You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Krishna Kankipati <kk...@baan.com> on 2004/08/12 20:30:37 UTC
Authorization without authentication with Slide2.1B1
Hi,
I just installed Slide2.1B1 and having problems with authorization
if I switch off the authentication. In Slide 2.1M1 it worked fine. After
switching off the authentication by deleting all security elements from
web.xml, I can let all users in through Tomcat. But the problem is that if
authentication is dis-abled, Slide2.1B1 is taking "unauthenticated" as the
principal. I am using webdav client to connect to Slide and I make sure that
I set username and password before connecting. Here is the code:
Note that I set the userinfo for HttpURL using the call:
httpURL.setUserinfo(sRootUser, sRootPwd);
Slide 2.1 M1 was taking this user as principal for authorization although
Tomcat did not authenticate this user. I was expecting similar behaviour
from Slide2.1B1. Is this a bug or has the functionality changed? Should I
create a BugZilla issue for this? Can anyone validate if this has been
noticed with Slide2.1B1?
We want to do custom authentication in web application, which invokes slide
from within it. We want to dis-able slide authentication completely,
although we want to use the rich authorization features. Is it possible to
do this without touching/extending code on the slide server? Any help would
be appreciated .......
/* Code to connect to slide using Webdav client, picked up from commandline
client code **/
private boolean connect(String sURI) throws IOException
{
if (!sURI.endsWith("/") && !sURI.endsWith("\\"))
{
// append / to the path
sURI+="/";
}
// Trace to terminal
write("connect " + sURI + "@" + sRootUser + "/" + sRootPwd);
try
{
// Set up for processing WebDAV resources
httpURL = uriToHttpURL(sURI);
// Set user and pwd for HttpURL
httpURL.setUserinfo(sRootUser, sRootPwd);
httpURL.setUser("root");
httpURL.setPassword("root");
if (webDavResource == null)
{
webDavResource = new WebdavResource(httpURL);
webDavResource.setDebug(getDebugLevel());
/* Why should I not allow connections to files
// is not a collection?
if
(!((ResourceTypeProperty)webDavResource.getResourceType()).isCollection())
{
webDavResource = null;
httpURL = null;
write("Error: " + sURI + " is not a collection! Use
open/connect only for collections!");
return false;
}
*/
}
else
{
webDavResource.close();
webDavResource.setHttpURL(httpURL);
}
}
catch (HttpException we)
{
write("HttpException.getReasonCode(): "+ we.getReasonCode());
httpURL = null;
if(webDavResource != null)
{
webDavResource.close();
webDavResource = null;
}
return false;
}
return true;
}
thanks,
Krishna
Krishna Kankipati
Software Engineer
SSA Global
* 1626 Cole Blvd. Golden, CO 80401, USA
* 303-274-3027
Fax: 303-274-3137
* kkankipa@baan.com