Hi Fabrice,
Entity is not used anymore because it was just extra container passed around
without any real value. In your authentication module you should only
authenticate the user (i.e. verify that user is who he claims it is). Setting
ACLs is done in the authorization module that takes care of what kind of
permissions user effectively has. You can either use JCRAuthorizationModule
provided by Magnolia that will delegate retrieval of ACLs from appropriate user
manager and make them available directly in the principal list in the subject.
[code] protected void setACLForUser(PrincipalCollection principalList, User
user, SecuritySupport securitySupport) {
Collection<ACL> principals = securitySupport.getUserManager(((MgnlUser)
user).getRealm()).getACLs(user).values();
mergePrincipals(principalList, principals);
}
[/code]
or alternatively you can use your own authorization module and have
permissions/acls retrieved in custom way.
[quote]return new SimpleCredentials(user.getName(),
user.getPassword().toCharArray());
[/quote]
IMHO you should not even get anywhere near those lines of code as you should be
already authenticated for repo access at that point. Can you please provide
your repository configuration? (jackrabbit-bundle-xxx-search.xml file) Feel
free to open a support ticket for this if you don't want to share config file
out in the open. This configuration file looks quite different between 4.4 and
4.5.
HTH,
Jan
--
Context is everything:
http://forum.magnolia-cms.com/forum/thread.html?threadId=7f03895a-d94f-445a-a734-c0ab920d85d0
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <user-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
