You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Andy Depue <an...@marathon-man.com> on 2005/02/11 02:15:12 UTC

Configuring a principal store

OK, I've coded my own Principal store based on code from JNDIPrincipalStore 
and am setting up a test configuration.  I'm a little confused how to setup 
domain.xml.  First, my store will only handle /users and /roles.  Everything 
else will be handled by J2EEStore.  So, do I setup two separate and distinct 
<store> entries under <definition> (one for J2EE and one for my custom 
principal store), or do I setup one <store> entry and use my custom class for 
the <securitystore ...> element?  Something like:

  <securitystore classname="com...SpringDAOPrincipalStore">
    ...
  </securitystore>

If I setup two entries, they might look something like:

  <store name="j2ee">
    <nodestore classname="org.apache.slide.store.impl.rdbms.J2EEStore">
      ...
    </nodestore>
    <securitystore>
      <reference store="nodestore"/>
    </securitystore>
    ...
  </store>

  <store name="principal">
    <nodestore classname="com...SpringDAOPrincipalStore">
      ...
    </nodestore>
    <securitystore>
      <reference store="nodestore"/>
    </securitystore>
  </store>

  <scope match="/" store="j2ee"/>
  <scope match="/users" store="principal"/>
  <scope match="/roles" store="principal"/>

Is this even right?  And if so, I'm a little confused what <securitystore> is 
all about?  If someone has a configuration similar working with 
JNDIPrincipalStore, I'd love to see it.  The Wiki was unhelpful concerning 
how I should approach this.  It has a section on multiple store 
configurations, but doesn't address if one of the stores happens to handle 
principal information.  The <securitystore> element is what's throwing me off 
here.

 Thanks,
   Andy

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: Configuring a principal store

Posted by James Mason <ma...@apache.org>.

Your second example is correct. The securitystore is for controlling
access to the nodes from that store. So in this case it would hold
permissions for who is allowed to view information about your users (or
roles).

You can see an example config in CVS:
http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/conf/webapp/JNDI-Domain.xml?rev=1.3&view=markup

-James

On Thu, 2005-02-10 at 17:15 -0800, Andy Depue wrote:
> OK, I've coded my own Principal store based on code from JNDIPrincipalStore 
> and am setting up a test configuration.  I'm a little confused how to setup 
> domain.xml.  First, my store will only handle /users and /roles.  Everything 
> else will be handled by J2EEStore.  So, do I setup two separate and distinct 
> <store> entries under <definition> (one for J2EE and one for my custom 
> principal store), or do I setup one <store> entry and use my custom class for 
> the <securitystore ...> element?  Something like:
> 
>   <securitystore classname="com...SpringDAOPrincipalStore">
>     ...
>   </securitystore>
> 
> If I setup two entries, they might look something like:
> 
>   <store name="j2ee">
>     <nodestore classname="org.apache.slide.store.impl.rdbms.J2EEStore">
>       ...
>     </nodestore>
>     <securitystore>
>       <reference store="nodestore"/>
>     </securitystore>
>     ...
>   </store>
> 
>   <store name="principal">
>     <nodestore classname="com...SpringDAOPrincipalStore">
>       ...
>     </nodestore>
>     <securitystore>
>       <reference store="nodestore"/>
>     </securitystore>
>   </store>
> 
>   <scope match="/" store="j2ee"/>
>   <scope match="/users" store="principal"/>
>   <scope match="/roles" store="principal"/>
> 
> Is this even right?  And if so, I'm a little confused what <securitystore> is 
> all about?  If someone has a configuration similar working with 
> JNDIPrincipalStore, I'd love to see it.  The Wiki was unhelpful concerning 
> how I should approach this.  It has a section on multiple store 
> configurations, but doesn't address if one of the stores happens to handle 
> principal information.  The <securitystore> element is what's throwing me off 
> here.
> 
>  Thanks,
>    Andy
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org