jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ishai Borovoy <ishaiboro...@gmail.com>
Subject Re: JCA on JBoss
Date Wed, 08 Aug 2007 06:05:23 GMT

Do you know also how to implement it on LDAP? or can you give me some
direction (links...)?


Markus Reis wrote:
> 
> Hi Ishai,
> 
> 
> you are welcome - and as I can see there's nothing more I can do for you 
> here, since you are already answering your own questions yourself :-)
> 
> 
> best regards,
> Markus
> 
> 
> Ishai Borovoy schrieb:
>> OK, I think I understand it, it in the SimpleJBossAccessManager class:
>>
>>
>> public void init(AMContext context)
>> +            throws AccessDeniedException, Exception {
>> +        Properties rolemaps = new Properties();
>> +        File rolemap = new File(context.getHomeDir(),
>> "rolemapping.properties");
>> +        log.info("Loading jbossgroup role mappings from {}",
>> rolemap.getPath());
>> +        FileInputStream rolefs = new FileInputStream(rolemap);
>> +        try {
>> +            rolemaps.load(rolefs);
>> +        } finally {
>> +            rolefs.close();
>> +        }
>> +        
>> +        Iterator iterator =
>> context.getSubject().getPrincipals().iterator();
>> +        while (iterator.hasNext()) {
>> +            Principal principal = (Principal) iterator.next();
>> +            if (principal instanceof Group
>> +                    && principal.getName().equalsIgnoreCase("Roles")){
>> +                Group group = (Group) principal;
>> +                Enumeration members = group.members();
>> +                while (members.hasMoreElements()) {
>> +                    Principal member = (Principal)
>> members.nextElement();
>> +                    String role =
>> rolemaps.getProperty(member.getName());
>> +                    system = system || "full".equalsIgnoreCase(role);
>> +                    anonymous = anonymous ||
>> "read".equalsIgnoreCase(role);
>> +                }
>> +            }
>> +        }
>> +
>> +        // @todo check permission to access given workspace based on
>> principals
>> +    }
>>
>> Ishai Borovoy wrote:
>>   
>>> Hi Markus,
>>> First I want to really thanks for your help.
>>> One more question, where is the real matching between the role (full,
>>> read
>>> & write) to jackrabbit? 
>>>
>>>
>>> Markus Reis wrote:
>>>     
>>>> Hi,
>>>>
>>>>
>>>> currently you use the login-config.xml with the following jackrabbit 
>>>> specific "code":
>>>>     <application-policy name="Jackrabbit">
>>>>       <authentication>
>>>>         <login-module 
>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>>>           flag="required">
>>>>           <module-option 
>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>           <module-option 
>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>         </login-module>
>>>>       </authentication>
>>>>     </application-policy>
>>>> further you have a jackrabbit-jca-<version>.rar file in the deploy
dir
>>>> ...
>>>>
>>>> ... alternatively you could extract this .rar into a folder called 
>>>> jackrabbit-jca-<version>.rar (yes this is a folder now) and then do
the 
>>>> changes according to the last section of 
>>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this
>>>> would 
>>>> allow you to leave conf/login-config.xml unchanged (I don't use this 
>>>> "deployment model" however).
>>>>
>>>>
>>>> kind regards,
>>>> Markus
>>>>
>>>>
>>>> Ishai Borovoy schrieb:
>>>>       
>>>>> BTW,
>>>>> what is the last section in
>>>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
>>>>> that talk about creating folder "jackrabbitsecurity.rar"?
>>>>>
>>>>>
>>>>> Markus Reis wrote:
>>>>>   
>>>>>         
>>>>>> The class should be in jackrabbit-core-<version>.jar and should
be 
>>>>>> included in jackrabbit-jca-<version>.rar - this however depends
on
>>>>>> the 
>>>>>> jackrabbit version you are using ...
>>>>>> ... in any case you can put jackrabbit-core-<version>.jar in

>>>>>> server/default/lib (simply download it from 
>>>>>> http://jackrabbit.apache.org/downloads.cgi or build it from source)
- 
>>>>>> and make sure that it contains 
>>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
>>>>>>
>>>>>> ... note that the package and the name of this class has changed
over 
>>>>>> the last jackrabbit versions - so be sure that the entry in 
>>>>>> repository.xml equals the class and package name in the included
jar!
>>>>>>
>>>>>>
>>>>>> regards,
>>>>>> Markus
>>>>>>
>>>>>>
>>>>>> Ishai Borovoy schrieb:
>>>>>>     
>>>>>>           
>>>>>>> Hi Markus,
>>>>>>> Another thing...
>>>>>>> By success I meant that I have no exception when Jboss initialize,
>>>>>>> but
>>>>>>> when
>>>>>>> I try to login (remotly) I get:
>>>>>>> "...
>>>>>>>  java.lang.ClassNotFoundException: No C
>>>>>>> sLoaders found for:
>>>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessMana
>>>>>>> ...."
>>>>>>>
>>>>>>> I guess it related to the last section in
>>>>>>> :http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
>>>>>>> I follow this section but I am not sure I did it corectly, can
you
>>>>>>> help
>>>>>>> me
>>>>>>> with that?
>>>>>>>
>>>>>>>
>>>>>>> Ishai Borovoy wrote:
>>>>>>>   
>>>>>>>       
>>>>>>>             
>>>>>>>> OK success,
>>>>>>>> Thank you very much!!!
>>>>>>>>
>>>>>>>> Ishai
>>>>>>>>
>>>>>>>>
>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>     
>>>>>>>>         
>>>>>>>>               
>>>>>>>>> OK thanks,
>>>>>>>>> I will try again.
>>>>>>>>>
>>>>>>>>> Ishai
>>>>>>>>>
>>>>>>>>> Markus Reis wrote:
>>>>>>>>>       
>>>>>>>>>           
>>>>>>>>>                 
>>>>>>>>>> (1) you have to create the rolemapping.properties
file yourself
>>>>>>>>>> (in
>>>>>>>>>> your 
>>>>>>>>>> repository.home: you specified that in jcr-ds.xml)
- and it
>>>>>>>>>> should 
>>>>>>>>>> contain the following line in your case:
>>>>>>>>>>             friend=full
>>>>>>>>>> (2) you did not read the corresponding docs on the
wiki (I
>>>>>>>>>> pointed
>>>>>>>>>> you 
>>>>>>>>>> to) - You have to modify the repository.xml (security
section)
>>>>>>>>>> to:
>>>>>>>>>>   <Security appName="Jackrabbit">
>>>>>>>>>>     <AccessManager 
>>>>>>>>>> class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
>>>>>>>>>> />
>>>>>>>>>>   </Security>
>>>>>>>>>>
>>>>>>>>>> Here's also an example jcr-ds.xml (taken from the
template in
>>>>>>>>>> SVN):
>>>>>>>>>> <connection-factories>
>>>>>>>>>>     <tx-connection-factory>
>>>>>>>>>>         <jndi-name>jcr/local</jndi-name>
>>>>>>>>>>         <xa-transaction/>
>>>>>>>>>>         <rar-name>jackrabbit-jca.rar</rar-name>
>>>>>>>>>>        
>>>>>>>>>> <connection-definition>javax.jcr.Repository</connection-definition>
>>>>>>>>>>         <config-property name="homeDir" 
>>>>>>>>>> type="java.lang.String">/temp/jackrabbit</config-property>
>>>>>>>>>>         <config-property name="configFile" 
>>>>>>>>>> type="java.lang.String">classpath:repository.xml</config-property>
>>>>>>>>>>         <config-property name="bindSessionToTransaction"

>>>>>>>>>> type="java.lang.Boolean">true</config-property>
>>>>>>>>>>     </tx-connection-factory>
>>>>>>>>>> </connection-factories>
>>>>>>>>>> change the rar name and homeDir (that's the dir where
to put the 
>>>>>>>>>> rolemapping.properties)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Markus
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>         
>>>>>>>>>>             
>>>>>>>>>>                   
>>>>>>>>>>> I sent you the files through Gmail.
>>>>>>>>>>>
>>>>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>>>>   
>>>>>>>>>>>           
>>>>>>>>>>>               
>>>>>>>>>>>                     
>>>>>>>>>>>> OK, I will.
>>>>>>>>>>>>
>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>     
>>>>>>>>>>>>             
>>>>>>>>>>>>                 
>>>>>>>>>>>>                       
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> please send me the contents of the following
files:
>>>>>>>>>>>>> (1) server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>> (2) server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>> (3) rolemapping.properties (and the location
where you put it)
>>>>>>>>>>>>> (4) repository.xml in the jca rar file
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>       
>>>>>>>>>>>>>               
>>>>>>>>>>>>>                   
>>>>>>>>>>>>>                         
>>>>>>>>>>>>>> Hi Markus,
>>>>>>>>>>>>>> I did all your instruction below
and restart the Jboss, no
>>>>>>>>>>>>>> error...
>>>>>>>>>>>>>> but the problem I can login with
no matter what user/password
>>>>>>>>>>>>>> I
>>>>>>>>>>>>>> use.  
>>>>>>>>>>>>>> Here is the client code (I call it
remotly (use the
>>>>>>>>>>>>>> jackrabbit-jcr-rmi-1.3.1.jar)).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <code>
>>>>>>>>>>>>>>                     rr = (RemoteRepository)
>>>>>>>>>>>>>> ctx.lookup("jnp://localhost:1099/jcrServer");
>>>>>>>>>>>>>> 	            Repository repository
=
>>>>>>>>>>>>>> adapter.getRepository(rr);
>>>>>>>>>>>>>>                     // no matter
what user name or password I
>>>>>>>>>>>>>> will
>>>>>>>>>>>>>> put
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> code success to run with no exeption
>>>>>>>>>>>>>> 	            Credentials credJBoss
= new
>>>>>>>>>>>>>> SimpleCredentials("username","password".toCharArray());

>>>>>>>>>>>>>> 	            Session session = repository.login(credJBoss);
>>>>>>>>>>>>>> 	            Node n = session.getRootNode().getNode("foo");
>>>>>>>>>>>>>> 	            n.setProperty("Ishai",
true);
>>>>>>>>>>>>>> 	            session.save();
>>>>>>>>>>>>>> 	            session.logout();
>>>>>>>>>>>>>> </code>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Any suggestion?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Ishai
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>         
>>>>>>>>>>>>>>                 
>>>>>>>>>>>>>>                     
>>>>>>>>>>>>>>                           
>>>>>>>>>>>>>>> Hi Ishai,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> if you are looking for simple
authentication based on a few 
>>>>>>>>>>>>>>> configuration files you could
follow the approach presented
>>>>>>>>>>>>>>> on:
>>>>>>>>>>>>>>> http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
>>>>>>>>>>>>>>> Further to the description there
you will have to:
>>>>>>>>>>>>>>> (1) add the following lines to
login-config.xml in
>>>>>>>>>>>>>>> server\default\conf:
>>>>>>>>>>>>>>> <application-policy name="Jackrabbit">
>>>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"

>>>>>>>>>>>>>>> flag="required">
>>>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>>>>>>>>>>>> </login-module>
>>>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>>>> </application-policy>
>>>>>>>>>>>>>>> (2) create a
>>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>>>> file 
>>>>>>>>>>>>>>> listing <username>=<rolename>
pairs
>>>>>>>>>>>>>>> (3) create a
>>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>>>> file 
>>>>>>>>>>>>>>> listing <username>=<passsword>
pairs
>>>>>>>>>>>>>>> (4) rename the rolemappings.properties
file in
>>>>>>>>>>>>>>> repository.home
>>>>>>>>>>>>>>> (that 
>>>>>>>>>>>>>>> lists <rolename>=<permission>
pairs) to
>>>>>>>>>>>>>>> rolemapping.properties
>>>>>>>>>>>>>>> (if
>>>>>>>>>>>>>>> you 
>>>>>>>>>>>>>>> use jackrabbit 1.3 or higher)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> hope that helps,
>>>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>>>     
>>>>>>>>>>>>>>>           
>>>>>>>>>>>>>>>                   
>>>>>>>>>>>>>>>                       
>>>>>>>>>>>>>>>                             
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>> I succeed to deploy (JCA
deployment) rar file on JBosss,
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> everything
>>>>>>>>>>>>>>>> is
>>>>>>>>>>>>>>>> work fine.  how can I configure
the repository/Jboss to
>>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>> custom
>>>>>>>>>>>>>>>> authentication (for example
with user.properties file)?
>>>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>>>       
>>>>>>>>>>>>>>>>             
>>>>>>>>>>>>>>>>                     
>>>>>>>>>>>>>>>>                         
>>>>>>>>>>>>>>>>                         
     
>>>>>>>>>>>>>>> -- 
>>>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Austrian Research Centers GmbH
- ARC
>>>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>     
>>>>>>>>>>>>>>>           
>>>>>>>>>>>>>>>                   
>>>>>>>>>>>>>>>                       
>>>>>>>>>>>>>>>                             
>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>         
>>>>>>>>>>>>>>                 
>>>>>>>>>>>>>>                     
>>>>>>>>>>>>>>                           
>>>>>>>>>>>>> -- 
>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>
>>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>
>>>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>
>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>       
>>>>>>>>>>>>>               
>>>>>>>>>>>>>                   
>>>>>>>>>>>>>                         
>>>>>>>>>>>>     
>>>>>>>>>>>>             
>>>>>>>>>>>>                 
>>>>>>>>>>>>                       
>>>>>>>>>>>   
>>>>>>>>>>>           
>>>>>>>>>>>               
>>>>>>>>>>>                     
>>>>>>>>>> -- 
>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>
>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>> Research Studios
>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>
>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>
>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>
>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>         
>>>>>>>>>>             
>>>>>>>>>>                   
>>>>>>>>>       
>>>>>>>>>           
>>>>>>>>>                 
>>>>>>>>     
>>>>>>>>         
>>>>>>>>               
>>>>>>>   
>>>>>>>       
>>>>>>>             
>>>>>> -- 
>>>>>> Mag. Markus Reis
>>>>>>
>>>>>> Austrian Research Centers GmbH - ARC
>>>>>> Research Studios
>>>>>> Studio Digital Memory Engineering
>>>>>>
>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>> Mobile: +43 664 825 1106
>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>> Fax: +43-1-585 37 41
>>>>>>
>>>>>> <markus.reis@researchstudio.at>
>>>>>> http://www.arcs.ac.at/
>>>>>> http://www.researchstudio.at/
>>>>>> http://dme.researchstudio.at/
>>>>>>
>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>
>>>>>>
>>>>>>
>>>>>>     
>>>>>>           
>>>>>   
>>>>>         
>>>> -- 
>>>> Mag. Markus Reis
>>>>
>>>> Austrian Research Centers GmbH - ARC
>>>> Research Studios
>>>> Studio Digital Memory Engineering
>>>>
>>>> Thurngasse 8/3/20, A-1090 Wien
>>>> Mobile: +43 664 825 1106
>>>> Tel.: +43-1-585 05 37 - 16
>>>> Fax: +43-1-585 37 41
>>>>
>>>> <markus.reis@researchstudio.at>
>>>> http://www.arcs.ac.at/
>>>> http://www.researchstudio.at/
>>>> http://dme.researchstudio.at/
>>>>
>>>> HG Wien – FN 115980i – ATU14703506
>>>>
>>>>
>>>>
>>>>       
>>>     
>>
>>   
> 
> 
> -- 
> Mag. Markus Reis
> 
> Austrian Research Centers GmbH - ARC
> Research Studios
> Studio Digital Memory Engineering
> 
> Thurngasse 8/3/20, A-1090 Wien
> Mobile: +43 664 825 1106
> Tel.: +43-1-585 05 37 - 16
> Fax: +43-1-585 37 41
> 
> <markus.reis@researchstudio.at>
> http://www.arcs.ac.at/
> http://www.researchstudio.at/
> http://dme.researchstudio.at/
> 
> HG Wien – FN 115980i – ATU14703506
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/JCA-on-JBoss-tf4228473.html#a12047703
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.


Mime
View raw message