WCK

["Punzo, Frank J (HTSC, IT)" <Fr...@thehartford.com>]

Has anyone gotten WCK to do authorization? I have the JAASLoginModule.java coded so that it is adding roles specific to our company to the m_roles object.  I know this is working because of debug output. The problem I'm having is that although the user logging in is not a member of the "root" role, it is still being assigned "root" priviledges. I know this because the logged in user can change acls on the "/files" collection. Only members of the "root" role can do this. It seems like everything in the code is working as it should... it seems like I'm missing some setting that turns authorization on or something. Does anyone have any hints as to what I might be doing wrong? Also, is there a way to get the roles assigned to the currently logged in user? I tried doing a propgetall on the user and it doesn't list the roles. 
 
Thanks for your help with this. 
--Frank

 


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

RE: WCK

[Reza Rahman <rr...@tripodtech.net>]

Frank:

I am not a 100% sure, but I think WCK is too abstract for you to control
authorization. As far as I can tell, authentication is as far as WCK
built-in functionality goes. I don't see any spot where WCK actually checks
against JAAS for roles. However, you could implement this yourself in your
custom store by checking the Principal's roles in your methods and throw an
AccessDeniedException as you see fit.

Reza

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com] 
Sent: Sunday, January 28, 2007 3:47 PM
To: Slide Users Mailing List
Subject: WCK

Has anyone gotten WCK to do authorization? I have the JAASLoginModule.java
coded so that it is adding roles specific to our company to the m_roles
object.  I know this is working because of debug output. The problem I'm
having is that although the user logging in is not a member of the "root"
role, it is still being assigned "root" priviledges. I know this because the
logged in user can change acls on the "/files" collection. Only members of
the "root" role can do this. It seems like everything in the code is working
as it should... it seems like I'm missing some setting that turns
authorization on or something. Does anyone have any hints as to what I might
be doing wrong? Also, is there a way to get the roles assigned to the
currently logged in user? I tried doing a propgetall on the user and it
doesn't list the roles. 
 
Thanks for your help with this. 
--Frank

 


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************



-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.14/658 - Release Date: 1/29/2007
2:49 PM
 
  

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.14/658 - Release Date: 1/29/2007
2:49 PM
 


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org