You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beehive.apache.org by be...@incubator.apache.org on 2004/12/03 17:37:00 UTC

[Apache Beehive Wiki] Updated: WsmSecurityModel

   Date: 2004-12-03T08:36:59
   Editor: FumitadaHattori <wo...@yahoo.co.jp>
   Wiki: Apache Beehive Wiki
   Page: WsmSecurityModel
   URL: http://wiki.apache.org/beehive/WsmSecurityModel

   updated.

Change Log:

------------------------------------------------------------------------------
@@ -1,7 +1,7 @@
 In WSM, there're currently three kinds of security models.
 They're "Servlet container security model", "Axis security model" and "Beehive security model".
 
-This page describes thier usages, advantages and disadvantages.
+This page describes their usages, advantages and disadvantages.
 
 We will use Atm.jws ( Automatic Teller Machine ) below to explain each security model.
 
@@ -48,8 +48,11 @@
 ---------------------------------------------------------
 
 - admin role can access all methods.
+
 - customer role can access the withdraw, getBalance and showStatus methods.
+
 - engineer role can access the fix and showStatus method.
+
 - No restrictions to access the showStatus method. ( Everybody can access the method. )
 
 
@@ -93,8 +96,8 @@
 The disadvantage of this model is that one must have any one of roles listed in auth-constraint element, 
 even when accessing a non-restricted method.
 For example, the showStatus() method of Atm.jws is not restricted because of absence of @SecurityRoles
-annotation, but one must have the admin, customer or engineer role to access the method.
-This is because the servlet container denies the user to access the Atm.jws without roles before the user reaches the 
+annotation, but one must have at least one of admin, customer or engineer role to access the method.
+This happens because the servlet container denies the user to access the Atm.jws without roles before the user reaches the 
 web service.
 
 
@@ -113,28 +116,37 @@
 
 == Beehive security model ==
 This model is ported from Tomcat memory realm (using tomcat-users.xml file).
-To use this model, you must create a file named beehive-users.xml and place it in 
+To use this model, you must create a file named beehive-role.xml and place it in 
 WEB-INF directory of your web service application.
 
-NOTE: The format of beehive-users.xml is almost same as tomcat's tomcat-users.xml file.
-The only difference is that the name of the root element of beehive-users.xml must be "beehive-users".
-For detail of the file format, please refer to "User File Format" section of http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#MemoryRealm
-
-Here is the example beehive-users.xml
+Here is the example beehive-role.xml.
 {{{
-<beehive-users>
-  <role rolename="admin"/>
-  <role rolename="customer"/>
-  <role rolename="engineer"/>
-  <user name="michael" password="michael_pass" roles="admin" />
-  <user name="jonathan"  password="jonathan_pass" roles="engineer,customer"  />
-  <user name="dims"   password="dims_pass" roles="engineer" />
-  <user name="wolfgang"  password="wolfgang_pass" roles="customer"  />
-</beehive-users>
+<beehive-role xmlns="http://www.apache.org/beehive/wsm/axis/security/xmlbeans">
+   <role name="admin">
+      <user>michael</user>
+   </role>
+   <role name="engineer">
+      <user>jonathan</user>
+      <user>dims</user>
+   </role>
+   <role name="customer">
+      <user>jonathan</user>
+      <user>wolfgang</user>
+   </role>
+   <user name="michael" password="1f2dfa567dcf95833eddf7aec167fec7" md5="true" />
+   <user name="jonathan" password="jp" />
+   <user name="dims" password="dp" />
+   <user name="wolfgang" password="wp" />
+</beehive-role>
 }}}
-The disadvantage of this model is that it uses a plain text for password.
-( We will add more features such as MD5 digest of password, username/password/role in DB later )
 
+You can use a md5 digest(32bytes HEX) for your password instead a plain text with a md5 attribute set "true" in a user tag. Absence of the md5 attribute in a user tag is equivalent to md5="false" then your password should be in a plain text.
+
+To get a md5 digest of your password, there's a md5sum command in linux box.
+e.x) % md5sum --string="your password"
+
+
+NOTE: The default namespace ( xmlns="http://www.apache.org/beehive/wsm/axis/security/xmlbeans" ) must be specified in the root beehive-role tag.
 
 = To set up server-config.wsdd =