roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ROL-1933) Crowd Login Authentication Roller Integration
Date Tue, 06 Aug 2013 17:43:51 GMT

    [ https://issues.apache.org/jira/browse/ROL-1933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13731008#comment-13731008
] 

Glen Mazza commented on ROL-1933:
---------------------------------

Snapshot containing Crowd classes (2 of them):
http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/core/security/?pathrev=1505192

With additional bean added in security.xml:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/security.xml?r1=1160051&r2=1243258&pathrev=1505192&diff_format=h

Additional settings needed in roller.properties file:
http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?r1=1242523&r2=1243258&pathrev=1505192
                
> Crowd Login Authentication Roller Integration
> ---------------------------------------------
>
>                 Key: ROL-1933
>                 URL: https://issues.apache.org/jira/browse/ROL-1933
>             Project: Roller
>          Issue Type: New Feature
>            Reporter: Nick Padilla
>            Assignee: David Johnson
>              Labels: authentication, integration
>             Fix For: 5.1
>
>         Attachments: 2-BasicUserAutoProvision.txt, 2-CrowdAuthenticationProvider.java,
2-CrowdRollerUserDetails.java, 2-pom.xml, 2-roller-properties.txt, 2-security-xml.txt, BasicUserAutoProvision.txt,
CrowdAuthenticationProvider.java, crowd.properties, CrowdRollerUserDetails.java, pox-xml.txt,
security-xml.txt
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> CROWD:
> 1. First off how do we want to handle the demotion or elevation of permissions,groups
rather.  Say an admin goes to just an editor or an editor goes to admin, currently there will
be no change on Roller.
> 2. If user has permissions for the application but is not part of a group, currently
it gives editor roles; does that work? If not we need to make a that change.
> 3. Old users can continue to use thier Roller accounts, if the user is a user of the
Roller application in Crowd they will authenticate through Crowd. This is as long as the two
accounts have the same
> user name.  Once authenticated through Crowd, Roller Authentication will not work. So
if Crowd goes down and all users are in Crowd then no one will be able to enter the site.
 Recommendation is to have 
> at least one admin user that doesn't have an account in Crowd, this way there will always
be a way in.  
> 4. If the crowd.properties file is not on the classpath then we never use crowd to authenticate,
however if you have users that were authenticated through crowd then they will not be able
to login.  
> 5. If the user exists in Crowd and has permissions to access Roller and Roller doesn't
contain this user account then a new user will be registered automatically; if no groups are
setup then the user
> will have editor role, if the user is part of a group that contains the string "admin"
or "ADMIN" then that user will be given Admin rights. 
> 6. Here is an example crowd.properties file, currently we get the file every time there
is a need for it; so that resource will be continually accessed.  If this is problem, which
I can understand I can
> create a singleton that will hanlde the crowd.properties file and only load it once.
 This means if any changes are made to the file we have to restart the application.
> 		#required fields
> 		crowd.application.name=roller
> 		crowd.application.password=password
> 		crowd.port=8095
> 		crowd.host=localhost
> 		crowd.context=crowd
> 		#end required fields
> 		#this setting allows the use of https, defaults to false; not present we will use plain
socket.
> 		crowd.useSecureConnection=false
> 		crowd.default.timezone=
> 		crowd.default.locale=
> You can add this file the same way you add the roller-custom.properties. TimeZone and
Locale are not required, but standard format.
> 7. These are the settings that need to be set in the roller-custom.properties to enable
the use of Crowd Authentication:
> 		# Crowd Auth, need these settings to be enabled
> 		users.sso.enabled=true
> 		users.sso.autoProvision.enabled=true
> If these are not set Crowd authentication will not work correctly.  The AutoProvision
is what makes this all work, the users from Crowd and not in Roller will be saved to Rollers
db the first time the log in. The reason this is needed 
> is so that permissions can be written for Roller. Will still need to add some code to
ensure when users get promoted or demoted, those changes make it to the Roller DB.
> Please see attached files as they contain these changes and are in sync with Trunk, as
of today.  We can extend this functionality but here is working starting point.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message