jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ishai Borovoy <ishaiboro...@gmail.com>
Subject Re: JCA on JBoss
Date Wed, 08 Aug 2007 05:54:40 GMT

OK, I think I understand it, it in the SimpleJBossAccessManager class:


public void init(AMContext context)
+            throws AccessDeniedException, Exception {
+        Properties rolemaps = new Properties();
+        File rolemap = new File(context.getHomeDir(),
"rolemapping.properties");
+        log.info("Loading jbossgroup role mappings from {}",
rolemap.getPath());
+        FileInputStream rolefs = new FileInputStream(rolemap);
+        try {
+            rolemaps.load(rolefs);
+        } finally {
+            rolefs.close();
+        }
+        
+        Iterator iterator =
context.getSubject().getPrincipals().iterator();
+        while (iterator.hasNext()) {
+            Principal principal = (Principal) iterator.next();
+            if (principal instanceof Group
+                    && principal.getName().equalsIgnoreCase("Roles")){
+                Group group = (Group) principal;
+                Enumeration members = group.members();
+                while (members.hasMoreElements()) {
+                    Principal member = (Principal) members.nextElement();
+                    String role = rolemaps.getProperty(member.getName());
+                    system = system || "full".equalsIgnoreCase(role);
+                    anonymous = anonymous || "read".equalsIgnoreCase(role);
+                }
+            }
+        }
+
+        // @todo check permission to access given workspace based on
principals
+    }

Ishai Borovoy wrote:
> 
> Hi Markus,
> First I want to really thanks for your help.
> One more question, where is the real matching between the role (full, read
> & write) to jackrabbit? 
> 
> 
> Markus Reis wrote:
>> 
>> Hi,
>> 
>> 
>> currently you use the login-config.xml with the following jackrabbit 
>> specific "code":
>>     <application-policy name="Jackrabbit">
>>       <authentication>
>>         <login-module 
>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>           flag="required">
>>           <module-option 
>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>           <module-option 
>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>         </login-module>
>>       </authentication>
>>     </application-policy>
>> further you have a jackrabbit-jca-<version>.rar file in the deploy dir
>> ...
>> 
>> ... alternatively you could extract this .rar into a folder called 
>> jackrabbit-jca-<version>.rar (yes this is a folder now) and then do the 
>> changes according to the last section of 
>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this would 
>> allow you to leave conf/login-config.xml unchanged (I don't use this 
>> "deployment model" however).
>> 
>> 
>> kind regards,
>> Markus
>> 
>> 
>> Ishai Borovoy schrieb:
>>> BTW,
>>> what is the last section in
>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
>>> that talk about creating folder "jackrabbitsecurity.rar"?
>>>
>>>
>>> Markus Reis wrote:
>>>   
>>>> The class should be in jackrabbit-core-<version>.jar and should be

>>>> included in jackrabbit-jca-<version>.rar - this however depends on
the 
>>>> jackrabbit version you are using ...
>>>> ... in any case you can put jackrabbit-core-<version>.jar in 
>>>> server/default/lib (simply download it from 
>>>> http://jackrabbit.apache.org/downloads.cgi or build it from source) - 
>>>> and make sure that it contains 
>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
>>>>
>>>> ... note that the package and the name of this class has changed over 
>>>> the last jackrabbit versions - so be sure that the entry in 
>>>> repository.xml equals the class and package name in the included jar!
>>>>
>>>>
>>>> regards,
>>>> Markus
>>>>
>>>>
>>>> Ishai Borovoy schrieb:
>>>>     
>>>>> Hi Markus,
>>>>> Another thing...
>>>>> By success I meant that I have no exception when Jboss initialize, but
>>>>> when
>>>>> I try to login (remotly) I get:
>>>>> "...
>>>>>  java.lang.ClassNotFoundException: No C
>>>>> sLoaders found for:
>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessMana
>>>>> ...."
>>>>>
>>>>> I guess it related to the last section in
>>>>> :http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
>>>>> I follow this section but I am not sure I did it corectly, can you
>>>>> help
>>>>> me
>>>>> with that?
>>>>>
>>>>>
>>>>> Ishai Borovoy wrote:
>>>>>   
>>>>>       
>>>>>> OK success,
>>>>>> Thank you very much!!!
>>>>>>
>>>>>> Ishai
>>>>>>
>>>>>>
>>>>>> Ishai Borovoy wrote:
>>>>>>     
>>>>>>         
>>>>>>> OK thanks,
>>>>>>> I will try again.
>>>>>>>
>>>>>>> Ishai
>>>>>>>
>>>>>>> Markus Reis wrote:
>>>>>>>       
>>>>>>>           
>>>>>>>> (1) you have to create the rolemapping.properties file yourself
(in
>>>>>>>> your 
>>>>>>>> repository.home: you specified that in jcr-ds.xml) - and
it should 
>>>>>>>> contain the following line in your case:
>>>>>>>>             friend=full
>>>>>>>> (2) you did not read the corresponding docs on the wiki (I
pointed
>>>>>>>> you 
>>>>>>>> to) - You have to modify the repository.xml (security section)
to:
>>>>>>>>   <Security appName="Jackrabbit">
>>>>>>>>     <AccessManager 
>>>>>>>> class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
>>>>>>>> />
>>>>>>>>   </Security>
>>>>>>>>
>>>>>>>> Here's also an example jcr-ds.xml (taken from the template
in SVN):
>>>>>>>> <connection-factories>
>>>>>>>>     <tx-connection-factory>
>>>>>>>>         <jndi-name>jcr/local</jndi-name>
>>>>>>>>         <xa-transaction/>
>>>>>>>>         <rar-name>jackrabbit-jca.rar</rar-name>
>>>>>>>>        
>>>>>>>> <connection-definition>javax.jcr.Repository</connection-definition>
>>>>>>>>         <config-property name="homeDir" 
>>>>>>>> type="java.lang.String">/temp/jackrabbit</config-property>
>>>>>>>>         <config-property name="configFile" 
>>>>>>>> type="java.lang.String">classpath:repository.xml</config-property>
>>>>>>>>         <config-property name="bindSessionToTransaction"

>>>>>>>> type="java.lang.Boolean">true</config-property>
>>>>>>>>     </tx-connection-factory>
>>>>>>>> </connection-factories>
>>>>>>>> change the rar name and homeDir (that's the dir where to
put the 
>>>>>>>> rolemapping.properties)
>>>>>>>>
>>>>>>>>
>>>>>>>> Markus
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>         
>>>>>>>>             
>>>>>>>>> I sent you the files through Gmail.
>>>>>>>>>
>>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>>   
>>>>>>>>>           
>>>>>>>>>               
>>>>>>>>>> OK, I will.
>>>>>>>>>>
>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>     
>>>>>>>>>>             
>>>>>>>>>>                 
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> please send me the contents of the following
files:
>>>>>>>>>>> (1) server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>> (2) server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>> (3) rolemapping.properties (and the location
where you put it)
>>>>>>>>>>> (4) repository.xml in the jca rar file
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Markus
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>       
>>>>>>>>>>>               
>>>>>>>>>>>                   
>>>>>>>>>>>> Hi Markus,
>>>>>>>>>>>> I did all your instruction below and restart
the Jboss, no
>>>>>>>>>>>> error...
>>>>>>>>>>>> but the problem I can login with no matter
what user/password I
>>>>>>>>>>>> use.  
>>>>>>>>>>>> Here is the client code (I call it remotly
(use the
>>>>>>>>>>>> jackrabbit-jcr-rmi-1.3.1.jar)).
>>>>>>>>>>>>
>>>>>>>>>>>> <code>
>>>>>>>>>>>>                     rr = (RemoteRepository)
>>>>>>>>>>>> ctx.lookup("jnp://localhost:1099/jcrServer");
>>>>>>>>>>>> 	            Repository repository = adapter.getRepository(rr);
>>>>>>>>>>>>                     // no matter what user
name or password I
>>>>>>>>>>>> will
>>>>>>>>>>>> put
>>>>>>>>>>>> the
>>>>>>>>>>>> code success to run with no exeption
>>>>>>>>>>>> 	            Credentials credJBoss = new
>>>>>>>>>>>> SimpleCredentials("username","password".toCharArray());

>>>>>>>>>>>> 	            Session session = repository.login(credJBoss);
>>>>>>>>>>>> 	            Node n = session.getRootNode().getNode("foo");
>>>>>>>>>>>> 	            n.setProperty("Ishai", true);
>>>>>>>>>>>> 	            session.save();
>>>>>>>>>>>> 	            session.logout();
>>>>>>>>>>>> </code>
>>>>>>>>>>>>
>>>>>>>>>>>> Any suggestion?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Ishai
>>>>>>>>>>>>
>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>   
>>>>>>>>>>>>         
>>>>>>>>>>>>                 
>>>>>>>>>>>>                     
>>>>>>>>>>>>> Hi Ishai,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> if you are looking for simple authentication
based on a few 
>>>>>>>>>>>>> configuration files you could follow
the approach presented
>>>>>>>>>>>>> on:
>>>>>>>>>>>>> http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
>>>>>>>>>>>>> Further to the description there you
will have to:
>>>>>>>>>>>>> (1) add the following lines to login-config.xml
in
>>>>>>>>>>>>> server\default\conf:
>>>>>>>>>>>>> <application-policy name="Jackrabbit">
>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"

>>>>>>>>>>>>> flag="required">
>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>>>>>>>>>> </login-module>
>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>> </application-policy>
>>>>>>>>>>>>> (2) create a
>>>>>>>>>>>>> server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>> file 
>>>>>>>>>>>>> listing <username>=<rolename>
pairs
>>>>>>>>>>>>> (3) create a
>>>>>>>>>>>>> server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>> file 
>>>>>>>>>>>>> listing <username>=<passsword>
pairs
>>>>>>>>>>>>> (4) rename the rolemappings.properties
file in repository.home
>>>>>>>>>>>>> (that 
>>>>>>>>>>>>> lists <rolename>=<permission>
pairs) to rolemapping.properties
>>>>>>>>>>>>> (if
>>>>>>>>>>>>> you 
>>>>>>>>>>>>> use jackrabbit 1.3 or higher)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> hope that helps,
>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>     
>>>>>>>>>>>>>           
>>>>>>>>>>>>>                   
>>>>>>>>>>>>>                       
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>> I succeed to deploy (JCA deployment)
rar file on JBosss, and
>>>>>>>>>>>>>> everything
>>>>>>>>>>>>>> is
>>>>>>>>>>>>>> work fine.  how can I configure the
repository/Jboss to work
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>> custom
>>>>>>>>>>>>>> authentication (for example with
user.properties file)?
>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>       
>>>>>>>>>>>>>>             
>>>>>>>>>>>>>>                     
>>>>>>>>>>>>>>                         
>>>>>>>>>>>>> -- 
>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>
>>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>
>>>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>
>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>     
>>>>>>>>>>>>>           
>>>>>>>>>>>>>                   
>>>>>>>>>>>>>                       
>>>>>>>>>>>>   
>>>>>>>>>>>>         
>>>>>>>>>>>>                 
>>>>>>>>>>>>                     
>>>>>>>>>>> -- 
>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>
>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>> Research Studios
>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>
>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>
>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>
>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>       
>>>>>>>>>>>               
>>>>>>>>>>>                   
>>>>>>>>>>     
>>>>>>>>>>             
>>>>>>>>>>                 
>>>>>>>>>   
>>>>>>>>>           
>>>>>>>>>               
>>>>>>>> -- 
>>>>>>>> Mag. Markus Reis
>>>>>>>>
>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>> Research Studios
>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>
>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>
>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>> http://www.arcs.ac.at/
>>>>>>>> http://www.researchstudio.at/
>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>
>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         
>>>>>>>>             
>>>>>>>       
>>>>>>>           
>>>>>>     
>>>>>>         
>>>>>   
>>>>>       
>>>> -- 
>>>> Mag. Markus Reis
>>>>
>>>> Austrian Research Centers GmbH - ARC
>>>> Research Studios
>>>> Studio Digital Memory Engineering
>>>>
>>>> Thurngasse 8/3/20, A-1090 Wien
>>>> Mobile: +43 664 825 1106
>>>> Tel.: +43-1-585 05 37 - 16
>>>> Fax: +43-1-585 37 41
>>>>
>>>> <markus.reis@researchstudio.at>
>>>> http://www.arcs.ac.at/
>>>> http://www.researchstudio.at/
>>>> http://dme.researchstudio.at/
>>>>
>>>> HG Wien – FN 115980i – ATU14703506
>>>>
>>>>
>>>>
>>>>     
>>>
>>>   
>> 
>> 
>> -- 
>> Mag. Markus Reis
>> 
>> Austrian Research Centers GmbH - ARC
>> Research Studios
>> Studio Digital Memory Engineering
>> 
>> Thurngasse 8/3/20, A-1090 Wien
>> Mobile: +43 664 825 1106
>> Tel.: +43-1-585 05 37 - 16
>> Fax: +43-1-585 37 41
>> 
>> <markus.reis@researchstudio.at>
>> http://www.arcs.ac.at/
>> http://www.researchstudio.at/
>> http://dme.researchstudio.at/
>> 
>> HG Wien – FN 115980i – ATU14703506
>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/JCA-on-JBoss-tf4228473.html#a12047627
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.


Mime
View raw message