You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by jo...@gmx.net on 2005/02/10 12:13:10 UTC
accessing slide on the server side
Hi all,
As I'm not sure, if my previous post some days ago came through (I didn't
subscribe to the list before), here is another try. I have added some new
evaluation results I collected in the meantime. Basically my request is the
same as that of James a year ago
(http://www.mail-archive.com/slide-user@jakarta.apache.org/msg05418.html).
In a project just started we're using a combination of open source products
to build a secure document management system:
- Tomcat with SSL client authentication
- JSR168 portal (Liferay)
- own DMS portlet for exploring and editing Slide content
- Slide as the storage backend and for user management
Our architect presented us a concept, in which Tomcat negotiates the secure
ssl context with the client browser and this context is then shared by the
portal and Slide (both as seperate webapps). Slide brings in a standard
interface (webDAV) and the (required) version management.
At the point to access the slide webapp from server side servlets (as part
of our DMS portlet) we realized, that there seems to be no adequate method
to access the Slide webapp on the server side (from a servlet) meeting our
minimum requirements:
- secure clean client certificate authentication in both Slide and the
portal (sharing the ssl context managed by tomcat)
- access via standard webDAV
- versionmanagement in Slide
This are the possibilities inside our servlet, all failing at one
requirement at least:
1. Slide webdavclient lib (like in the connector/TestServlet example): Works
only for username/passwd, can't share/forward the SSL-context
2. Slide serverside API: no standard webdav, our webapp has to "merge" with
slide into one webapp by including its jars
3. Use the Slide servlet/the "webdav" layer underneath the servlet: Should
we build ServletRequests on our own and parse the response objects?
4. WCK: no support for version management, beta
5. DAV4J: no further development
6. Slide Projector: Has probably too much impact on our overall
architecture(?), maybe usable only as backend for our JSP?
7. Move the webdav stuff to a (thick) client: no thin client any more
What to you think? Is it possible to meet the requirements with Slide? If
yes, how could/should that be done?
What could be a intermediate solution?
- Does most of what we need now
- Does all we need with the next release (2.2/3)
- easy/best to migrate to the next release
Any comparable project references or other hints?
Thanks in advance, Kolja
--
DSL Komplett von GMX +++ Superg�nstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: AW: accessing slide on the server side
Posted by Michael Smith <ms...@speedlegal.com>.
Daniel Florey wrote:
> Hi Kolja,
> I've been facing similar problems when working on the Projector framework.
> The main problem is that you'll not get the full user/password information
> out of the user credentials that tomcat provides (for security reasons).
> My choice was to provide a login-box at portal level and not to use the
> standard http auth schema. The entered data can be used to pass this
> information to Slide using the standard http authentication on Slide level.
> If you want to provide a single user base and expose this to the end user
> with http auth the only way is to implement Kerberos authentication in your
> portal and Slide as this enables you to pass the user information from the
> client to the portal and finally to the Slide server.
Another possible approach is (if you're using only HTTP Basic auth -
whether over SSL or not) to simply parse the Authentication header
yourself, and get the username (well, you already have that from the
servlet API) and the password (which is the key bit!) from it.
Then you can use the client lib as normal.
It does limit you to Basic auth, though, which may cause problems
elsewhere. Using an HTML form login, as Daniel suggested, is a good
alternative - or you could provide both.
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
AW: accessing slide on the server side
Posted by Daniel Florey <da...@web.de>.
Hi Kolja,
I've been facing similar problems when working on the Projector framework.
The main problem is that you'll not get the full user/password information
out of the user credentials that tomcat provides (for security reasons).
My choice was to provide a login-box at portal level and not to use the
standard http auth schema. The entered data can be used to pass this
information to Slide using the standard http authentication on Slide level.
If you want to provide a single user base and expose this to the end user
with http auth the only way is to implement Kerberos authentication in your
portal and Slide as this enables you to pass the user information from the
client to the portal and finally to the Slide server.
I've been using the webdavlib on server side (portal - slide communication)
in order to be on the safe side as the Slide api may change and provides
only a subset of the available functionality as it skips the webdav layer.
My proposal for unifying the client/server api (Slide 3.0) was caused by
this problems. But the work on Slide 3.0 has not yet even begun and I'm
currently busy on some commercial projects so that I have very (very) little
time for Slide.
Cheers,
Daniel
> -----Ursprüngliche Nachricht-----
> Von: slide-user-return-10734-daniel.florey=web.de@jakarta.apache.org
> [mailto:slide-user-return-10734-daniel.florey=web.de@jakarta.apache.org]
> Im Auftrag von joust@gmx.net
> Gesendet: Donnerstag, 10. Februar 2005 12:13
> An: slide-user@jakarta.apache.org
> Betreff: accessing slide on the server side
>
> Hi all,
>
> As I'm not sure, if my previous post some days ago came through (I didn't
> subscribe to the list before), here is another try. I have added some new
> evaluation results I collected in the meantime. Basically my request is
> the
> same as that of James a year ago
> (http://www.mail-archive.com/slide-user@jakarta.apache.org/msg05418.html).
>
> In a project just started we're using a combination of open source
> products
> to build a secure document management system:
>
> - Tomcat with SSL client authentication
> - JSR168 portal (Liferay)
> - own DMS portlet for exploring and editing Slide content
> - Slide as the storage backend and for user management
>
> Our architect presented us a concept, in which Tomcat negotiates the
> secure
> ssl context with the client browser and this context is then shared by the
> portal and Slide (both as seperate webapps). Slide brings in a standard
> interface (webDAV) and the (required) version management.
>
> At the point to access the slide webapp from server side servlets (as part
> of our DMS portlet) we realized, that there seems to be no adequate method
> to access the Slide webapp on the server side (from a servlet) meeting our
> minimum requirements:
> - secure clean client certificate authentication in both Slide and the
> portal (sharing the ssl context managed by tomcat)
> - access via standard webDAV
> - versionmanagement in Slide
>
> This are the possibilities inside our servlet, all failing at one
> requirement at least:
>
> 1. Slide webdavclient lib (like in the connector/TestServlet example):
> Works
> only for username/passwd, can't share/forward the SSL-context
> 2. Slide serverside API: no standard webdav, our webapp has to "merge"
> with
> slide into one webapp by including its jars
> 3. Use the Slide servlet/the "webdav" layer underneath the servlet: Should
> we build ServletRequests on our own and parse the response objects?
> 4. WCK: no support for version management, beta
> 5. DAV4J: no further development
> 6. Slide Projector: Has probably too much impact on our overall
> architecture(?), maybe usable only as backend for our JSP?
> 7. Move the webdav stuff to a (thick) client: no thin client any more
>
> What to you think? Is it possible to meet the requirements with Slide? If
> yes, how could/should that be done?
> What could be a intermediate solution?
> - Does most of what we need now
> - Does all we need with the next release (2.2/3)
> - easy/best to migrate to the next release
>
> Any comparable project references or other hints?
>
> Thanks in advance, Kolja
>
> --
> DSL Komplett von GMX +++ Superg|nstig und stressfrei einsteigen!
> AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org