Package org.apache.jackrabbit.oak.spi.security.authentication

Class GuestLoginModule

  • All Implemented Interfaces:
    LoginModule
    public final class GuestLoginModule
extends Object
implements LoginModule
    The GuestLoginModule is intended to provide backwards compatibility with the login handling present in the JCR reference implementation located in jackrabbit-core. While the specification claims that Repository.login(javax.jcr.Credentials, java.lang.String) with null Credentials implies that the authentication process is handled externally, the default implementation jackrabbit-core treated it as 'anonymous' login such as covered by using GuestCredentials.

    This LoginModule implementation performs the following tasks upon login().

    1. Try to retrieve JCR credentials from the CallbackHandler using the CredentialsCallback
    2. In case no credentials could be obtained it pushes a new instance of GuestCredentials to the shared stated. Subsequent login modules in the authentication process may retrieve the GuestCredentials instead of failing to obtain any credentials.
    If this login module pushed GuestLoginModule to the shared state in phase 1 it will add those credentials and the EveryonePrincipal to the subject in phase 2 of the login process. Subsequent login modules my choose to provide additional principals/credentials associated with a guest login.

    The authentication configuration using this LoginModule could for example look as follows: 

    
    jackrabbit.oak {
            org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule  optional;
            org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl required;
    };
    In this case calling Repository.login() would be equivalent to repository.login(new GuestCredentials().