continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell" <jesse.mcconn...@gmail.com>
Subject Re: Using LDAP for authentication
Date Fri, 13 Apr 2007 12:57:39 GMT
1) my thought would be you don't have a mapping between the principal
and the user assignments in the rbac setup...if that principal isn't
the same between the two systems then your not going to have any
authorization credentials..

2) unless you have the authorization you don't get to see roles to
assign to yourself, are you logged in as the system or user
administrator initially to see these roles?

jesse

On 4/10/07, David Goemans <d.goemans@tarent.de> wrote:
> Hi,
>
> Now I know, how I can let Continuum only use My implementation (deleted
> the JDO-UsermanagerProvider.jar).
>
> But I have other problems:
> 1. My LDAP-User has no Authorisation (At the moment, I fixed it by
> manually db-insert)
> 2. I could not give my user any new assignments in Web-Front
> Effective Roles: shows all roles
> Assigned Roles: shows all assigned roles
> Available Roles: shows "No Roles Available to Grant" although there are
> not assigned roles.
>
> greetz
>
> David
>
> David Goemans schrieb:
> > I tried to implement my Class LdapUserManager without extending
> > JdoUserManager.
> >
> > But there are some problems:
> >
> > I set the hint of my implementation on ldap and changed the Requirements
> > of the classes which use a UserManager on my Implementation (hint=ldap).
> > But the only class I found where
> > "org.apache.maven.continuum.web.action.ProjectGroupAction", but I think
> > there must be classes in the Plexus Security (But I don't know how to
> > change them)!
> >
> > After that I tried to give my Implementation the hint jdo (I know it is
> > a dirty hack). Know Continuum uses sometimes my implementation and the
> > default jdo-implementation.
> >
> > -David
> >
> > Joakim Erdfelt schrieb:
> >> Some problems here.
> >>
> >> You can't extend JdoUserManager.
> >> That won't work.
> >>
> >> If you need multiple sources for Users, then that is a feature we need
> >> to add to the security framework.
> >> We already do this with the Authorization bits.  I see no reason we
> >> can't do that for the Authentication bits too.
> >>
> >> Again, Use the maven 2 build process.
> >> Look at the annotations within the code.
> >> The 'role-hint' is the key.
> >> Your LDAP code will have it's own unique role-hint.
> >>
> >> Do *NOT* manage the components.xml by hand.
> >>
> >> - Joakim
> >>
> >> David Goemans wrote:
> >>> Hi,
> >>>
> >>> at first thanks for your help. I want to write a UserManager, which
> >>> extends the JdoUserManager and only search in LDAP if the user isn't
> >>> saved in Database.
> >>>
> >>> But my first problem is that I don't understand, how continuum knows
> >>> that it should use my UserManager-implementation.
> >>>
> >>> - David
> >>>
> >>> Joakim Erdfelt schrieb:
> >>>
> >>>> There are 3 database stores for you to worry about.
> >>>>
> >>>> Users
> >>>> Roles / Permissions / Resouces
> >>>> Keys
> >>>>
> >>>> If you are just providing Users / Authentication ldap integration, then
> >>>> you need only to create an LDAP Provider for the Users Store.
> >>>>
> >>>> Use the maven 2 build process and you don't have to manage the
> >>>> components.xml manually, as the maven 2 build process creates them from
> >>>> annotations within the source code.
> >>>>
> >>>> See the examples in source control -
> >>>> https://svn.codehaus.org/plexus/plexus-redback/branches/plexus-security-1.0-alpha-11/user-management/providers/
> >>>>
> >>>> - Joakim
> >>>>
> >>>> David Goemans wrote:
> >>>>
> >>>>> yes I am willing to share this implementation. But I didn't write
a
> >>>>> implementation now (only a dummy). At the moment I only want to
know
> >>>>> how to configure it in the component.xml-File. Then I will try to
write
> >>>>> a LDAP-implementation.
> >>>>>
> >>>>> greetz
> >>>>>    David
> >>>>>
> >>>>> Joakim Erdfelt schrieb:
> >>>>>
> >>>>>
> >>>>>> Would you be willing to share this implementation?
> >>>>>> As we would all be interested in getting access to this?
> >>>>>>
> >>>>>> - Joakim Erdfelt
> >>>>>>
> >>>>>> David Goemans wrote:
> >>>>>>
> >>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I want to use LDAP to authenticate on Continuum. I tried
to write a own
> >>>>>>> RBAC-Manager and wanted to configure it in the file "components.xml"
of
> >>>>>>> the subproject continuum-security as follow:
> >>>>>>>
> >>>>>>> <!-- RBAC Manager, cached ldap -->
> >>>>>>> <component>
> >>>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role>
> >>>>>>> <role-hint>cached</role-hint>
> >>>>>>> <implementation>org.codehaus.plexus.security.authorization.rbac.store.cached.CachedRbacManager</implementation>
> >>>>>>> <description>CachedRbacManager is a wrapped RBACManager
with
> >>>>>>> caching.</description>
> >>>>>>> <requirements>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.security.rbac.RBACManager</role>
> >>>>>>>         <role-hint>ldap</role-hint>
> >>>>>>>         <field-name>rbacImpl</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>operations</role-hint>
> >>>>>>>         <field-name>operationsCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>permissions</role-hint>
> >>>>>>>         <field-name>permissionsCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>resources</role-hint>
> >>>>>>>         <field-name>resourcesCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>roles</role-hint>
> >>>>>>>         <field-name>rolesCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>userAssignments</role-hint>
> >>>>>>>         <field-name>userAssignmentsCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> <requirement>
> >>>>>>>         <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
> >>>>>>>         <role-hint>userPermissions</role-hint>
> >>>>>>>         <field-name>userPermissionsCache</field-name>
> >>>>>>> </requirement>
> >>>>>>> </requirements>
> >>>>>>> </component>
> >>>>>>>
> >>>>>>> <component>
> >>>>>>>       <role>org.codehaus.plexus.security.rbac.RBACManager</role>
> >>>>>>>       <role-hint>ldap</role-hint>
> >>>>>>>       <implementation>"my implementation"</implementation>
> >>>>>>>       <description>JdoRbacManager:</description>
> >>>>>>>       <requirements>
> >>>>>>>         <requirement>
> >>>>>>>           <role>
> >>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
> >>>>>>>           </role>
> >>>>>>>           <field-name>jdo</field-name>
> >>>>>>>         </requirement>
> >>>>>>>       </requirements>
> >>>>>>> </component>
> >>>>>>> <component>
> >>>>>>>         <role>
> >>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
> >>>>>>>         </role>
> >>>>>>>         <implementation>
> >>>>>>>        org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool
> >>>>>>>         </implementation>
> >>>>>>>         <description>JdoTool - RBAC JDO Tools.</description>
> >>>>>>>         <requirements>
> >>>>>>>                 <requirement>
> >>>>>>>                         <role>org.codehaus.plexus.jdo.JdoFactory</role>
> >>>>>>>                         <role-hint>users</role-hint>
> >>>>>>>                         <field-name>jdoFactory</field-name>
> >>>>>>>                 </requirement>
> >>>>>>>       </requirements>
> >>>>>>> </component>
> >>>>>>>
> >>>>>>> The continuum uses now my implementation, but no roles,
permissions, etc
> >>>>>>> are defined. How can I configure the continuum roles, permissions,
etc
> >>>>>>> in the components.xml-file.
> >>>>>>>
> >>>>>>> My implementation extends the
> >>>>>>> "org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoRbacManager",
> >>>>>>>   because I only want to authenticate on LDAP if the user
isn't saved in
> >>>>>>> the Database.
> >>>>>>>
> >>>>>>> greetz
> >>>>>>>   David
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>
> >
>
>


-- 
jesse mcconnell
jesse.mcconnell@gmail.com

Mime
View raw message