You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@jackrabbit.apache.org by Paco Avila <mo...@gmail.com> on 2010/02/24 18:31:58 UTC

Trying to migrate my app from jackrabbit 1.4 to 1.5

Hi, I am trying to migrate OpenKM from jackrabbit 1.4 to 1.5 and have
some problems. Basically is due changes to the authorization /
authentication stuff. My security configuration was:

<Security appName="OpenKM">
      <AccessManager class="com.openkm.core.OKMAccessManager"/>
      <!-- <AccessManager
class="org.apache.jackrabbit.core.security.SimpleAccessManager"/> -->
</Security>

So, I implemented my own AccessManager to deal with user / roles
permissions to access the documents and folders (OpenKM is a DMS). To
do this, I had to create a mixin to store the user/group permissions
in each node:

[mix:accessControlled] mixin
- okm:authUsersRead (string) multiple mandatory
- okm:authUsersWrite (string) multiple mandatory
- okm:authRolesRead (string) multiple mandatory
- okm:authRolesWrite (string) multiple mandatory

Well, starting with Jackrabbit 1.5 a security api has been included
(implementing the JSR-283 standar). This implies a
DefaultAccessManager which, I think, should replace my own
OKMAccessManager because it handle the node and properties
permissions. Isn't it?

In my test use this security configuration:

 <!-- Security configuration -->
    <Security appName="Jackrabbit">
        <!-- Security manager: class: FQN of class implementing the
JackrabbitSecurityManager interface -->
        <SecurityManager
class="org.apache.jackrabbit.core.DefaultSecurityManager"
workspaceName="security">
            <!-- workspace access: class: FQN of class implementing
the WorkspaceAccessManager interface -->
            <!-- <WorkspaceAccessManager class="..."/> -->
            <!-- <param name="config" value="${rep.home}/security.xml"/> -->
        </SecurityManager>

        <!-- Access manager: class: FQN of class implementing the
AccessManager interface -->
        <AccessManager
class="org.apache.jackrabbit.core.security.DefaultAccessManager">
            <!-- <param name="config" value="${rep.home}/access.xml"/> -->
        </AccessManager>

        <LoginModule
class="org.apache.jackrabbit.core.security.authentication.DefaultLoginModule">
           <!-- Anonymous user name ('anonymous' is the default value) -->
           <param name="anonymousId" value="anonymous"/>
           <!-- Administrator user id (default value if param is
missing is 'admin') -->
           <param name="adminId" value="admin"/>
           <!-- <param name="principalProvider" value="..."/> -->
        </LoginModule>
    </Security>

And now have lots of doubts :) and the related wiki page
(http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity) seems
very old.

There is a page called restricted.jsp that only can be accessed if you
enter a valid login and password. It is protected using JAAS. As I see
at http://jackrabbit.apache.org/first-hops.html, repository.login()
tries to get the user from JAAS, and this code in restricted.jsp
should work as expected:

String JBOSS_HOME = System.getProperty("jboss.home.dir");
Repository repo = new
TransientRepository(JBOSS_HOME+"/repository.xml",
JBOSS_HOME+"/repository");
Session se = repo.login();
se.logout();

But throws this exception:

18:27:52,002 INFO  [RepositoryImpl] workspace 'security' initialized
18:27:52,047 INFO  [DefaultSecurityManager] init: use JAAS
login-configuration for Jackrabbit
18:27:53,229 INFO  [UserManagerImpl] Group created: {}administrators;
/rep:security/rep:authorizables/rep:groups/administrators
18:27:53,286 INFO  [UserManagerImpl] User created: admin;
/rep:security/rep:authorizables/rep:users/admin
18:27:53,287 INFO  [DefaultSecurityManager] ...created admin-user with
id 'admin' ...
18:27:53,366 INFO  [DefaultSecurityManager] ...added admin 'admin' as
member of the administrators group.
18:27:53,401 INFO  [UserManagerImpl] User created: anonymous;
/rep:security/rep:authorizables/rep:users/anonymous
18:27:53,401 INFO  [DefaultSecurityManager] ...created anonymous-user
with id 'anonymous' ...
18:27:53,434 INFO  [RepositoryImpl] SecurityManager = class
org.apache.jackrabbit.core.DefaultSecurityManager
18:27:53,450 ERROR [UsersRolesLoginModule] Failed to load
users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults:
defaultUsers.properties found

Why does it need an user.properties if the credentials should be
retrieved from JAAS ?
-- 
OpenKM
http://www.openkm.com
http://www.guia-ubuntu.org

Re: Trying to migrate my app from jackrabbit 1.4 to 1.5

Posted by fre3man <wo...@hotmail.com>.

Hi Paco,

I am facing the same error as you are. But may i know if you had fixed it?

[javax.jcr.LoginException: CallbackHandler does not support:]

--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Trying-to-migrate-my-app-from-jackrabbit-1-4-to-1-5-tp1567784p4579648.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Re: Trying to migrate my app from jackrabbit 1.4 to 1.5

Posted by Paco Avila <mo...@gmail.com>.

Stupid of me because I didn't change the <Security appName="..."> to match
the JBoss JAAS configuration...

But now there is another exception:

javax.jcr.LoginException: CallbackHandler does not support:
javax.security.auth.callback.NameCallback@cbfec8: CallbackHandler does not
support: javax.security.auth.callback.NameCallback@cbfec8: CallbackHandler
does not support: javax.security.auth.callback.NameCallback@cbfec8
	org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1363)

org.apache.jackrabbit.core.TransientRepository.login(TransientRepository.java:328)

org.apache.jackrabbit.core.TransientRepository.login(TransientRepository.java:378)
	org.apache.jsp.restricted_jsp._jspService(restricted_jsp.java:78)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:336)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
-- 
View this message in context: http://n4.nabble.com/Trying-to-migrate-my-app-from-jackrabbit-1-4-to-1-5-tp1567784p1567819.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.