continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Goemans <d.goem...@tarent.de>
Subject Re: Using LDAP for authentication
Date Tue, 10 Apr 2007 14:08:41 GMT
Hi,

Now I know, how I can let Continuum only use My implementation (deleted
the JDO-UsermanagerProvider.jar).

But I have other problems:
1. My LDAP-User has no Authorisation (At the moment, I fixed it by
manually db-insert)
2. I could not give my user any new assignments in Web-Front
Effective Roles: shows all roles
Assigned Roles: shows all assigned roles
Available Roles: shows "No Roles Available to Grant" although there are
not assigned roles.

greetz

David

David Goemans schrieb:
> I tried to implement my Class LdapUserManager without extending
> JdoUserManager.
> 
> But there are some problems:
> 
> I set the hint of my implementation on ldap and changed the Requirements
> of the classes which use a UserManager on my Implementation (hint=ldap).
> But the only class I found where
> "org.apache.maven.continuum.web.action.ProjectGroupAction", but I think
> there must be classes in the Plexus Security (But I don't know how to
> change them)!
> 
> After that I tried to give my Implementation the hint jdo (I know it is
> a dirty hack). Know Continuum uses sometimes my implementation and the
> default jdo-implementation.
> 
> -David
> 
> Joakim Erdfelt schrieb:
>> Some problems here.
>>
>> You can't extend JdoUserManager.
>> That won't work.
>>
>> If you need multiple sources for Users, then that is a feature we need
>> to add to the security framework.
>> We already do this with the Authorization bits.  I see no reason we
>> can't do that for the Authentication bits too.
>>
>> Again, Use the maven 2 build process.
>> Look at the annotations within the code.
>> The 'role-hint' is the key.
>> Your LDAP code will have it's own unique role-hint.
>>
>> Do *NOT* manage the components.xml by hand.
>>
>> - Joakim
>>
>> David Goemans wrote:
>>> Hi,
>>>
>>> at first thanks for your help. I want to write a UserManager, which
>>> extends the JdoUserManager and only search in LDAP if the user isn't
>>> saved in Database.
>>>
>>> But my first problem is that I don't understand, how continuum knows
>>> that it should use my UserManager-implementation.
>>>
>>> - David
>>>
>>> Joakim Erdfelt schrieb:
>>>   
>>>> There are 3 database stores for you to worry about.
>>>>
>>>> Users
>>>> Roles / Permissions / Resouces
>>>> Keys
>>>>
>>>> If you are just providing Users / Authentication ldap integration, then
>>>> you need only to create an LDAP Provider for the Users Store.
>>>>
>>>> Use the maven 2 build process and you don't have to manage the
>>>> components.xml manually, as the maven 2 build process creates them from
>>>> annotations within the source code.
>>>>
>>>> See the examples in source control -
>>>> https://svn.codehaus.org/plexus/plexus-redback/branches/plexus-security-1.0-alpha-11/user-management/providers/
>>>>
>>>> - Joakim
>>>>
>>>> David Goemans wrote:
>>>>     
>>>>> yes I am willing to share this implementation. But I didn't write a
>>>>> implementation now (only a dummy). At the moment I only want to know
>>>>> how to configure it in the component.xml-File. Then I will try to write
>>>>> a LDAP-implementation.
>>>>>
>>>>> greetz
>>>>>    David
>>>>>
>>>>> Joakim Erdfelt schrieb:
>>>>>   
>>>>>       
>>>>>> Would you be willing to share this implementation?
>>>>>> As we would all be interested in getting access to this?
>>>>>>
>>>>>> - Joakim Erdfelt
>>>>>>
>>>>>> David Goemans wrote:
>>>>>>     
>>>>>>         
>>>>>>> Hi,
>>>>>>>
>>>>>>> I want to use LDAP to authenticate on Continuum. I tried to write
a own
>>>>>>> RBAC-Manager and wanted to configure it in the file "components.xml"
of
>>>>>>> the subproject continuum-security as follow:
>>>>>>>
>>>>>>> <!-- RBAC Manager, cached ldap -->
>>>>>>> <component>
>>>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>>> <role-hint>cached</role-hint>
>>>>>>> <implementation>org.codehaus.plexus.security.authorization.rbac.store.cached.CachedRbacManager</implementation>
>>>>>>> <description>CachedRbacManager is a wrapped RBACManager
with
>>>>>>> caching.</description>
>>>>>>> <requirements>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>>> 	<role-hint>ldap</role-hint>
>>>>>>> 	<field-name>rbacImpl</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>operations</role-hint>
>>>>>>> 	<field-name>operationsCache</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>permissions</role-hint>
>>>>>>> 	<field-name>permissionsCache</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>resources</role-hint>
>>>>>>> 	<field-name>resourcesCache</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>roles</role-hint>
>>>>>>> 	<field-name>rolesCache</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>userAssignments</role-hint>
>>>>>>> 	<field-name>userAssignmentsCache</field-name>
>>>>>>> </requirement>
>>>>>>> <requirement>
>>>>>>> 	<role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
>>>>>>> 	<role-hint>userPermissions</role-hint>
>>>>>>> 	<field-name>userPermissionsCache</field-name>
>>>>>>> </requirement>
>>>>>>> </requirements>
>>>>>>> </component>
>>>>>>>
>>>>>>> <component>
>>>>>>>       <role>org.codehaus.plexus.security.rbac.RBACManager</role>
>>>>>>>       <role-hint>ldap</role-hint>
>>>>>>>       <implementation>"my implementation"</implementation>
>>>>>>>       <description>JdoRbacManager:</description>
>>>>>>>       <requirements>
>>>>>>>         <requirement>        	
>>>>>>> 	  <role>
>>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>>> 	  </role>
>>>>>>>           <field-name>jdo</field-name>
>>>>>>>         </requirement>
>>>>>>>       </requirements>
>>>>>>> </component>
>>>>>>> <component>   	
>>>>>>>  	<role>
>>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>>>         </role>  		              	
>>>>>>>         <implementation>
>>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
>>>>>>>         </implementation>
>>>>>>>         <description>JdoTool - RBAC JDO Tools.</description>
>>>>>>>         <requirements>
>>>>>>>         	<requirement>
>>>>>>>           		<role>org.codehaus.plexus.jdo.JdoFactory</role>
>>>>>>>           		<role-hint>users</role-hint>
>>>>>>>           		<field-name>jdoFactory</field-name>
>>>>>>>         	</requirement>
>>>>>>>       </requirements>
>>>>>>> </component>
>>>>>>>
>>>>>>> The continuum uses now my implementation, but no roles, permissions,
etc
>>>>>>> are defined. How can I configure the continuum roles, permissions,
etc
>>>>>>> in the components.xml-file.
>>>>>>>
>>>>>>> My implementation extends the 	
>>>>>>> "org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoRbacManager",
>>>>>>>   because I only want to authenticate on LDAP if the user isn't
saved in
>>>>>>> the Database.
>>>>>>>
>>>>>>> greetz
>>>>>>>   David
>>>>>>>
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>   
>>>>>       
>>>>     
>>>   
>>
> 


Mime
View raw message