You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Girish Nagaraj <gi...@gmail.com> on 2004/11/08 11:44:31 UTC
Problem with using JAAS for authentication
Hi,
I am trying to integrate Slide2.1 (for a custom, non-WCK store) to use
JAAS (actually Oracle JAZN, an implementation of JAAS) for
authentication.
I have setup the security and JAAS by editing web.xml and other Oracle
specific files. JAAS authentication is working fine.
But after the authentication in the browser,
ACLSecurityImpl.evaluateAcl() fails because
SecurityImpl.getPrincipal() trys to lookup a SubjectNode for the JAAS
Principal name in the users/ directory.
Should the Principal name be same as the user's defined in Slide (such
as root)? What if it is different format such as realmname/username ?
Do I have to provide my own implementation for Security interface?
I am looking for using JAAS (JAZN) for defining the roles, users &
authentication and would like to use Domain.xml for access control.
I have read through the mails about JAAS and docs in the security
section, but could not find much information to get this working.
Thanks,
Girish
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Problem with using JAAS for authentication
Posted by Girish Nagaraj <gi...@gmail.com>.
Thanks for you help Oliver.
I turned on the auto creation, but ran into the following error (even
while using 2.1b2)
"file-meta-store - WARNING - Thread
Thread[HttpRequestHandler-75,5,main] marked transaction branch null
for rollback. Cause: Not inside tx"
while the user is being created. Is this the bug which you fixed recently?
Does the user definitions always have to be live in the slide format
(i.e, in metadata/user directory)? Is the (only) solution to hook up
/users to LDAP using JNDIPrincipalStore to avoid it.
Thanks,
Girish
On Mon, 8 Nov 2004 12:01:57 +0100, Oliver Zeigermann
<ol...@gmail.com> wrote:
> You might try and switch on auto creation of users in Domain.xml in
> the configuration section like where filepath and similar parameters
> are set as well like:
>
> <configuration>
> ...
> <auto-create-users>true</auto-create-users>
> <auto-create-users-role>org.apache.slide.structure.SubjectNode</auto-create-users-role>
> ...
>
> This fixed a similar issue for me. However, be sure to use the latest
> 2.1 beta as I had to fix a minor bug in user auto creation as well...
>
> Oliver
>
>
>
> On Mon, 8 Nov 2004 16:14:31 +0530, Girish Nagaraj <gi...@gmail.com> wrote:
> > Hi,
> >
> > I am trying to integrate Slide2.1 (for a custom, non-WCK store) to use
> > JAAS (actually Oracle JAZN, an implementation of JAAS) for
> > authentication.
> >
> > I have setup the security and JAAS by editing web.xml and other Oracle
> > specific files. JAAS authentication is working fine.
> >
> > But after the authentication in the browser,
> > ACLSecurityImpl.evaluateAcl() fails because
> > SecurityImpl.getPrincipal() trys to lookup a SubjectNode for the JAAS
> > Principal name in the users/ directory.
> >
> > Should the Principal name be same as the user's defined in Slide (such
> > as root)? What if it is different format such as realmname/username ?
> > Do I have to provide my own implementation for Security interface?
> >
> > I am looking for using JAAS (JAZN) for defining the roles, users &
> > authentication and would like to use Domain.xml for access control.
> >
> > I have read through the mails about JAAS and docs in the security
> > section, but could not find much information to get this working.
> >
> > Thanks,
> > Girish
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: slide-user-help@jakarta.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Problem with using JAAS for authentication
Posted by Oliver Zeigermann <ol...@gmail.com>.
You might try and switch on auto creation of users in Domain.xml in
the configuration section like where filepath and similar parameters
are set as well like:
<configuration>
...
<auto-create-users>true</auto-create-users>
<auto-create-users-role>org.apache.slide.structure.SubjectNode</auto-create-users-role>
...
This fixed a similar issue for me. However, be sure to use the latest
2.1 beta as I had to fix a minor bug in user auto creation as well...
Oliver
On Mon, 8 Nov 2004 16:14:31 +0530, Girish Nagaraj <gi...@gmail.com> wrote:
> Hi,
>
> I am trying to integrate Slide2.1 (for a custom, non-WCK store) to use
> JAAS (actually Oracle JAZN, an implementation of JAAS) for
> authentication.
>
> I have setup the security and JAAS by editing web.xml and other Oracle
> specific files. JAAS authentication is working fine.
>
> But after the authentication in the browser,
> ACLSecurityImpl.evaluateAcl() fails because
> SecurityImpl.getPrincipal() trys to lookup a SubjectNode for the JAAS
> Principal name in the users/ directory.
>
> Should the Principal name be same as the user's defined in Slide (such
> as root)? What if it is different format such as realmname/username ?
> Do I have to provide my own implementation for Security interface?
>
> I am looking for using JAAS (JAZN) for defining the roles, users &
> authentication and would like to use Domain.xml for access control.
>
> I have read through the mails about JAAS and docs in the security
> section, but could not find much information to get this working.
>
> Thanks,
> Girish
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org