jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paco Avila <monk...@gmail.com>
Subject Trying to migrate my app from jackrabbit 1.4 to 1.5
Date Wed, 24 Feb 2010 17:31:58 GMT
Hi, I am trying to migrate OpenKM from jackrabbit 1.4 to 1.5 and have
some problems. Basically is due changes to the authorization /
authentication stuff. My security configuration was:

<Security appName="OpenKM">
      <AccessManager class="com.openkm.core.OKMAccessManager"/>
      <!-- <AccessManager
class="org.apache.jackrabbit.core.security.SimpleAccessManager"/> -->
</Security>

So, I implemented my own AccessManager to deal with user / roles
permissions to access the documents and folders (OpenKM is a DMS). To
do this, I had to create a mixin to store the user/group permissions
in each node:

[mix:accessControlled] mixin
- okm:authUsersRead (string) multiple mandatory
- okm:authUsersWrite (string) multiple mandatory
- okm:authRolesRead (string) multiple mandatory
- okm:authRolesWrite (string) multiple mandatory

Well, starting with Jackrabbit 1.5 a security api has been included
(implementing the JSR-283 standar). This implies a
DefaultAccessManager which, I think, should replace my own
OKMAccessManager because it handle the node and properties
permissions. Isn't it?

In my test use this security configuration:

 <!-- Security configuration -->
    <Security appName="Jackrabbit">
        <!-- Security manager: class: FQN of class implementing the
JackrabbitSecurityManager interface -->
        <SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager"
workspaceName="security">
            <!-- workspace access: class: FQN of class implementing
the WorkspaceAccessManager interface -->
            <!-- <WorkspaceAccessManager class="..."/> -->
            <!-- <param name="config" value="${rep.home}/security.xml"/> -->
        </SecurityManager>

        <!-- Access manager: class: FQN of class implementing the
AccessManager interface -->
        <AccessManager
class="org.apache.jackrabbit.core.security.DefaultAccessManager">
            <!-- <param name="config" value="${rep.home}/access.xml"/> -->
        </AccessManager>

        <LoginModule
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
           <!-- Anonymous user name ('anonymous' is the default value) -->
           <param name="anonymousId" value="anonymous"/>
           <!-- Administrator user id (default value if param is
missing is 'admin') -->
           <param name="adminId" value="admin"/>
           <!-- <param name="principalProvider" value="..."/> -->
        </LoginModule>
    </Security>

And now have lots of doubts :) and the related wiki page
(http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity) seems
very old.

There is a page called restricted.jsp that only can be accessed if you
enter a valid login and password. It is protected using JAAS. As I see
at http://jackrabbit.apache.org/first-hops.html, repository.login()
tries to get the user from JAAS, and this code in restricted.jsp
should work as expected:

String JBOSS_HOME = System.getProperty("jboss.home.dir");
Repository repo = new
TransientRepository(JBOSS_HOME+"/repository.xml",
JBOSS_HOME+"/repository");
Session se = repo.login();
se.logout();

But throws this exception:

18:27:52,002 INFO  [RepositoryImpl] workspace 'security' initialized
18:27:52,047 INFO  [DefaultSecurityManager] init: use JAAS
login-configuration for Jackrabbit
18:27:53,229 INFO  [UserManagerImpl] Group created: {}administrators;
/rep:security/rep:authorizables/rep:groups/administrators
18:27:53,286 INFO  [UserManagerImpl] User created: admin;
/rep:security/rep:authorizables/rep:users/admin
18:27:53,287 INFO  [DefaultSecurityManager] ...created admin-user with
id 'admin' ...
18:27:53,366 INFO  [DefaultSecurityManager] ...added admin 'admin' as
member of the administrators group.
18:27:53,401 INFO  [UserManagerImpl] User created: anonymous;
/rep:security/rep:authorizables/rep:users/anonymous
18:27:53,401 INFO  [DefaultSecurityManager] ...created anonymous-user
with id 'anonymous' ...
18:27:53,434 INFO  [RepositoryImpl] SecurityManager = class
org.apache.jackrabbit.core.DefaultSecurityManager
18:27:53,450 ERROR [UsersRolesLoginModule] Failed to load
users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults:
defaultUsers.properties found

Why does it need an user.properties if the credentials should be
retrieved from JAAS ?
-- 
OpenKM
http://www.openkm.com
http://www.guia-ubuntu.org

Mime
View raw message