continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Erdfelt <joa...@erdfelt.com>
Subject Re: Using LDAP for authentication
Date Wed, 28 Feb 2007 14:47:30 GMT
Some problems here.

You can't extend JdoUserManager.
That won't work.

If you need multiple sources for Users, then that is a feature we need
to add to the security framework.
We already do this with the Authorization bits.  I see no reason we
can't do that for the Authentication bits too.

Again, Use the maven 2 build process.
Look at the annotations within the code.
The 'role-hint' is the key.
Your LDAP code will have it's own unique role-hint.

Do *NOT* manage the components.xml by hand.

- Joakim

David Goemans wrote:
> Hi,
>
> at first thanks for your help. I want to write a UserManager, which
> extends the JdoUserManager and only search in LDAP if the user isn't
> saved in Database.
>
> But my first problem is that I don't understand, how continuum knows
> that it should use my UserManager-implementation.
>
> - David
>
> Joakim Erdfelt schrieb:
>   
>> There are 3 database stores for you to worry about.
>>
>> Users
>> Roles / Permissions / Resouces
>> Keys
>>
>> If you are just providing Users / Authentication ldap integration, then
>> you need only to create an LDAP Provider for the Users Store.
>>
>> Use the maven 2 build process and you don't have to manage the
>> components.xml manually, as the maven 2 build process creates them from
>> annotations within the source code.
>>
>> See the examples in source control -
>> https://svn.codehaus.org/plexus/plexus-redback/branches/plexus-security-1.0-alpha-11/user-management/providers/
>>
>> - Joakim
>>
>> David Goemans wrote:
>>     
>>> yes I am willing to share this implementation. But I didn't write a
>>> implementation now (only a dummy). At the moment I only want to know
>>> how to configure it in the component.xml-File. Then I will try to write
>>> a LDAP-implementation.
>>>
>>> greetz
>>>    David
>>>
>>> Joakim Erdfelt schrieb:
>>>   
>>>       
>>>> Would you be willing to share this implementation?
>>>> As we would all be interested in getting access to this?
>>>>
>>>> - Joakim Erdfelt
>>>>
>>>> David Goemans wrote:
>>>>     
>>>>         
>>>>> Hi,
>>>>>
>>>>> I want to use LDAP to authenticate on Continuum. I tried to write a own
>>>>> RBAC-Manager and wanted to configure it in the file "components.xml"
of
>>>>> the subproject continuum-security as follow:
>>>>>
>>>>> <!-- RBAC Manager, cached ldap -->
>>>>> <component>
>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>> <role-hint>cached</role-hint>
>>>>> <implementation>org.codehaus.plexus.security.authorization.rbac.store.cached.CachedRbacManager</implementation>
>>>>> <description>CachedRbacManager is a wrapped RBACManager with
>>>>> caching.</description>
>>>>> <requirements>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>> 	<role-hint>ldap</role-hint>
>>>>> 	<field-name>rbacImpl</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>operations</role-hint>
>>>>> 	<field-name>operationsCache</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>permissions</role-hint>
>>>>> 	<field-name>permissionsCache</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>resources</role-hint>
>>>>> 	<field-name>resourcesCache</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>roles</role-hint>
>>>>> 	<field-name>rolesCache</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>userAssignments</role-hint>
>>>>> 	<field-name>userAssignmentsCache</field-name>
>>>>> </requirement>
>>>>> <requirement>
>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>> 	<role-hint>userPermissions</role-hint>
>>>>> 	<field-name>userPermissionsCache</field-name>
>>>>> </requirement>
>>>>> </requirements>
>>>>> </component>
>>>>>
>>>>> <component>
>>>>>       <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>       <role-hint>ldap</role-hint>
>>>>>       <implementation>"my implementation"</implementation>
>>>>>       <description>JdoRbacManager:</description>
>>>>>       <requirements>
>>>>>         <requirement>        	
>>>>> 	  <role>
>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>> 	  </role>
>>>>>           <field-name>jdo</field-name>
>>>>>         </requirement>
>>>>>       </requirements>
>>>>> </component>
>>>>> <component>   	
>>>>>  	<role>
>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>         </role>  		              	
>>>>>         <implementation>
>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>         </implementation>
>>>>>         <description>JdoTool - RBAC JDO Tools.</description>
>>>>>         <requirements>
>>>>>         	<requirement>
>>>>>           		<role>org.codehaus.plexus.jdo.JdoFactory</role>
>>>>>           		<role-hint>users</role-hint>
>>>>>           		<field-name>jdoFactory</field-name>
>>>>>         	</requirement>
>>>>>       </requirements>
>>>>> </component>
>>>>>
>>>>> The continuum uses now my implementation, but no roles, permissions,
etc
>>>>> are defined. How can I configure the continuum roles, permissions, etc
>>>>> in the components.xml-file.
>>>>>
>>>>> My implementation extends the 	
>>>>> "org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoRbacManager",
>>>>>   because I only want to authenticate on LDAP if the user isn't saved
in
>>>>> the Database.
>>>>>
>>>>> greetz
>>>>>   David
>>>>>
>>>>>   
>>>>>       
>>>>>           
>>>   
>>>       
>>     
>
>   


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message