You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@sling.apache.org by "Robert A. Decker" <de...@robdecker.com> on 2013/10/19 17:57:29 UTC

get admin user's credentials?

Hi,

I'm trying out the new recommended way of getting access to your repository (no longer using loginAdministrative/getAdministrativeResourceResolver).

I see that you can get credentials from SlingServerRepository:
SlingServerRepository.getAdministrativeCredentials(String adminUser) to get my admin user's credential information.

But it doesn't look like it's exposed through a service.

If you go to:
http://server/system/console/status-Configurations

You can see your admin user's credentials.

Is there a recommended way to access a user's credentials? I don't want to put them in config files.

Rob

Re: get admin user's credentials?

Posted by Felix Meschberger <fm...@adobe.com>.

Hi Robert

The new service authentication you refer to, basically has two components: The service accessing the repository (or resource resolver, which I actually prefer these days) and the deployer/administrator assigning user names to services.

For exmaple consider a bundle com.example.sample.

(1) Service bundle

> ResourceResolverFactoy rrf = // get the service somehow
> ResourceResolver rr = rrf.getServiceResourceResolver(null);

That's all. The optional credentials can be used to convey additional information such as a subservice name or a JCR workspace name. Username and passwords are ignored (actually they are even removed before using the credentials map for ResourceProviderFactory access).

(2) Administrator

The administrator has to configure the ServiceUserMapper service with a mapping such as for example:

> com.example.sample = SampleUser

And no, the rest of Sling has not been migrated to service authentication yet.

Hope this helps.

Regards
Felix


Am 20.10.2013 um 00:40 schrieb Robert A. Decker:

> Ok, I've been reading up on:
> https://sling.apache.org/documentation/the-sling-engine/service-authentication.html
> 
> and looking at the config for:
> org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl
> 
> Things are getting a little clearer, but I still don't see how I can actually use it… I've been looking through the sling source code and I haven't found anything that uses the new system yet. Are there any examples?
> 
> I just want to get hold of a ResourceResolver using the new system, and this should be the repository's admin user. I'm only writing a simple datastore garbage collector service. In fact, all of my services will probably run as the admin user - at this time I have no plans for users/user management.
> 
> This will happen in one of my services. Even if I add my service to the ServiceUserMapperImpl configuration it looks like I still need to have the credentials for the admin user.
> 
> Rob
> 
> On Oct 19, 2013, at 11:14 PM, Robert A. Decker wrote:
> 
>> Ok, I'm not proud of this, but so far this is what I've come up with for getting the admin password from the repository configuration so that I can use the new resourceResolverFactory.getServiceResourceResolver(credentials) way.
>> 
>> Configuration[] configs = configAdmin.listConfigurations("(service.factoryPid=org.apache.sling.jcr.jackrabbit.server.SlingServerRepository)");
>> 
>>           for (Configuration aConfig : configs) {
>>               Dictionary props = aConfig.getProperties();
>>               LOGGER.debug(props != null ? props.get("admin.password").toString() : "null");
>>           }
>> 
>> I can put this in my service to get the admin user's password. 
>> 
>> But is there a more straightforward way? This pulls it out of the configuration, but is there a way to pull it out of the repository/user itself?
>> 
>> Should I instead be using the org.apache.jackrabbit.api.security.user.UserManager to get the User, then org.apache.jackrabbit.api.security.user.User getCredentials method? 
>> 
>> Rob
>> 
>> 
>> On Oct 19, 2013, at 5:57 PM, Robert A. Decker wrote:
>> 
>>> Hi,
>>> 
>>> I'm trying out the new recommended way of getting access to your repository (no longer using loginAdministrative/getAdministrativeResourceResolver).
>>> 
>>> I see that you can get credentials from SlingServerRepository:
>>> SlingServerRepository.getAdministrativeCredentials(String adminUser) to get my admin user's credential information.
>>> 
>>> But it doesn't look like it's exposed through a service.
>>> 
>>> If you go to:
>>> http://server/system/console/status-Configurations
>>> 
>>> You can see your admin user's credentials.
>>> 
>>> Is there a recommended way to access a user's credentials? I don't want to put them in config files.
>>> 
>>> Rob
>> 
>> 
>

Re: get admin user's credentials?

Posted by "Robert A. Decker" <de...@robdecker.com>.

Ok, I've been reading up on:
https://sling.apache.org/documentation/the-sling-engine/service-authentication.html

and looking at the config for:
org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl

Things are getting a little clearer, but I still don't see how I can actually use it… I've been looking through the sling source code and I haven't found anything that uses the new system yet. Are there any examples?

I just want to get hold of a ResourceResolver using the new system, and this should be the repository's admin user. I'm only writing a simple datastore garbage collector service. In fact, all of my services will probably run as the admin user - at this time I have no plans for users/user management.

This will happen in one of my services. Even if I add my service to the ServiceUserMapperImpl configuration it looks like I still need to have the credentials for the admin user.

Rob

On Oct 19, 2013, at 11:14 PM, Robert A. Decker wrote:

> Ok, I'm not proud of this, but so far this is what I've come up with for getting the admin password from the repository configuration so that I can use the new resourceResolverFactory.getServiceResourceResolver(credentials) way.
> 
> Configuration[] configs = configAdmin.listConfigurations("(service.factoryPid=org.apache.sling.jcr.jackrabbit.server.SlingServerRepository)");
> 
>            for (Configuration aConfig : configs) {
>                Dictionary props = aConfig.getProperties();
>                LOGGER.debug(props != null ? props.get("admin.password").toString() : "null");
>            }
> 
> I can put this in my service to get the admin user's password. 
> 
> But is there a more straightforward way? This pulls it out of the configuration, but is there a way to pull it out of the repository/user itself?
> 
> Should I instead be using the org.apache.jackrabbit.api.security.user.UserManager to get the User, then org.apache.jackrabbit.api.security.user.User getCredentials method? 
> 
> Rob
> 
> 
> On Oct 19, 2013, at 5:57 PM, Robert A. Decker wrote:
> 
>> Hi,
>> 
>> I'm trying out the new recommended way of getting access to your repository (no longer using loginAdministrative/getAdministrativeResourceResolver).
>> 
>> I see that you can get credentials from SlingServerRepository:
>> SlingServerRepository.getAdministrativeCredentials(String adminUser) to get my admin user's credential information.
>> 
>> But it doesn't look like it's exposed through a service.
>> 
>> If you go to:
>> http://server/system/console/status-Configurations
>> 
>> You can see your admin user's credentials.
>> 
>> Is there a recommended way to access a user's credentials? I don't want to put them in config files.
>> 
>> Rob
> 
>

Re: get admin user's credentials?

Posted by "Robert A. Decker" <de...@robdecker.com>.

Ok, I'm not proud of this, but so far this is what I've come up with for getting the admin password from the repository configuration so that I can use the new resourceResolverFactory.getServiceResourceResolver(credentials) way.

Configuration[] configs = configAdmin.listConfigurations("(service.factoryPid=org.apache.sling.jcr.jackrabbit.server.SlingServerRepository)");

            for (Configuration aConfig : configs) {
                Dictionary props = aConfig.getProperties();
                LOGGER.debug(props != null ? props.get("admin.password").toString() : "null");
            }

I can put this in my service to get the admin user's password. 

But is there a more straightforward way? This pulls it out of the configuration, but is there a way to pull it out of the repository/user itself?

Should I instead be using the org.apache.jackrabbit.api.security.user.UserManager to get the User, then org.apache.jackrabbit.api.security.user.User getCredentials method? 

Rob

On Oct 19, 2013, at 5:57 PM, Robert A. Decker wrote:

> Hi,
> 
> I'm trying out the new recommended way of getting access to your repository (no longer using loginAdministrative/getAdministrativeResourceResolver).
> 
> I see that you can get credentials from SlingServerRepository:
> SlingServerRepository.getAdministrativeCredentials(String adminUser) to get my admin user's credential information.
> 
> But it doesn't look like it's exposed through a service.
> 
> If you go to:
> http://server/system/console/status-Configurations
> 
> You can see your admin user's credentials.
> 
> Is there a recommended way to access a user's credentials? I don't want to put them in config files.
> 
> Rob