You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by vk...@apache.org on 2008/10/28 11:11:23 UTC
svn commit: r708504 [2/3] - in
/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security: ./
images/ images/ldap/
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml?rev=708504&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml (added)
+++ portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml Tue Oct 28 03:11:22 2008
@@ -0,0 +1,172 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<document>
+ <properties>
+ <title>Jetspeed 2 Security - Hierarchy Management</title>
+ <authors>
+ <person name="David Le Strat" email="dlestrat@apache.org" />
+ </authors>
+ </properties>
+ <body>
+ <section name="Hierarchy Management Overview">
+ <p>
+ Two hierarchy resolution strategies are supported for authorization decisions:
+ <ul>
+ <li>
+ Hierarchy resolution by Generalization: This is the default hierarchy resolution in Jetspeed. If a hierarchy uses a generalization
+ strategy, each role is more general than the previous one. For instance, if a user has the role [roleA.roleB.roleC] then
+ <code>user.getSubject().getPrincipals()</code>
+ returns:
+ <ul>
+ <li>/role/roleA</li>
+ <li>/role/roleA/roleB</li>
+ <li>/role/roleA/roleB/roleC</li>
+ </ul>
+ </li>
+ <li>
+ Hierarchy resolution by Aggregation: If a hierarchy uses a aggregation strategy, the higher role is responsible for a superset of the
+ activities of the lower role. For instance, if the following roles are available:
+ <ul>
+ <li>roleA</li>
+ <li>roleA.roleB</li>
+ <li>roleA.roleB.roleC</li>
+ </ul>
+ If a user has the role [roleA] then,
+ <code>user.getSubject().getPrincipals()</code>
+ returns:
+ <ul>
+ <li>/role/roleA</li>
+ <li>/role/roleA/roleB</li>
+ <li>/role/roleA/roleB/roleC</li>
+ </ul>
+ </li>
+ </ul>
+ </p>
+ <p>
+ As described in the
+ <a href="atz-spi.html">authorization SPI section</a>
+ , the
+ <code>SecurityMappingHandler</code>
+ is configured with a specific hierarchy strategy for group and role hierarchy management. See the
+ <a href="config.html#security-spi-atz_xml">authorization SPI configuration</a>
+ for a configuration example.
+ </p>
+ </section>
+ <section name="Leveraging Preferences to Manage Hierarchies">
+ <p>
+ The default hierarchy management implementation resolves the hierarchy strategy by leveraging Jetspeed 2's
+ <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html">java.util.prefs.Preferences</a>
+ implementation. The
+ <code>Preferences</code>
+ implementation provides the underlying structure in Jetspeed to store user attributes, and roles and groups definitions. The
+ <code>Preferences</code>
+ model provides a hierarchy model that is leveraged to store the base roles and groups hierarchy upon which various resolving strategies can be
+ applied (resolution by generalization or aggregation).
+ </p>
+ <p>
+ See Jetspeed 2
+ <a href="../../multiproject/jetspeed-prefs/index.html">Preferences implementation section</a>
+ for more information.
+ </p>
+ <subsection name="How does this work?">
+ <p>
+ The
+ <code>SecurityMappingHandler</code>
+ implementation resolves the mappings between roles and groups. Let's say that we want to find out the roles mapping to a specific group
+ name. To do so, the
+ <code>SecurityMappingHandler</code>
+ implements a
+ <code>getRolePrincipalsInGroup(String groupFullPathName)</code>
+ method. In this method, the group name is mapped to a specific
+ <code>Preferences</code>
+ node. According to a given hierarchy resolution strategy (see
+ <a href="#Hierarchy_Management_Overview">overview section</a>
+ ), being in [group A] may mean belonging to a set of groups; the HierarchyResolver is used to do so as illustrated below:
+ <source>
+ <![CDATA[
+public Set getRolePrincipalsInGroup(String groupFullPathName)
+{
+ ...
+ Preferences preferences = Preferences.userRoot().node(
+ GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName));
+ String[] fullPaths = groupHierarchyResolver.resolve(preferences);
+ ...
+}]]>
+ </source>
+ The resulting groups are then used to find all associated roles.
+ </p>
+ <p>
+ As a result of this implementation, the name of a role principal (<code>Principal</code>
+ <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html#getName()">getName()</a>)
+ in the security layer should match the full path of that user preferences
+ root in the preferences layer (<code>Preference</code>
+ <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html#absolutePath()">absolutePath()</a>; e.g:
+ <code>/role/theRolePrincipal</code>
+ ).
+ </p>
+ <p>
+ Group and roles hierarchy are stored in the
+ <code>Preferences</code>
+ layer as follow (the output of <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html#exportNode(java.io.OutputStream)">
+ exportNode()</a> for <a href="../../multiproject/jetspeed-prefs/index.html">Jetspeed's RBMS Preferences</a> implementation):
+ <source>
+ <![CDATA[
+<preferences EXTERNAL_XML_VERSION="1.0">
+<root type="user">
+<map />
+ <node name="group1">
+ <map />
+ <node name="groupid1.1">
+ <map />
+ <node name="groupid1.1.1">
+ <map />
+ </node>
+ </node>
+ </node>
+
+ <node name="role1">
+ <map />
+ <node name="roleid1.1">
+ <map />
+ <node name="roleid1.1.1">
+ <map />
+ </node>
+ </node>
+ </node>
+</root>]]>
+ </source>
+ This structure would define the following group and role hierarchy:
+ <ul>
+ <li>
+ <code>/group1/groupid1.1/groupid1.1.1</code>
+ </li>
+ <li>
+ <code>/role1/roleid1.1/roleid1.1.1</code>
+ </li>
+ </ul>
+ Additionally, in this model, the
+ <code>map</code>
+ element can define groups or roles custom properties. For instance, a role could have a rule custom property (or a pointer to a rule) that
+ allow rule based role definition tied to some rule engine (Drools for instance) and is validated when the isInRole method is invoked. For
+ groups, a portal could use group to describe organization and have custom property such as address, city, etc. associated with the
+ organization/group.
+ </p>
+ </subsection>
+ </section>
+ </body>
+</document>
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/hierarchy.xml
------------------------------------------------------------------------------
svn:keywords = Id
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml?rev=708504&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml (added)
+++ portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml Tue Oct 28 03:11:22 2008
@@ -0,0 +1,98 @@
+<?xml version="1.0" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<document>
+ <properties>
+ <title>Jetspeed 2 Security - High Level Security Services</title>
+ </properties>
+ <body>
+ <section name="High Level Security Services Overview">
+ <p>
+ Jetspeed 2 provides the four following high level security services:
+ <ul>
+ <li>
+ <code>UserManager</code>
+ : Service providing user management capabilities.
+ </li>
+ <li>
+ <code>GroupManager</code>
+ : Service providing group management capabilities.
+ </li>
+ <li>
+ <code>RoleManager</code>
+ : Service providing role management capabilities.
+ </li>
+ <li>
+ <code>PermissionManager</code>
+ : Service providing permission management capabilities.
+ </li>
+ </ul>
+ </p>
+ </section>
+ <section name="Using High Level Security Services in Portlets">
+ <p>
+ In order to access Jetspeed high level security services in your portlets, Jetspeed provide a custom
+ extension to the <code>portlet.xml</code> metadata. All Jetspeed custom metadata is located in the
+ <code>jetspeed-portlet.xml</code> configuration file in the <code>WEB-INF</code> folder of the portlet
+ application. The custom <code>js:services</code> tag provides the ability to expose portal services
+ to a portlet through the <code>javax.portlet.PortletContext</code>.
+ </p>
+ <p>
+ Jetspeed portal services are configured in the spring assembly file located in the portal
+ <code>WEB-INF/assembly/jetspeed-services</code> configuration file. The UserManager for instance
+ is configured as follow:
+ <source><![CDATA[
+<!-- Portlet Services -->
+<bean id="PortalServices"
+ class="org.apache.jetspeed.services.JetspeedPortletServices" >
+ <constructor-arg>
+ <map>
+ ...
+ <entry key="UserManager">
+ <ref bean="org.apache.jetspeed.security.UserManager"/>
+ </entry>
+ ...
+ </map>
+ </constructor-arg>
+</bean>]]>
+ </source>
+ </p>
+ <p>
+ The <code>UserManager</code> services is then available to be loaded in a specific portlet
+ <code>PortletContext</code>. Portlet developers need to specify the portal services they
+ would like to use. The following example shows how to expose the portal <code>UserManager</code>
+ to a portlet application:
+ <source><![CDATA[
+<js:services>
+ <js:service name='UserManager'/>
+</js:services>]]>
+ </source>
+ </p>
+ <p>
+ Once a portal service is loaded in the portlet context, the portlet implementation (which typically
+ extends <code>javax.portlet.GenericPortlet</code>) can access the service as follow:
+ <source><![CDATA[
+PortletContext context = getPortletContext();
+userManager = (UserManager) context.getAttribute(CommonPortletServices.CPS_USER_MANAGER_COMPONENT);
+]]>
+ </source>
+ where <code>CommonPortletServices.CPS_USER_MANAGER_COMPONENT = "cps:UserManager"</code>
+ </p>
+ </section>
+ </body>
+</document>
+
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/high-level-services.xml
------------------------------------------------------------------------------
svn:keywords = Id
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/add-user.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/add-user.jpg?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/add-user.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/arch-overview.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/arch-overview.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/arch-overview.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-arch-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-arch-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-arch-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-provider-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-provider-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-provider-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-spi-arch-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-spi-arch-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atn-spi-arch-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atz-provider-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atz-provider-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/atz-provider-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/components.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/components.jpg?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/components.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/credential-handler-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/credential-handler-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/credential-handler-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/default-login-module-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/default-login-module-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/default-login-module-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/group-security-handler-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/group-security-handler-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/group-security-handler-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/j2-admin-user-mgt.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/j2-admin-user-mgt.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/j2-admin-user-mgt.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap-client-connection.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap-client-connection.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap-client-connection.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupFilterBase.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupFilterBase.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupFilterBase.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupMembershipForRoleAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupObjectClasses.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupObjectClasses.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/GroupObjectClasses.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/IdAttributes.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/IdAttributes.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/IdAttributes.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/ObjectFilterBase.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/ObjectFilterBase.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/ObjectFilterBase.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleFilterBase.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleFilterBase.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleFilterBase.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleGroupMembershipForRoleAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleMembershipAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleObjectClasses.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleObjectClasses.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/RoleObjectClasses.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserFilterBase.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserFilterBase.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserFilterBase.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserGroupMembershipAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserIdAttribute.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserIdAttribute.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserIdAttribute.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserObjectClasses.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserObjectClasses.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserObjectClasses.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes1.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes1.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes1.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes2.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes2.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/UserRoleMembershipAttributes2.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/rootPassword.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/rootPassword.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/rootPassword.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/userUidAttribute.png
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/userUidAttribute.png?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/ldap/userUidAttribute.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/password-expiration.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/password-expiration.jpg?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/password-expiration.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permission-mgr-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permission-mgr-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permission-mgr-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-om-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-om-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-om-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-schema.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-schema.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/permissions-principals-schema.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/principals-credentials-schema.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/principals-credentials-schema.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/principals-credentials-schema.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-overview-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-overview-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/rdbms-policy-overview-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/role-security-handler-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/role-security-handler-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/role-security-handler-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-locator.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-locator.jpg?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-locator.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-mapping-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-mapping-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-mapping-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-provider-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-provider-c.gif?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/security-provider-c.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/user-detail-prefs.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/user-detail-prefs.jpg?rev=708504&view=auto
==============================================================================
Binary file - no diff available.
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/images/user-detail-prefs.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml?rev=708504&view=auto
==============================================================================
--- portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml (added)
+++ portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml Tue Oct 28 03:11:22 2008
@@ -0,0 +1,90 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<document>
+ <properties>
+ <title>Jetspeed 2 Security Architecture</title>
+ <authors>
+ <person name="David Le Strat" email="dlestrat@apache.org" />
+ </authors>
+ </properties>
+ <body>
+ <section name="Overview">
+ <p>
+ Jetspeed 2 security architecture provides a comprehensive suite of security services that can be used to protect a wide ranging type of portal
+ resources. The security service implementation is fairly independent of the other portal services and
+ can be reused outside of the portal application. At its core, Jetspeed 2 security services rely entirely
+ on JAAS to provide authentication and authorization services to the portal:
+ </p>
+ <ul>
+ <li>Authentication services are implemented through the use of JAAS login modules.</li>
+ <li>Authorization services are implemented through the use of custom JAAS policies.</li>
+ </ul>
+ <p>
+ Both authentication and authorization services have been implemented with the goal of providing a direct plugin to the underlying application
+ server security framework. Jetspeed 2 can leverage the underlying application server login module as well as through the use of JACC, the
+ application server policy management capabilities available in J2EE 1.4 (see
+ <a href="http://java.sun.com/j2ee/javaacc/">API Specifications</a>
+ ).
+ </p>
+ </section>
+ <section name="Jetspeed 2 Security Services">
+ <p>
+ JAAS defines the contract for authentication and authorization but does not specify any guidelines for the management of the security resources.
+ Jetspeed 2 provide a modular set of components aims at providing management functionality for the portal security components.
+ </p>
+ <p>
+ Leveraging Jetspeed 2 component, architecture, the security services provide a set of loosely coupled components providing specialized services:
+ </p>
+ <ul>
+ <li>UserManager: Service providing user management capabilities.</li>
+ <li>GroupManager: Service providing group management capabilities.</li>
+ <li>RoleManager: Service providing role management capabilities.</li>
+ <li>PermissionManager: Service providing permission management capabilities.</li>
+ </ul>
+ </section>
+ <section name="A Modular and Pluggable Architecture">
+ <p>
+ Jetspeed 2 security components are assembled using
+ <a href="http://martinfowler.com/articles/injection.html">Dependency Injection</a>
+ . By default, Jetspeed uses the
+ <a href="http://www.springframework.org">Spring Framework</a>
+ as its default IoC container.
+ </p>
+ <p>
+ <img src="images/components.jpg" align="right" border="0" hspace="1" vspace="2" />
+ Jetspeed 2 security services are founded on a set of modular and extensible security modules exposed through an SPI model. The SPI model
+ provides the ability to modify the behavior of the Jetspeed coarsed security services (UserManager, RoleManager, GroupManager)
+ through the modification and configuration of specialized handlers. For
+ instance, Jetspeed security services can be configured to retrieve user security principals through the default Jetspeed store or through an
+ LDAP store or both.
+ <br />
+ A
+ <code>SecurityProvider</code>
+ exposes the configured SPI handlers to the security services. Jetspeed component assembly (based on Spring) architecture provides an easy way to
+ reconfigure the security services to satisfy the needs of a specific implementation.
+ </p>
+ </section>
+ <section name="Role Based Access Control">
+ <p>
+ Role based access control (RBAC) in Jetspeed 2 support multiple hierarchy resolution strategies as defined in
+ <a href="http://www.doc.ic.ac.uk/~ecl1/wiki/lib/exe/fetch.php?id=emil%3Aresearchthemes%3Apubbytheme&cache=cache&media=research:papers:1999rbac.pdf">The Uses of Hierarchy in Access Control</a>
+ . See <a href="hierarchy.html">Hierarchy Management Overview</a> for more information.
+ </p>
+ </section>
+ </body>
+</document>
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: portals/jetspeed-2/portal/trunk/xdocs/components/jetspeed-security/index.xml
------------------------------------------------------------------------------
svn:keywords = Id
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org