You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Linus Kamb <ka...@emsc-csem.org> on 2009/10/02 13:20:31 UTC
RE: external web service authenticate against jetspeed
Ok, I'll have to admit my ignorance here, but how do I get a handle on the
Jetspeed Security API? In particular, how do I get to the LoginModuleProxy?
Thanks,
Linus
-----Message d'origine-----
De : Ate Douma [mailto:ate@douma.nu]
Envoyé : Tuesday, September 29, 2009 12:49 PM
À : Jetspeed Users List
Objet : Re: external web service authenticate against jetspeed
Linus Kamb wrote:
> I don't know if this is a stupid question, but is it possible to have an
> external web service authenticate somehow using jetspeed's authentication
> mechanisms? I have data services and I would like them to only return
data
> for valid jetspeed users.
We don't have such a solution in place right now, but it should be possible
to write one without too much trouble if you want.
The Jetspeed Security API allows you to programmatically perform such
authentication if you want.
You could easily write a dedicated rest like "service" servlet or filter
doing so and invoke it from your data services, either remotely or
as a (cross-context) include if your data-services run on the same app
server.
(if you do, we might be interested in supporting/integrating this directly
in Jetspeed as well, just let us know)
Alternatively, I'm currently in the process of writing a generic SAML2 SP
component for Jetspeed which should become available pretty soon.
If your data services also can authenticate against a SAML2 IDP you could
setup a SAML2 SSO solution without having to rely on Jetspeed
authentication itself.
Regards,
Ate
>
>
>
> Thanks,
>
> Linus
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: external web service authenticate against jetspeed
Posted by David Sean Taylor <d....@onehippo.com>.
dtaylor@onehippo.com www.onehippo.com
San Francisco - Hippo USA Inc. 185 H Street, Suite B Petaluma CA 94952
+1 (707) 773-4646
Amsterdam - Hippo B.V. Oosteinde 11 1017 WT Amsterdam +31(0)20-5224466
On Oct 13, 2009, at 12:30 AM, Linus Kamb wrote:
> Hi Ate,
>
> Thanks a lot for replying.
>
> Those methods on those interfaces are exactly what I am looking for,
> and had
> found them before. The problem I was having was trying to get a
> reference
> to an implementation of the interface that I could invoke. The
> Shibboleth
> example shows how that is done, by invoking
> o.a.j.Jetspeed.getComponentManager() and then getting the necessary
> components from the ComponentManager. Exactly what I need, so
> thanks for
> pointing that out.
>
> The trouble I was having was due to the fact that the online API
> docs are
> apparently out-of-date.
> http://portals.apache.org/jetspeed-2/apidocs/index.html For
> example, there
> is no o.a.j.Jetspeed class listed. I understand that this is an
> open-source
> volunteer project, and I'm not complaining. There is I'm sure way
> more work
> to be done than people stepping up to do it. And it's quite
> possible that
> somewhere in the available docs it explains how this is done, but I
> admit I
> haven't read the docs exhaustively.
>
The published API docs are up-to-date. However, we only publish the
Jetspeed API, not all the implementation classes (Jetspeed.java is in
the jetspeed-commons implementation jar). I think it would be useful
to publish jetspeed-commons docs as well
RE: external web service authenticate against jetspeed
Posted by Linus Kamb <ka...@emsc-csem.org>.
Hi Ate,
Thanks a lot for replying.
Those methods on those interfaces are exactly what I am looking for, and had
found them before. The problem I was having was trying to get a reference
to an implementation of the interface that I could invoke. The Shibboleth
example shows how that is done, by invoking
o.a.j.Jetspeed.getComponentManager() and then getting the necessary
components from the ComponentManager. Exactly what I need, so thanks for
pointing that out.
The trouble I was having was due to the fact that the online API docs are
apparently out-of-date.
http://portals.apache.org/jetspeed-2/apidocs/index.html For example, there
is no o.a.j.Jetspeed class listed. I understand that this is an open-source
volunteer project, and I'm not complaining. There is I'm sure way more work
to be done than people stepping up to do it. And it's quite possible that
somewhere in the available docs it explains how this is done, but I admit I
haven't read the docs exhaustively.
So, anyways, thanks for pointing out those examples. That is exactly the
clue I needed. I'll see where I can go from there.
Thanks,
Linus
-----Message d'origine-----
De : Ate Douma [mailto:ate@douma.nu]
Envoyé : Tuesday, October 13, 2009 1:12 AM
À : Jetspeed Users List
Objet : Re: external web service authenticate against jetspeed
Linus Kamb wrote:
> Ok, I'll have to admit my ignorance here, but how do I get a handle on the
> Jetspeed Security API? In particular, how do I get to the
LoginModuleProxy?
I don't think you need or even want to use the LoginModuleProxy which is
only used for JAAS based authentication for a *Jetspeed* targeted
request.
If I understand you correctly, you have a webs ervice for which you want to
validate a provided identity against the Jetspeed security API,
right?
If you only need to validate a username, you can use
o.a.j.security.UserManager.userExists(String username), or use
UserManager.getUser(String username) if you need further evaluation of an
existing user.
If you need to authenticate using username/password, use
AuthenenticationProvider.authenticate(String username, String password).
As example, take a look at o.a.j.login.filter.PortalFilter, or somewhat more
complex o.a.j.security.impl.shibboleth.ShibbolethPortalFilter
(both can be found in the jetspeed-portal component).
Regards,
Ate
>
> Thanks,
> Linus
>
> -----Message d'origine-----
> De : Ate Douma [mailto:ate@douma.nu]
> Envoyé : Tuesday, September 29, 2009 12:49 PM
> À : Jetspeed Users List
> Objet : Re: external web service authenticate against jetspeed
>
> Linus Kamb wrote:
>> I don't know if this is a stupid question, but is it possible to have an
>> external web service authenticate somehow using jetspeed's authentication
>> mechanisms? I have data services and I would like them to only return
> data
>> for valid jetspeed users.
>
> We don't have such a solution in place right now, but it should be
possible
> to write one without too much trouble if you want.
> The Jetspeed Security API allows you to programmatically perform such
> authentication if you want.
> You could easily write a dedicated rest like "service" servlet or filter
> doing so and invoke it from your data services, either remotely or
> as a (cross-context) include if your data-services run on the same app
> server.
> (if you do, we might be interested in supporting/integrating this directly
> in Jetspeed as well, just let us know)
>
> Alternatively, I'm currently in the process of writing a generic SAML2 SP
> component for Jetspeed which should become available pretty soon.
> If your data services also can authenticate against a SAML2 IDP you could
> setup a SAML2 SSO solution without having to rely on Jetspeed
> authentication itself.
>
> Regards,
>
> Ate
>
>>
>>
>> Thanks,
>>
>> Linus
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: external web service authenticate against jetspeed
Posted by Ate Douma <at...@douma.nu>.
Linus Kamb wrote:
> Ok, I'll have to admit my ignorance here, but how do I get a handle on the
> Jetspeed Security API? In particular, how do I get to the LoginModuleProxy?
I don't think you need or even want to use the LoginModuleProxy which is only used for JAAS based authentication for a *Jetspeed* targeted
request.
If I understand you correctly, you have a webs ervice for which you want to validate a provided identity against the Jetspeed security API,
right?
If you only need to validate a username, you can use o.a.j.security.UserManager.userExists(String username), or use
UserManager.getUser(String username) if you need further evaluation of an existing user.
If you need to authenticate using username/password, use AuthenenticationProvider.authenticate(String username, String password).
As example, take a look at o.a.j.login.filter.PortalFilter, or somewhat more complex o.a.j.security.impl.shibboleth.ShibbolethPortalFilter
(both can be found in the jetspeed-portal component).
Regards,
Ate
>
> Thanks,
> Linus
>
> -----Message d'origine-----
> De : Ate Douma [mailto:ate@douma.nu]
> Envoyé : Tuesday, September 29, 2009 12:49 PM
> À : Jetspeed Users List
> Objet : Re: external web service authenticate against jetspeed
>
> Linus Kamb wrote:
>> I don't know if this is a stupid question, but is it possible to have an
>> external web service authenticate somehow using jetspeed's authentication
>> mechanisms? I have data services and I would like them to only return
> data
>> for valid jetspeed users.
>
> We don't have such a solution in place right now, but it should be possible
> to write one without too much trouble if you want.
> The Jetspeed Security API allows you to programmatically perform such
> authentication if you want.
> You could easily write a dedicated rest like "service" servlet or filter
> doing so and invoke it from your data services, either remotely or
> as a (cross-context) include if your data-services run on the same app
> server.
> (if you do, we might be interested in supporting/integrating this directly
> in Jetspeed as well, just let us know)
>
> Alternatively, I'm currently in the process of writing a generic SAML2 SP
> component for Jetspeed which should become available pretty soon.
> If your data services also can authenticate against a SAML2 IDP you could
> setup a SAML2 SSO solution without having to rely on Jetspeed
> authentication itself.
>
> Regards,
>
> Ate
>
>>
>>
>> Thanks,
>>
>> Linus
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org