continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Goemans <d.goem...@tarent.de>
Subject Re: Using LDAP for authentication
Date Thu, 29 Mar 2007 08:16:51 GMT
I tried to implement my Class LdapUserManager without extending
JdoUserManager.

But there are some problems:

I set the hint of my implementation on ldap and changed the Requirements
of the classes which use a UserManager on my Implementation (hint=ldap).
But the only class I found where
"org.apache.maven.continuum.web.action.ProjectGroupAction", but I think
there must be classes in the Plexus Security (But I don't know how to
change them)!

After that I tried to give my Implementation the hint jdo (I know it is
a dirty hack). Know Continuum uses sometimes my implementation and the
default jdo-implementation.

-David

Joakim Erdfelt schrieb:
> Some problems here.
> 
> You can't extend JdoUserManager.
> That won't work.
> 
> If you need multiple sources for Users, then that is a feature we need
> to add to the security framework.
> We already do this with the Authorization bits.  I see no reason we
> can't do that for the Authentication bits too.
> 
> Again, Use the maven 2 build process.
> Look at the annotations within the code.
> The 'role-hint' is the key.
> Your LDAP code will have it's own unique role-hint.
> 
> Do *NOT* manage the components.xml by hand.
> 
> - Joakim
> 
> David Goemans wrote:
>> Hi,
>>
>> at first thanks for your help. I want to write a UserManager, which
>> extends the JdoUserManager and only search in LDAP if the user isn't
>> saved in Database.
>>
>> But my first problem is that I don't understand, how continuum knows
>> that it should use my UserManager-implementation.
>>
>> - David
>>
>> Joakim Erdfelt schrieb:
>>   
>>> There are 3 database stores for you to worry about.
>>>
>>> Users
>>> Roles / Permissions / Resouces
>>> Keys
>>>
>>> If you are just providing Users / Authentication ldap integration, then
>>> you need only to create an LDAP Provider for the Users Store.
>>>
>>> Use the maven 2 build process and you don't have to manage the
>>> components.xml manually, as the maven 2 build process creates them from
>>> annotations within the source code.
>>>
>>> See the examples in source control -
>>> https://svn.codehaus.org/plexus/plexus-redback/branches/plexus-security-1.0-alpha-11/user-management/providers/
>>>
>>> - Joakim
>>>
>>> David Goemans wrote:
>>>     
>>>> yes I am willing to share this implementation. But I didn't write a
>>>> implementation now (only a dummy). At the moment I only want to know
>>>> how to configure it in the component.xml-File. Then I will try to write
>>>> a LDAP-implementation.
>>>>
>>>> greetz
>>>>    David
>>>>
>>>> Joakim Erdfelt schrieb:
>>>>   
>>>>       
>>>>> Would you be willing to share this implementation?
>>>>> As we would all be interested in getting access to this?
>>>>>
>>>>> - Joakim Erdfelt
>>>>>
>>>>> David Goemans wrote:
>>>>>     
>>>>>         
>>>>>> Hi,
>>>>>>
>>>>>> I want to use LDAP to authenticate on Continuum. I tried to write
a own
>>>>>> RBAC-Manager and wanted to configure it in the file "components.xml"
of
>>>>>> the subproject continuum-security as follow:
>>>>>>
>>>>>> <!-- RBAC Manager, cached ldap -->
>>>>>> <component>
>>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>> <role-hint>cached</role-hint>
>>>>>> <implementation>org.codehaus.plexus.security.authorization.rbac.store.cached.CachedRbacManager</implementation>
>>>>>> <description>CachedRbacManager is a wrapped RBACManager with
>>>>>> caching.</description>
>>>>>> <requirements>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>> 	<role-hint>ldap</role-hint>
>>>>>> 	<field-name>rbacImpl</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>operations</role-hint>
>>>>>> 	<field-name>operationsCache</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>permissions</role-hint>
>>>>>> 	<field-name>permissionsCache</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>resources</role-hint>
>>>>>> 	<field-name>resourcesCache</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>roles</role-hint>
>>>>>> 	<field-name>rolesCache</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>userAssignments</role-hint>
>>>>>> 	<field-name>userAssignmentsCache</field-name>
>>>>>> </requirement>
>>>>>> <requirement>
>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>> 	<role-hint>userPermissions</role-hint>
>>>>>> 	<field-name>userPermissionsCache</field-name>
>>>>>> </requirement>
>>>>>> </requirements>
>>>>>> </component>
>>>>>>
>>>>>> <component>
>>>>>>       <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>>       <role-hint>ldap</role-hint>
>>>>>>       <implementation>"my implementation"</implementation>
>>>>>>       <description>JdoRbacManager:</description>
>>>>>>       <requirements>
>>>>>>         <requirement>        	
>>>>>> 	  <role>
>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>> 	  </role>
>>>>>>           <field-name>jdo</field-name>
>>>>>>         </requirement>
>>>>>>       </requirements>
>>>>>> </component>
>>>>>> <component>   	
>>>>>>  	<role>
>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>>         </role>  		              	
>>>>>>         <implementation>
>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>>         </implementation>
>>>>>>         <description>JdoTool - RBAC JDO Tools.</description>
>>>>>>         <requirements>
>>>>>>         	<requirement>
>>>>>>           		<role>org.codehaus.plexus.jdo.JdoFactory</role>
>>>>>>           		<role-hint>users</role-hint>
>>>>>>           		<field-name>jdoFactory</field-name>
>>>>>>         	</requirement>
>>>>>>       </requirements>
>>>>>> </component>
>>>>>>
>>>>>> The continuum uses now my implementation, but no roles, permissions,
etc
>>>>>> are defined. How can I configure the continuum roles, permissions,
etc
>>>>>> in the components.xml-file.
>>>>>>
>>>>>> My implementation extends the 	
>>>>>> "org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoRbacManager",
>>>>>>   because I only want to authenticate on LDAP if the user isn't saved
in
>>>>>> the Database.
>>>>>>
>>>>>> greetz
>>>>>>   David
>>>>>>
>>>>>>   
>>>>>>       
>>>>>>           
>>>>   
>>>>       
>>>     
>>   
> 
> 


Mime
View raw message