You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beehive.apache.org by be...@incubator.apache.org on 2004/12/03 17:37:00 UTC
[Apache Beehive Wiki] Updated: WsmSecurityModel
Date: 2004-12-03T08:36:59
Editor: FumitadaHattori <wo...@yahoo.co.jp>
Wiki: Apache Beehive Wiki
Page: WsmSecurityModel
URL: http://wiki.apache.org/beehive/WsmSecurityModel
updated.
Change Log:
------------------------------------------------------------------------------
@@ -1,7 +1,7 @@
In WSM, there're currently three kinds of security models.
They're "Servlet container security model", "Axis security model" and "Beehive security model".
-This page describes thier usages, advantages and disadvantages.
+This page describes their usages, advantages and disadvantages.
We will use Atm.jws ( Automatic Teller Machine ) below to explain each security model.
@@ -48,8 +48,11 @@
---------------------------------------------------------
- admin role can access all methods.
+
- customer role can access the withdraw, getBalance and showStatus methods.
+
- engineer role can access the fix and showStatus method.
+
- No restrictions to access the showStatus method. ( Everybody can access the method. )
@@ -93,8 +96,8 @@
The disadvantage of this model is that one must have any one of roles listed in auth-constraint element,
even when accessing a non-restricted method.
For example, the showStatus() method of Atm.jws is not restricted because of absence of @SecurityRoles
-annotation, but one must have the admin, customer or engineer role to access the method.
-This is because the servlet container denies the user to access the Atm.jws without roles before the user reaches the
+annotation, but one must have at least one of admin, customer or engineer role to access the method.
+This happens because the servlet container denies the user to access the Atm.jws without roles before the user reaches the
web service.
@@ -113,28 +116,37 @@
== Beehive security model ==
This model is ported from Tomcat memory realm (using tomcat-users.xml file).
-To use this model, you must create a file named beehive-users.xml and place it in
+To use this model, you must create a file named beehive-role.xml and place it in
WEB-INF directory of your web service application.
-NOTE: The format of beehive-users.xml is almost same as tomcat's tomcat-users.xml file.
-The only difference is that the name of the root element of beehive-users.xml must be "beehive-users".
-For detail of the file format, please refer to "User File Format" section of http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#MemoryRealm
-
-Here is the example beehive-users.xml
+Here is the example beehive-role.xml.
{{{
-<beehive-users>
- <role rolename="admin"/>
- <role rolename="customer"/>
- <role rolename="engineer"/>
- <user name="michael" password="michael_pass" roles="admin" />
- <user name="jonathan" password="jonathan_pass" roles="engineer,customer" />
- <user name="dims" password="dims_pass" roles="engineer" />
- <user name="wolfgang" password="wolfgang_pass" roles="customer" />
-</beehive-users>
+<beehive-role xmlns="http://www.apache.org/beehive/wsm/axis/security/xmlbeans">
+ <role name="admin">
+ <user>michael</user>
+ </role>
+ <role name="engineer">
+ <user>jonathan</user>
+ <user>dims</user>
+ </role>
+ <role name="customer">
+ <user>jonathan</user>
+ <user>wolfgang</user>
+ </role>
+ <user name="michael" password="1f2dfa567dcf95833eddf7aec167fec7" md5="true" />
+ <user name="jonathan" password="jp" />
+ <user name="dims" password="dp" />
+ <user name="wolfgang" password="wp" />
+</beehive-role>
}}}
-The disadvantage of this model is that it uses a plain text for password.
-( We will add more features such as MD5 digest of password, username/password/role in DB later )
+You can use a md5 digest(32bytes HEX) for your password instead a plain text with a md5 attribute set "true" in a user tag. Absence of the md5 attribute in a user tag is equivalent to md5="false" then your password should be in a plain text.
+
+To get a md5 digest of your password, there's a md5sum command in linux box.
+e.x) % md5sum --string="your password"
+
+
+NOTE: The default namespace ( xmlns="http://www.apache.org/beehive/wsm/axis/security/xmlbeans" ) must be specified in the root beehive-role tag.
= To set up server-config.wsdd =