jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Reis <markus.r...@researchstudio.at>
Subject Re: JCA on JBoss
Date Wed, 08 Aug 2007 06:02:02 GMT
Hi Ishai,


you are welcome - and as I can see there's nothing more I can do for you 
here, since you are already answering your own questions yourself :-)


best regards,
Markus


Ishai Borovoy schrieb:
> OK, I think I understand it, it in the SimpleJBossAccessManager class:
>
>
> public void init(AMContext context)
> +            throws AccessDeniedException, Exception {
> +        Properties rolemaps = new Properties();
> +        File rolemap = new File(context.getHomeDir(),
> "rolemapping.properties");
> +        log.info("Loading jbossgroup role mappings from {}",
> rolemap.getPath());
> +        FileInputStream rolefs = new FileInputStream(rolemap);
> +        try {
> +            rolemaps.load(rolefs);
> +        } finally {
> +            rolefs.close();
> +        }
> +        
> +        Iterator iterator =
> context.getSubject().getPrincipals().iterator();
> +        while (iterator.hasNext()) {
> +            Principal principal = (Principal) iterator.next();
> +            if (principal instanceof Group
> +                    && principal.getName().equalsIgnoreCase("Roles")){
> +                Group group = (Group) principal;
> +                Enumeration members = group.members();
> +                while (members.hasMoreElements()) {
> +                    Principal member = (Principal) members.nextElement();
> +                    String role = rolemaps.getProperty(member.getName());
> +                    system = system || "full".equalsIgnoreCase(role);
> +                    anonymous = anonymous || "read".equalsIgnoreCase(role);
> +                }
> +            }
> +        }
> +
> +        // @todo check permission to access given workspace based on
> principals
> +    }
>
> Ishai Borovoy wrote:
>   
>> Hi Markus,
>> First I want to really thanks for your help.
>> One more question, where is the real matching between the role (full, read
>> & write) to jackrabbit? 
>>
>>
>> Markus Reis wrote:
>>     
>>> Hi,
>>>
>>>
>>> currently you use the login-config.xml with the following jackrabbit 
>>> specific "code":
>>>     <application-policy name="Jackrabbit">
>>>       <authentication>
>>>         <login-module 
>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>>           flag="required">
>>>           <module-option 
>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>           <module-option 
>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>         </login-module>
>>>       </authentication>
>>>     </application-policy>
>>> further you have a jackrabbit-jca-<version>.rar file in the deploy dir
>>> ...
>>>
>>> ... alternatively you could extract this .rar into a folder called 
>>> jackrabbit-jca-<version>.rar (yes this is a folder now) and then do the

>>> changes according to the last section of 
>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this would 
>>> allow you to leave conf/login-config.xml unchanged (I don't use this 
>>> "deployment model" however).
>>>
>>>
>>> kind regards,
>>> Markus
>>>
>>>
>>> Ishai Borovoy schrieb:
>>>       
>>>> BTW,
>>>> what is the last section in
>>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
>>>> that talk about creating folder "jackrabbitsecurity.rar"?
>>>>
>>>>
>>>> Markus Reis wrote:
>>>>   
>>>>         
>>>>> The class should be in jackrabbit-core-<version>.jar and should
be 
>>>>> included in jackrabbit-jca-<version>.rar - this however depends
on the 
>>>>> jackrabbit version you are using ...
>>>>> ... in any case you can put jackrabbit-core-<version>.jar in 
>>>>> server/default/lib (simply download it from 
>>>>> http://jackrabbit.apache.org/downloads.cgi or build it from source) -

>>>>> and make sure that it contains 
>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
>>>>>
>>>>> ... note that the package and the name of this class has changed over

>>>>> the last jackrabbit versions - so be sure that the entry in 
>>>>> repository.xml equals the class and package name in the included jar!
>>>>>
>>>>>
>>>>> regards,
>>>>> Markus
>>>>>
>>>>>
>>>>> Ishai Borovoy schrieb:
>>>>>     
>>>>>           
>>>>>> Hi Markus,
>>>>>> Another thing...
>>>>>> By success I meant that I have no exception when Jboss initialize,
but
>>>>>> when
>>>>>> I try to login (remotly) I get:
>>>>>> "...
>>>>>>  java.lang.ClassNotFoundException: No C
>>>>>> sLoaders found for:
>>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessMana
>>>>>> ...."
>>>>>>
>>>>>> I guess it related to the last section in
>>>>>> :http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
>>>>>> I follow this section but I am not sure I did it corectly, can you
>>>>>> help
>>>>>> me
>>>>>> with that?
>>>>>>
>>>>>>
>>>>>> Ishai Borovoy wrote:
>>>>>>   
>>>>>>       
>>>>>>             
>>>>>>> OK success,
>>>>>>> Thank you very much!!!
>>>>>>>
>>>>>>> Ishai
>>>>>>>
>>>>>>>
>>>>>>> Ishai Borovoy wrote:
>>>>>>>     
>>>>>>>         
>>>>>>>               
>>>>>>>> OK thanks,
>>>>>>>> I will try again.
>>>>>>>>
>>>>>>>> Ishai
>>>>>>>>
>>>>>>>> Markus Reis wrote:
>>>>>>>>       
>>>>>>>>           
>>>>>>>>                 
>>>>>>>>> (1) you have to create the rolemapping.properties file
yourself (in
>>>>>>>>> your 
>>>>>>>>> repository.home: you specified that in jcr-ds.xml) -
and it should 
>>>>>>>>> contain the following line in your case:
>>>>>>>>>             friend=full
>>>>>>>>> (2) you did not read the corresponding docs on the wiki
(I pointed
>>>>>>>>> you 
>>>>>>>>> to) - You have to modify the repository.xml (security
section) to:
>>>>>>>>>   <Security appName="Jackrabbit">
>>>>>>>>>     <AccessManager 
>>>>>>>>> class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
>>>>>>>>> />
>>>>>>>>>   </Security>
>>>>>>>>>
>>>>>>>>> Here's also an example jcr-ds.xml (taken from the template
in SVN):
>>>>>>>>> <connection-factories>
>>>>>>>>>     <tx-connection-factory>
>>>>>>>>>         <jndi-name>jcr/local</jndi-name>
>>>>>>>>>         <xa-transaction/>
>>>>>>>>>         <rar-name>jackrabbit-jca.rar</rar-name>
>>>>>>>>>        
>>>>>>>>> <connection-definition>javax.jcr.Repository</connection-definition>
>>>>>>>>>         <config-property name="homeDir" 
>>>>>>>>> type="java.lang.String">/temp/jackrabbit</config-property>
>>>>>>>>>         <config-property name="configFile" 
>>>>>>>>> type="java.lang.String">classpath:repository.xml</config-property>
>>>>>>>>>         <config-property name="bindSessionToTransaction"

>>>>>>>>> type="java.lang.Boolean">true</config-property>
>>>>>>>>>     </tx-connection-factory>
>>>>>>>>> </connection-factories>
>>>>>>>>> change the rar name and homeDir (that's the dir where
to put the 
>>>>>>>>> rolemapping.properties)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Markus
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>         
>>>>>>>>>             
>>>>>>>>>                   
>>>>>>>>>> I sent you the files through Gmail.
>>>>>>>>>>
>>>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>>>   
>>>>>>>>>>           
>>>>>>>>>>               
>>>>>>>>>>                     
>>>>>>>>>>> OK, I will.
>>>>>>>>>>>
>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>     
>>>>>>>>>>>             
>>>>>>>>>>>                 
>>>>>>>>>>>                       
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> please send me the contents of the following
files:
>>>>>>>>>>>> (1) server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>> (2) server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>> (3) rolemapping.properties (and the location
where you put it)
>>>>>>>>>>>> (4) repository.xml in the jca rar file
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Markus
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>       
>>>>>>>>>>>>               
>>>>>>>>>>>>                   
>>>>>>>>>>>>                         
>>>>>>>>>>>>> Hi Markus,
>>>>>>>>>>>>> I did all your instruction below and
restart the Jboss, no
>>>>>>>>>>>>> error...
>>>>>>>>>>>>> but the problem I can login with no matter
what user/password I
>>>>>>>>>>>>> use.  
>>>>>>>>>>>>> Here is the client code (I call it remotly
(use the
>>>>>>>>>>>>> jackrabbit-jcr-rmi-1.3.1.jar)).
>>>>>>>>>>>>>
>>>>>>>>>>>>> <code>
>>>>>>>>>>>>>                     rr = (RemoteRepository)
>>>>>>>>>>>>> ctx.lookup("jnp://localhost:1099/jcrServer");
>>>>>>>>>>>>> 	            Repository repository =
adapter.getRepository(rr);
>>>>>>>>>>>>>                     // no matter what
user name or password I
>>>>>>>>>>>>> will
>>>>>>>>>>>>> put
>>>>>>>>>>>>> the
>>>>>>>>>>>>> code success to run with no exeption
>>>>>>>>>>>>> 	            Credentials credJBoss =
new
>>>>>>>>>>>>> SimpleCredentials("username","password".toCharArray());

>>>>>>>>>>>>> 	            Session session = repository.login(credJBoss);
>>>>>>>>>>>>> 	            Node n = session.getRootNode().getNode("foo");
>>>>>>>>>>>>> 	            n.setProperty("Ishai", true);
>>>>>>>>>>>>> 	            session.save();
>>>>>>>>>>>>> 	            session.logout();
>>>>>>>>>>>>> </code>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Any suggestion?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Ishai
>>>>>>>>>>>>>
>>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>>   
>>>>>>>>>>>>>         
>>>>>>>>>>>>>                 
>>>>>>>>>>>>>                     
>>>>>>>>>>>>>                           
>>>>>>>>>>>>>> Hi Ishai,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> if you are looking for simple authentication
based on a few 
>>>>>>>>>>>>>> configuration files you could follow
the approach presented
>>>>>>>>>>>>>> on:
>>>>>>>>>>>>>> http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
>>>>>>>>>>>>>> Further to the description there
you will have to:
>>>>>>>>>>>>>> (1) add the following lines to login-config.xml
in
>>>>>>>>>>>>>> server\default\conf:
>>>>>>>>>>>>>> <application-policy name="Jackrabbit">
>>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"

>>>>>>>>>>>>>> flag="required">
>>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>>>>>>>>>>> <module-option 
>>>>>>>>>>>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>>>>>>>>>>> </login-module>
>>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>>> </application-policy>
>>>>>>>>>>>>>> (2) create a
>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>>> file 
>>>>>>>>>>>>>> listing <username>=<rolename>
pairs
>>>>>>>>>>>>>> (3) create a
>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>>> file 
>>>>>>>>>>>>>> listing <username>=<passsword>
pairs
>>>>>>>>>>>>>> (4) rename the rolemappings.properties
file in repository.home
>>>>>>>>>>>>>> (that 
>>>>>>>>>>>>>> lists <rolename>=<permission>
pairs) to rolemapping.properties
>>>>>>>>>>>>>> (if
>>>>>>>>>>>>>> you 
>>>>>>>>>>>>>> use jackrabbit 1.3 or higher)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> hope that helps,
>>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>>     
>>>>>>>>>>>>>>           
>>>>>>>>>>>>>>                   
>>>>>>>>>>>>>>                       
>>>>>>>>>>>>>>                             
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>> I succeed to deploy (JCA deployment)
rar file on JBosss, and
>>>>>>>>>>>>>>> everything
>>>>>>>>>>>>>>> is
>>>>>>>>>>>>>>> work fine.  how can I configure
the repository/Jboss to work
>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>> custom
>>>>>>>>>>>>>>> authentication (for example with
user.properties file)?
>>>>>>>>>>>>>>>   
>>>>>>>>>>>>>>>       
>>>>>>>>>>>>>>>             
>>>>>>>>>>>>>>>                     
>>>>>>>>>>>>>>>                         
>>>>>>>>>>>>>>>                             
 
>>>>>>>>>>>>>> -- 
>>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Austrian Research Centers GmbH -
ARC
>>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>     
>>>>>>>>>>>>>>           
>>>>>>>>>>>>>>                   
>>>>>>>>>>>>>>                       
>>>>>>>>>>>>>>                             
>>>>>>>>>>>>>   
>>>>>>>>>>>>>         
>>>>>>>>>>>>>                 
>>>>>>>>>>>>>                     
>>>>>>>>>>>>>                           
>>>>>>>>>>>> -- 
>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>
>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>> Research Studios
>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>
>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>
>>>>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>
>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>       
>>>>>>>>>>>>               
>>>>>>>>>>>>                   
>>>>>>>>>>>>                         
>>>>>>>>>>>     
>>>>>>>>>>>             
>>>>>>>>>>>                 
>>>>>>>>>>>                       
>>>>>>>>>>   
>>>>>>>>>>           
>>>>>>>>>>               
>>>>>>>>>>                     
>>>>>>>>> -- 
>>>>>>>>> Mag. Markus Reis
>>>>>>>>>
>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>> Research Studios
>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>
>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>
>>>>>>>>> <markus.reis@researchstudio.at>
>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>
>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>         
>>>>>>>>>             
>>>>>>>>>                   
>>>>>>>>       
>>>>>>>>           
>>>>>>>>                 
>>>>>>>     
>>>>>>>         
>>>>>>>               
>>>>>>   
>>>>>>       
>>>>>>             
>>>>> -- 
>>>>> Mag. Markus Reis
>>>>>
>>>>> Austrian Research Centers GmbH - ARC
>>>>> Research Studios
>>>>> Studio Digital Memory Engineering
>>>>>
>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>> Mobile: +43 664 825 1106
>>>>> Tel.: +43-1-585 05 37 - 16
>>>>> Fax: +43-1-585 37 41
>>>>>
>>>>> <markus.reis@researchstudio.at>
>>>>> http://www.arcs.ac.at/
>>>>> http://www.researchstudio.at/
>>>>> http://dme.researchstudio.at/
>>>>>
>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>           
>>>>   
>>>>         
>>> -- 
>>> Mag. Markus Reis
>>>
>>> Austrian Research Centers GmbH - ARC
>>> Research Studios
>>> Studio Digital Memory Engineering
>>>
>>> Thurngasse 8/3/20, A-1090 Wien
>>> Mobile: +43 664 825 1106
>>> Tel.: +43-1-585 05 37 - 16
>>> Fax: +43-1-585 37 41
>>>
>>> <markus.reis@researchstudio.at>
>>> http://www.arcs.ac.at/
>>> http://www.researchstudio.at/
>>> http://dme.researchstudio.at/
>>>
>>> HG Wien – FN 115980i – ATU14703506
>>>
>>>
>>>
>>>       
>>     
>
>   


-- 
Mag. Markus Reis

Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering

Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41

<markus.reis@researchstudio.at>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/

HG Wien – FN 115980i – ATU14703506


Mime
View raw message