttpSessionLoginModule sufficient; + org.argeo.cms.auth.SpnegoLoginModule optional; + com.sun.security.auth.module.Krb5LoginModule optional; + org.argeo.cms.auth.UserAdminLoginModule sufficient; }; ANONYMOUS { - org.argeo.cms.internal.auth.AnonymousLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; + org.argeo.cms.auth.HttpSessionLoginModule sufficient; + org.argeo.cms.auth.AnonymousLoginModule sufficient; }; -SYSTEM { - org.argeo.cms.internal.auth.SystemLoginModule requisite; - org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite; +DATA_ADMIN { + org.argeo.cms.auth.DataAdminLoginModule requisite; +}; + +NODE { + com.sun.security.auth.module.Krb5LoginModule optional + keyTab="${osgi.instance.area}node/krb5.keytab" + useKeyTab=true + storeKey=true + debug=true; + org.argeo.cms.auth.DataAdminLoginModule requisite; }; KEYRING { - org.argeo.security.crypto.KeyringLoginModule required; + org.argeo.cms.auth.KeyringLoginModule required; +}; + +SINGLE_USER { + com.sun.security.auth.module.Krb5LoginModule optional + principal="${user.name}" + storeKey=true + useTicketCache=true + debug=true; + org.argeo.cms.auth.SingleUserLoginModule requisite; +}; + +Jackrabbit { + org.argeo.security.jackrabbit.SystemJackrabbitLoginModule requisite; };