You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Morten <li...@kikobu.com> on 2004/10/28 22:47:14 UTC
WCK username and principal object relation
Hi. Just read about the WCK - it looks very handy indeed!
Is there a direct relation between the user parameter given to the
implementation of the SessionAuthenticationManager and the Principal
object passed to the begin method of the BasicWebdavStore? I'm hoping
that principalObject.getName().equals(authenticatedUsername); (so to
speak.. ;-))
What I would like to do, using the WCK, is authenticate users against a
separate DB, and implement fine-grained access control on folders.
Thanks,
Morten
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Tassos Bassoukos <ab...@gmail.com>.
> That would be really nice. I've browsed the online documentation, but
> what I gathered from that was that I need to use a tool like "DAV
> Explorer" to create users and then there's a lot of config options in
> the XML files that get read at startup. Can I manage all these things
> runtime from a DB user repository without having to use WCK? (I'll
> continue to dig through the documentation, so my questions may be
> premature).
Yes you can. Simply implement a Slide store using the WCK that exposes
your DB-kept users (and groups) to slide, and the internal security
system can take it from there...
Tassos
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Morten <li...@kikobu.com>.
Oliver Zeigermann wrote:
> But you want WebDAV, don't you?
>
> Confused...
No wonder :-) I obviously need to read and play around a little more
before I ask further questions :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Oliver Zeigermann <ol...@gmail.com>.
But you want WebDAV, don't you?
Confused...
Oliver
On Fri, 29 Oct 2004 20:24:34 +0200, Morten <li...@kikobu.com> wrote:
>
> > Slide already provides groups, users and a complex access right
> > management complying to the ACL standard
> >
> > http://www.greenbytes.de/tech/webdav/rfc3744.html
> >
> > Maybe you can just use it?!
>
> That would be really nice. I've browsed the online documentation, but
> what I gathered from that was that I need to use a tool like "DAV
> Explorer" to create users and then there's a lot of config options in
> the XML files that get read at startup. Can I manage all these things
> runtime from a DB user repository without having to use WCK? (I'll
> continue to dig through the documentation, so my questions may be
> premature).
>
> References to any documentation, or how I should approach this, are
> greatly appreciated :-)
>
>
>
> Morten
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by James Mason <ma...@apache.org>.
There's a sample app written with the projector framework for managing
users and groups. It's part of the 2.1b2 source release (not binary) and
the documentation is rather light, but it could be an answer to your
issue.
-James
On Fri, 2004-10-29 at 20:24 +0200, Morten wrote:
> > Slide already provides groups, users and a complex access right
> > management complying to the ACL standard
> >
> > http://www.greenbytes.de/tech/webdav/rfc3744.html
> >
> > Maybe you can just use it?!
>
> That would be really nice. I've browsed the online documentation, but
> what I gathered from that was that I need to use a tool like "DAV
> Explorer" to create users and then there's a lot of config options in
> the XML files that get read at startup. Can I manage all these things
> runtime from a DB user repository without having to use WCK? (I'll
> continue to dig through the documentation, so my questions may be
> premature).
>
> References to any documentation, or how I should approach this, are
> greatly appreciated :-)
>
> Morten
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Morten <li...@kikobu.com>.
> Slide already provides groups, users and a complex access right
> management complying to the ACL standard
>
> http://www.greenbytes.de/tech/webdav/rfc3744.html
>
> Maybe you can just use it?!
That would be really nice. I've browsed the online documentation, but
what I gathered from that was that I need to use a tool like "DAV
Explorer" to create users and then there's a lot of config options in
the XML files that get read at startup. Can I manage all these things
runtime from a DB user repository without having to use WCK? (I'll
continue to dig through the documentation, so my questions may be
premature).
References to any documentation, or how I should approach this, are
greatly appreciated :-)
Morten
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Oliver Zeigermann <ol...@gmail.com>.
> Details are still sketchy, but basically I'll be building a content
> repository with access to a given folder only is given to certain
> groups of users. You can think of it as a DAV accessible UNIX
> filesystem with easy web-enabled configuration of users and groups.
> Example:
>
> /project-a/admin/
> /project-a/users/foo/
> /project-a/users/bar/
> /project-a/public/
>
> The user DB will have mappings for which users are part of "project
> a" and which of those are in eg. the admin group. Further, custom groups
> can be created in order to grant access to eg. users/foo/ for only a
> subset of users. Access will probably be implemented using the
> java.security.acl package.
Slide already provides groups, users and a complex access right
management complying to the ACL standard
http://www.greenbytes.de/tech/webdav/rfc3744.html
Maybe you can just use it?!
> WCK appears to make this really easy to do (well.. that's my impression
> so far..). I still try to digest all info I can find on Slide, so there
> may be other approaches to this.
WCK is best when you want to interface to an *existing* repository. If
you want to use on of Slide's default stores, there actually is no
need to use it.
Oliver
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Morten <li...@kikobu.com>.
Hi,
>>Hi. Just read about the WCK - it looks very handy indeed!
>
>
> Hope you will like it. Any comments for improvement are more than welcome.
Thanks - I'm new to Slide, so I'm still busy investigating. But I'm
pleasantly surprised to see the amount of activity that's been going on
here.
And thanks for the input regarding user handling, I'm looking forward to
working with it.
>>What I would like to do, using the WCK, is authenticate users against a
>>separate DB, and implement fine-grained access control on folders.
>
>
> Interesting! Could you give details?
Details are still sketchy, but basically I'll be building a content
repository with access to a given folder only is given to certain
groups of users. You can think of it as a DAV accessible UNIX
filesystem with easy web-enabled configuration of users and groups.
Example:
/project-a/admin/
/project-a/users/foo/
/project-a/users/bar/
/project-a/public/
The user DB will have mappings for which users are part of "project
a" and which of those are in eg. the admin group. Further, custom groups
can be created in order to grant access to eg. users/foo/ for only a
subset of users. Access will probably be implemented using the
java.security.acl package.
WCK appears to make this really easy to do (well.. that's my impression
so far..). I still try to digest all info I can find on Slide, so there
may be other approaches to this.
Best regards,
Morten
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: WCK username and principal object relation
Posted by Oliver Zeigermann <ol...@gmail.com>.
Hi Morten!
On Thu, 28 Oct 2004 22:47:14 +0200, Morten <li...@kikobu.com> wrote:
>
> Hi. Just read about the WCK - it looks very handy indeed!
Hope you will like it. Any comments for improvement are more than welcome.
> Is there a direct relation between the user parameter given to the
> implementation of the SessionAuthenticationManager and the Principal
> object passed to the begin method of the BasicWebdavStore? I'm hoping
> that principalObject.getName().equals(authenticatedUsername); (so to
> speak.. ;-))
Exactly, that's the way it should be. You log in with a user and this
is going to be the one that makes the request to BasicWebdavStore.
Slide's internal access controll checking is switched off, by default
so if you want to deny access from the access denied exception. This
will result in a forbidden status of the HTTP response.
> What I would like to do, using the WCK, is authenticate users against a
> separate DB, and implement fine-grained access control on folders.
Interesting! Could you give details?
Oliver
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org