You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by tv...@apache.org on 2007/05/13 19:46:55 UTC
svn commit: r537618 - in /jakarta/turbine/core/branches/TURBINE_2_3_BRANCH: src/java/org/apache/turbine/services/security/ldap/ xdocs/ xdocs/services/

Author: tv
Date: Sun May 13 10:46:54 2007
New Revision: 537618

URL: http://svn.apache.org/viewvc?view=rev&rev=537618
Log:
Added ActiveDirectoryUser and some documentation on how to use Turbine with Active Directoy

Added:
    jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/src/java/org/apache/turbine/services/security/ldap/ActiveDirectoryUser.java
    jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/ldap-security-service.xml
Modified:
    jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/changes.xml
    jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/navigation.xml
    jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/security-service.xml

Added: jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/src/java/org/apache/turbine/services/security/ldap/ActiveDirectoryUser.java
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/src/java/org/apache/turbine/services/security/ldap/ActiveDirectoryUser.java?view=auto&rev=537618
==============================================================================
--- jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/src/java/org/apache/turbine/services/security/ldap/ActiveDirectoryUser.java (added)
+++ jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/src/java/org/apache/turbine/services/security/ldap/ActiveDirectoryUser.java Sun May 13 10:46:54 2007
@@ -0,0 +1,52 @@
+package org.apache.turbine.services.security.ldap;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * ActiveDirectoryUser extends LDAPUser and cares for the different handling
+ * of DNs in Active Directory.
+ *
+ * @author <a href="mailto:tv@apache.org">Thomas Vandahl</a>
+ * @version $Id: LDAPUser.java 534527 2007-05-02 16:10:59Z tv $
+ */
+public class ActiveDirectoryUser extends LDAPUser
+{
+
+    /** Serial Version UID */
+    private static final long serialVersionUID = 3953123276619326752L;
+
+    /**
+     * Gets the distinguished name (DN) of the User the AD-way.
+     * 
+     * @return The Distinguished Name of the user.
+     */
+    public String getDN()
+    {
+        String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
+            
+        StringBuffer sb = new StringBuffer();
+
+        sb.append("CN=");
+        sb.append(getFirstName()).append(' ').append(getLastName());
+        sb.append(',').append(userBaseSearch);
+            
+        return sb.toString();
+    }
+}

Modified: jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/changes.xml?view=diff&rev=537618&r1=537617&r2=537618
==============================================================================
--- jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/changes.xml (original)
+++ jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/changes.xml Sun May 13 10:46:54 2007
@@ -28,6 +28,16 @@
 
 <body>
   <release version="2.3.3-dev" date="in Subversion">
+    <action type="add" dev="tv">
+      Added an extension of LDAPUser named ActiveDirectoryUser to simplify the
+      authentiation against AD servers. Added some documentation with a
+      configuration example.
+    </action>
+    <action type="add" dev="tv">
+      Extended Intake to allow validators based on comparisons between fields
+      of the same group. Two examle validators are provided, for date ranges
+      and for inteer ranges.
+    </action>
     <action type="add" dev="seade">
       Added JSON-RPC Service to support JavaScript to Java AJAX communications
       using <a href="http://oss.metaparadigm.com/jsonrpc/">JSON-RPC-Java</a>.

Modified: jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/navigation.xml
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/navigation.xml?view=diff&rev=537618&r1=537617&r2=537618
==============================================================================
--- jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/navigation.xml (original)
+++ jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/navigation.xml Sun May 13 10:46:54 2007
@@ -60,12 +60,14 @@
         <item name="Resources Service"   href="/services/resources-service.html"/>
         <item name="RunData Service"     href="/services/rundata-service.html"/>
         <item name="Scheduler Service"   href="/services/scheduler-service.html"/>
-        <item name="Security Service"    href="/services/security-service.html"/>
+        <item name="Security Service"    href="/services/security-service.html" collapse="false">
+          <item name="LDAP Security Service" href="/services/ldap-security-service.html"/>
+          <item name="Torque Security Service" href="/services/torque-security-service.html"/>
+          <item name="Torque Security Service Schema" href="/services/torque-security-schema.html"/>
+        </item>
         <item name="Servlet Service"     href="/services/servlet-service.html"/>
         <item name="Session Service"     href="/services/session-service.html"/>
         <item name="Template Service"    href="/services/template-service.html"/>
-        <item name="Torque Security Service" href="/services/torque-security-service.html"/>
-        <item name="Torque Security Service Schema" href="/services/torque-security-schema.html"/>
         <item name="UI Service"          href="/services/ui-service.html"/>
         <item name="Unique ID Service"   href="/services/uniqueid-service.html"/>
         <item name="Upload Service"      href="/services/upload-service.html"/>

Added: jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/ldap-security-service.xml
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/ldap-security-service.xml?view=auto&rev=537618
==============================================================================
--- jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/ldap-security-service.xml (added)
+++ jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/ldap-security-service.xml Sun May 13 10:46:54 2007
@@ -0,0 +1,129 @@
+<?xml version="1.0"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<document>
+
+ <properties>
+  <title>Turbine Services - LDAP Security Service</title>
+  <author email="tv@apache.org">Thomas Vandahl</author>
+ </properties>
+
+<body>
+
+<section name="LDAP Security Service">
+
+<p>
+This is an implementation of a Security Service which uses 
+an LDAP server to authenticate users.
+</p>
+
+<p>
+This service provides authentication only by default. Group, role and
+permission information should be managed elsewhere, for example in a
+database. The following configuration example uses the default database
+classes for this and authenticates against an Active Directory server.
+</p>
+
+</section>
+
+<section name="Configuring the Security Service">
+<p>
+You need to configure Turbine to use the LDAP Security Service and the LDAP User Manager:
+</p>
+<source><![CDATA[
+services.SecurityService.classname=org.apache.turbine.services.security.ldap.LDAPSecurityService
+services.SecurityService.user.manager=org.apache.turbine.services.security.ldap.LDAPUserManager
+]]></source>
+
+<p>
+As mentioned before, LDAP does not yet provide custom Group, User and 
+Role objects so you must use it with the default TurbineGroup, TurbineRole 
+and TurbinePermission objects. There is a generic LDAP user and a specialized
+Active Directory user. We use the latter for this example.
+</p>
+
+<source><![CDATA[
+# Class for User.
+#services.SecurityService.user.class=org.apache.turbine.services.security.ldap.LDAPUser
+services.SecurityService.user.class=org.apache.turbine.services.security.ldap.ActiveDirectoryUser
+
+# Class for Group.
+services.SecurityService.group.class=org.apache.turbine.om.security.TurbineGroup
+
+# Class for Role.
+services.SecurityService.role.class=org.apache.turbine.om.security.TurbineRole
+
+# Class for Permission.
+services.SecurityService.permission.class=org.apache.turbine.om.security.TurbinePermission
+]]></source>
+
+<p>
+Now the security service needs to know your LDAP configuration. Note that using
+<code>sAMAccountName</code> as user name allows you to log in with the same name
+as in Windows. You can, however, use any other attribute, like 
+<code>userPrincipalName</code> (eMail-address), for example.
+</p>
+
+<source><![CDATA[
+services.SecurityService.ldap.security.authentication=simple
+services.SecurityService.ldap.port=389
+services.SecurityService.ldap.host=ad.acme.com
+
+#
+# The user name of the admin user. The admin user should be able to
+# read from the LDAP repository.
+# Characteres '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+services.SecurityService.ldap.admin.username=CN/JoeAdmin%CN/Users%DC/acme%DC/com
+services.SecurityService.ldap.admin.password=password
+
+#
+# The directory base to search.
+# '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+services.SecurityService.ldap.basesearch=CN/Users%DC/acme%DC/com
+
+services.SecurityService.ldap.dn.attribute=distinguishedName
+services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
+
+# Active Directory settings
+# services.SecurityService.ldap.user.userid=userAccountControl
+services.SecurityService.ldap.user.username=sAMAccountName
+#services.SecurityService.ldap.user.username=cn
+services.SecurityService.ldap.user.firstname=givenName
+services.SecurityService.ldap.user.lastname=sn
+services.SecurityService.ldap.user.email=userPrincipalName
+services.SecurityService.ldap.user.password=userPassword
+]]></source>
+
+<p>
+See the <a href="security-service.html">Security Service</a> page
+for details of these and other properties that may also need to be configured.
+</p>
+
+</section>
+
+</body>
+</document>

Modified: jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/security-service.xml
URL: http://svn.apache.org/viewvc/jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/security-service.xml?view=diff&rev=537618&r1=537617&r2=537618
==============================================================================
--- jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/security-service.xml (original)
+++ jakarta/turbine/core/branches/TURBINE_2_3_BRANCH/xdocs/services/security-service.xml Sun May 13 10:46:54 2007
@@ -33,19 +33,25 @@
 
 <p>
 The Security Service is for authenticating users and assigning them roles
-and permissions in groups.
+and permissions in groups. Different implementations are available, which
+can be deployed in dependence of your application needs:
+  <ul>
+    <li>DBSecurityService (deprecated as of Turbine 2.3.3)</li>
+    <li>TorqueSecurityService (recommended default)</li>
+    <li>LDAPSecurityService</li>
+  </ul> 
 </p>
 <p>
 In Turbine 2.3 a replacement for the default DBSecurityService is
 provided that makes it possible to map the security service onto an
 pre existing user structure and much easier to extend the TurbineUser
 table to include additional columns - see <a
-href="torque-security-service.html"> Torque Security Service</a> for
-configuration details.
-</p>
-
-<p>
-As of Turbine 2.3.3 the DBSecurityService is deprecated.
+href="torque-security-service.html">Torque Security Service</a> for
+configuration details. The LDAPSecurityService allows to attach to an
+existing legacy server for authentication. Groups, roles and permissions
+can be provided by the TorqueSecurityService, for example. See the
+<a href="ldap-security-service.html">LDAP Security Service</a> for an
+example on how to attach Turbine to Active Directory.
 </p>
 
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org