Re: Fusion Security

[Jeff Sheets <je...@gmail.com>]

I just want to answer my own question, in case anyone needs this info later.

Authentication through JAAS can be accomplished easily in 1.6 by
setting up your TurbineResources.properties to use the
JAASSessionValidator:
action.sessionvalidator=JAASSessionValidator

Then setup your web.xml file (and weblogic.xml file for weblogic) by
uncommented the commented out security lines that are in it.  More
detail is in the source for JAASSessionValidator.

Authorization is proving to be more difficult.  I have a
JAASAccessController written that uses the container roles from
isUserInRole.  However this doesn't work with the SecurityCache, so I
may need to also rewrite the security cache.  The main problem is that
Jetspeed needs to call getRoles in many places, but the container only
lets you call isUserInRole.  This may take a lot of work, but I'll get
it eventually.

-- Jeff


On Fri, 17 Dec 2004 07:39:02 -0600, Jeff Sheets <je...@gmail.com> wrote:
> I have been struggling to figure out if I can use my application
> server's (Weblogic) container security realm to authenticate and
> authorize users in my jetspeed portal.  I saw a couple of posts that
> this is possible with Jetspeed 2 through JAAS, but what about Jetspeed
> 1.6 Fusion?
> 
> Has anyone attempted to authenticate through an app server in Jetspeed
> 1 or Fusion?  Maybe even a good Jetspeed 2 example would help me out.
> 
> Thank you,
> -- Jeff
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org

Re: Fusion Security

[Jeff Sheets <je...@gmail.com>]

Yes, my JAASAccessController is a PortalAccessController
implementation, and I make my isUserInRole calls there.  I'm currently
writing a caching mechanism for the JAASAccessController that can be
turned on/off from the properties file.


On Thu, 13 Jan 2005 08:41:40 -0800, David Sean Taylor
<da...@bluesunrise.com> wrote:
> Jeff Sheets wrote:
> > I just want to answer my own question, in case anyone needs this info later.
> >
> > Authentication through JAAS can be accomplished easily in 1.6 by
> > setting up your TurbineResources.properties to use the
> > JAASSessionValidator:
> > action.sessionvalidator=JAASSessionValidator
> >
> > Then setup your web.xml file (and weblogic.xml file for weblogic) by
> > uncommented the commented out security lines that are in it.  More
> > detail is in the source for JAASSessionValidator.
> >
> > Authorization is proving to be more difficult.  I have a
> > JAASAccessController written that uses the container roles from
> > isUserInRole.  However this doesn't work with the SecurityCache, so I
> > may need to also rewrite the security cache.  The main problem is that
> > Jetspeed needs to call getRoles in many places, but the container only
> > lets you call isUserInRole.  This may take a lot of work, but I'll get
> > it eventually.
> >
> 
> The security cache can be turned off, but I would first look into
> overriding the access controller. See the PortalAccessController
> interface here:
> 
> http://portals.apache.org/jetspeed-1/apidocs/org/apache/jetspeed/services/security/PortalAccessController.html
> 
> make your isUserInRole check there. Also see:
> 
> http://portals.apache.org/jetspeed-1/security.html
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org

Re: Fusion Security

[David Sean Taylor <da...@bluesunrise.com>]

Jeff Sheets wrote:
> I just want to answer my own question, in case anyone needs this info later.
> 
> Authentication through JAAS can be accomplished easily in 1.6 by
> setting up your TurbineResources.properties to use the
> JAASSessionValidator:
> action.sessionvalidator=JAASSessionValidator
> 
> Then setup your web.xml file (and weblogic.xml file for weblogic) by
> uncommented the commented out security lines that are in it.  More
> detail is in the source for JAASSessionValidator.
> 
> Authorization is proving to be more difficult.  I have a
> JAASAccessController written that uses the container roles from
> isUserInRole.  However this doesn't work with the SecurityCache, so I
> may need to also rewrite the security cache.  The main problem is that
> Jetspeed needs to call getRoles in many places, but the container only
> lets you call isUserInRole.  This may take a lot of work, but I'll get
> it eventually.
> 

The security cache can be turned off, but I would first look into 
overriding the access controller. See the PortalAccessController 
interface here:

http://portals.apache.org/jetspeed-1/apidocs/org/apache/jetspeed/services/security/PortalAccessController.html

make your isUserInRole check there. Also see:

http://portals.apache.org/jetspeed-1/security.html

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org