You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by oz...@apache.org on 2004/06/22 19:59:28 UTC
cvs commit: jakarta-slide/src/conf/webapp JNDI-Domain.xml
ozeigermann 2004/06/22 10:59:28
Added: src/conf/webapp JNDI-Domain.xml
Log:
Added sample JNDI configuration for JNDI principal store donated by James Mason
Revision Changes Path
1.1 jakarta-slide/src/conf/webapp/JNDI-Domain.xml
Index: JNDI-Domain.xml
===================================================================
<?xml version="1.0"?>
<slide>
<namespace name="slide">
<definition>
<!-- Use the Tx Stores for the main store. JNDIPrincipalStore
*cannot* do this -->
<store name="main">
<nodestore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">main/store/metadata</parameter>
<parameter
name="workpath">main/work/metadata</parameter>
</nodestore>
<securitystore>
<reference store="nodestore"/>
</securitystore>
<lockstore>
<reference store="nodestore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore
classname="org.apache.slide.store.txfile.TxFileContentStore">
<parameter
name="rootpath">main/store/content</parameter>
<parameter
name="workpath">main/work/content</parameter>
</contentstore>
</store>
<!-- Use a JNDIPrincipalStore to for users -->
<store name="users">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter name="jndi.container">ou=XXXXXX,o=XXXXXXXX</parameter>
<parameter name="jndi.attributes.rdn">uid</parameter>
<parameter
name="jndi.search.filter">(objectClass=inetOrgPerson)</parameter>
<parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter
name="jndi.search.attributes">postalCode,initials,givenName,uid,mail,fullName,telephoneNumber,title,facsimileTelephoneNumber,groupMembership,l,sn,cn</parameter>
<parameter
name="java.naming.provider.url">ldap://xxxxxxxxxxxxxxxx</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter
name="java.naming.security.principal">xxxxxxxxxxxxxxxx</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">xxxxxxxxxxxxxxxxxx</parameter>
</nodestore>
<!-- Use a Tx Store to store security and lock information -->
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">users/store/metadata</parameter>
<parameter
name="workpath">users/work/metadata</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<!-- Use a JNDIPrincipalStore for roles -->
<store name="roles">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=XXXXX,ou=XXXXX,o=XXXXXXXXX</parameter>
<parameter name="jndi.attributes.rdn">cn</parameter>
<parameter
name="jndi.attributes.groupmemberset">uniqueMember</parameter>
<parameter
name="jndi.search.filter">objectClass=groupOfNames</parameter>
<parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://xxxxxxxxxxxxxx</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter>
<parameter
name="java.naming.security.principal">xxxxxxxxxxxxxxxxxx</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">xxxxxxxxxxxxxxxx</parameter>
</nodestore>
<!-- Use a Tx Store to store security and lock information -->
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">roles/store/metadata</parameter>
<parameter
name="workpath">roles/work/metadata</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<!-- Mount each store at the appropriate URI -->
<scope match="/" store="main"/>
<scope match="/users" store="users"/>
<scope match="/roles" store="roles"/>
</definition>
<configuration>
<read-object>/actions/read</read-object>
<create-object>/actions/write</create-object>
<remove-object>/actions/write</remove-object>
<grant-permission>/actions/write-acl</grant-permission>
<revoke-permission>/actions/write-acl</revoke-permission>
<read-permissions>/actions/read-acl</read-permissions>
<read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions>
<lock-object>/actions/write</lock-object>
<kill-lock>/actions/unlock</kill-lock>
<read-locks>/actions/read</read-locks>
<read-revision-metadata>/actions/read</read-revision-metadata>
<create-revision-metadata>/actions/write-properties</create-revision-metadata>
<modify-revision-metadata>/actions/write-properties</modify-revision-metadata>
<remove-revision-metadata>/actions/write-properties</remove-revision-metadata>
<read-revision-content>/actions/read</read-revision-content>
<create-revision-content>/actions/write-content</create-revision-content>
<modify-revision-content>/actions/write-content</modify-revision-content>
<remove-revision-content>/actions/write-content</remove-revision-content>
<bind-member>/actions/bind</bind-member>
<unbind-member>/actions/unbind</unbind-member>
<userspath>/users</userspath>
<rolespath>/roles</rolespath>
<actionspath>/actions</actionspath>
<filespath>/files</filespath>
<parameter name="dav">true</parameter>
<parameter name="standalone">true</parameter>
<parameter name="acl_inheritance_type">path</parameter>
<parameter name="nested_roles_maxdepth">0</parameter>
</configuration>
<data>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/">
<!-- Make sure the subject here is a valid LDAP group -->
<permission action="all" subject="/roles/connect users"
inheritable="true"/>
<permission action="/actions/read-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/write-acl" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/unlock" subject="all"
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="all"
inheritable="true"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="all" subject="self"
inheritable="true"/>
<permission action="all" subject="unauthenticated"
inheritable="true" negative="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/roles">
<permission action="all" subject="self"
inheritable="true"/>
<permission action="all" subject="unauthenticated"
inheritable="true" negative="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions">
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/read">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/read-acl</D:href> <D:href
xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/read-acl">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/read-current-user-privilege-set">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/write-acl</D:href> <D:href
xmlns:D='DAV:'>/actions/write-properties</D:href> <D:href
xmlns:D='DAV:'>/actions/write-content</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-acl">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-properties">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/write-content">
<revision>
<property
name="privilege-member-set"><![CDATA[<D:href
xmlns:D='DAV:'>/actions/bind</D:href> <D:href
xmlns:D='DAV:'>/actions/unbind</D:href>]]></property>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/bind">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/unbind">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode
classname="org.apache.slide.structure.ActionNode"
uri="/actions/unlock">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
<permission action="all" subject="unauthenticated"
inheritable="true"/>
<!-- Make sure the subject here is a valid LDAP
group -->
<permission action="/actions/write" subject="/roles/connect users"
inheritable="true"/>
<permission action="/actions/read-acl"
subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/history">
<permission action="all" subject="unauthenticated"
inheritable="true"/>
<!-- Make sure the subject here is a valid LDAP
group -->
<permission action="/actions/write" subject="/roles/connect users"
inheritable="true"/>
<permission action="/actions/read-acl"
subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/workspace">
<permission action="all" subject="unauthenticated"
inheritable="true"/>
<!-- Make sure the subject here is a valid LDAP
group -->
<permission action="/actions/write" subject="/roles/connect users"
inheritable="true"/>
<permission action="/actions/read-acl"
subject="owner" inheritable="true"/>
</objectnode>
<objectnode
classname="org.apache.slide.structure.SubjectNode"
uri="/workingresource">
<permission action="all" subject="unauthenticated"
inheritable="true"/>
<!-- Make sure the subject here is a valid LDAP group -->
<permission action="/actions/write" subject="/roles/connect users"
inheritable="true"/>
<permission action="/actions/read-acl"
subject="owner" inheritable="true"/>
</objectnode>
</objectnode>
</data>
</namespace>
<parameter name="historypath">/history</parameter>
<parameter name="workspacepath">/workspace</parameter>
<parameter name="workingresourcepath">/workingresource</parameter>
<parameter name="auto-version">checkout-checkin</parameter>
<parameter name="auto-version-control">false</parameter>
<parameter name="versioncontrol-exclude"/>
<parameter name="checkout-fork">forbidden</parameter>
<parameter name="checkin-fork">forbidden</parameter>
</slide>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org