You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Andy Depue <an...@marathon-man.com> on 2005/02/08 23:13:59 UTC
Duplicating security information?
OK, I need ACLs and versioning so I guess WCK isn't for me. The one thing I
want to avoid in my system is duplicating security information for a user.
This would be the username, password, and the user's roles. We already
manage user/passwords/roles in our system, and would like Slide to use our
user repository instead of its own. As I look through Slide source code, it
is beginning to appear that Slide is really wired to look into its own Store
for security information. This leaves me with three choices:
1. Reimplement the Security interface to use my user resository. Very big
task there.
2. Create my own Store implementation that wraps Slide's security store so
that user/password/user role information is pulled from my user repository
while ACLs and all other information is passed through to Slide's security
store. Not sure how hard this is... but at first glance it doesn't look
straightforward.
3. Have our security system duplicate user information in Slide and keep the
two separate systems in sync.
None of these options seem very palatable to me. Am I missing something?
Does Slide really not provide an easy way for me to supply it with the
currently authenticated user AND his/her roles? To me, the ideal solution
would be to hand Slide a preauthenticated token of some sort that says, "I've
already authenticated this guy and vouch for him - oh, and btw, these are the
roles he is granted."
Any information or help in this area is greatly appreciated!
Thanks,
Andy
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Duplicating security information?
Posted by Andy Depue <an...@marathon-man.com>.
Thanks for the response! If I go ahead with this, my plan is to mimick a good
idea that Ben Alex had for his Acegi Security framework, which is to create
an adapter that would implement the store interfaces (like JNDIPrincipalStore
does), but translate and delegate to a simplified DAO that one could
implement for various security backends. It is easy to adapt Acegi to your
own security system because all you have to do is implement a simple DAO
interface from Acegi - the same should be possible for Slide. As I look over
the JNDIPrincipalStore implementation I can see there is a lot of Slide
specific API "protocol" going on that I'm going to have to parse. A simple
DAO interface would make this much easier. I'm not sure what the DAO
interface is going to look like yet (it will be read only at this point, like
the JNDIPrincipalStore), but it sure would be nice to have something as
simple as this:
Collection getUsers(... some sort of Slide related criteria ...)
Collection getUserRoles(String username)
It seems like such a common thing people want to do, it is will worth the
effort of creating this interface. Well, I'm off to parse the Slide API...
any tips are appreciated. :)
- Andy
On Tuesday 08 February 2005 07:00 pm, Carlos Villegas wrote:
> Andy Depue wrote:
> > None of these options seem very palatable to me. Am I missing something?
> > Does Slide really not provide an easy way for me to supply it with the
> > currently authenticated user AND his/her roles? To me, the ideal
> > solution would be to hand Slide a preauthenticated token of some sort
> > that says, "I've already authenticated this guy and vouch for him - oh,
> > and btw, these are the roles he is granted."
> > Any information or help in this area is greatly appreciated!
>
> No, there doesn't seem to be an easy way. You'll need to write your own
> store. You can take a look at the JNDIPrincipalStore which is close to
> what you want to do; it retrieves users and roles from an LDAP directory.
>
> There was an idea of writing a store that retrieves users and roles from
> a JAAS LoginModule which is a standard way to plugin different
> authentication systems. However, there are issues about how to map the
> WebDAV model to JAAS. JAAS handles authentication but it doesn't seem to
> provide a way to list all users and roles, which is needed by Slide.
> Anyway, I may take a look at this later, but I don't know when I'll be
> able to do that.
>
> Carlos
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Duplicating security information?
Posted by Brian Moseley <bc...@osafoundation.org>.
Carlos Villegas wrote:
> No, there doesn't seem to be an easy way. You'll need to write your own
> store. You can take a look at the JNDIPrincipalStore which is close to
> what you want to do; it retrieves users and roles from an LDAP directory.
thanks for the pointer. i'm going to need to do something like this for
my project as well. i need to be able to support both SQL and LDAP
accounts for my Slide server.
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Duplicating security information?
Posted by Carlos Villegas <ca...@uniscope.jp>.
Andy Depue wrote:
> None of these options seem very palatable to me. Am I missing something?
> Does Slide really not provide an easy way for me to supply it with the
> currently authenticated user AND his/her roles? To me, the ideal solution
> would be to hand Slide a preauthenticated token of some sort that says, "I've
> already authenticated this guy and vouch for him - oh, and btw, these are the
> roles he is granted."
> Any information or help in this area is greatly appreciated!
No, there doesn't seem to be an easy way. You'll need to write your own
store. You can take a look at the JNDIPrincipalStore which is close to
what you want to do; it retrieves users and roles from an LDAP directory.
There was an idea of writing a store that retrieves users and roles from
a JAAS LoginModule which is a standard way to plugin different
authentication systems. However, there are issues about how to map the
WebDAV model to JAAS. JAAS handles authentication but it doesn't seem to
provide a way to list all users and roles, which is needed by Slide.
Anyway, I may take a look at this later, but I don't know when I'll be
able to do that.
Carlos
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org