Setting up J2 security with existing user and permissions database.

[Arun <he...@gmail.com>]

Hello folks,

I would first like to congratulate the contributors to this project
and the forum for the wonderful work being done.  We are in the
process of building a new portal and I want to use Jetspeed 2. I have
a few questions related to security and could not get all the answers
from current documentation. I really appreciate if someone can provide
pointers here.

1. We already have users and roles set up in a database and would like
to authenticate portal users against this store. I want to write a new
LoginModule to accomplish this. I recollect seeing some issues being
raised about replacing the LoginModules. Is this the right approach or
is it recommended to extend the existing LoginModuleProxy. All the
user management activities are taken care by another workflow in place
that has to go through approvals.

2. A list of available portlets and information about roles that can
access them are already available in a database. What is the right
approach to extend the permission management in Jetspeed to use this
data store. Should I write my own implementation similar to rdbms
policy ? The portal is envisioned to be deployed on multiple midtiers
with one database. I do not want to use PSML page security where
folders are created on the filesystem for roles and users. However,
admin should be able to create new tabs and set up access permissions
to it based on roles. Can I achieve this without writing my own
security valve in J2.

Thanks in advance.
Arun

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

R: Setting up J2 security with existing user and permissions database.

[Andrea Prandini <an...@quix.it>]

I have the same problem. I implemented the LoginModule interface and the
authentication works fine. Now I want to implemets the permission manager on
my role. Arun let me know which solutions you decide and share your idea.

Andrew 

-----Messaggio originale-----
Da: Randy Watler [mailto:watler@wispertel.net] 
Inviato: martedì 4 ottobre 2005 7.01
A: Jetspeed Users List
Oggetto: Re: Setting up J2 security with existing user and permissions
database.

Arun:

There have been plenty of threads on this list that have tackled the
external authentication needs you have here. There are generally two
integration approaches available: via Security APIs or SecurityValve
replacement.

There is a Java Permissions based security model for the PageManager. 
One can disable the existing constraints in the PSML and instead utilize the
permissions managed in the J2 DB. See the J2 *.sql configuration files for
example permissions. The PageManager can be configured to use the
permissions in the WEB-INF/assembly/page-manager.xml spring configuration. I
am not sure if there is an admin portlet for permissions yet... the PSML
based security is far more popular at this point.

HTH,

Randy

Arun wrote:

>Hello folks,
>
>I would first like to congratulate the contributors to this project and 
>the forum for the wonderful work being done.  We are in the process of 
>building a new portal and I want to use Jetspeed 2. I have a few 
>questions related to security and could not get all the answers from 
>current documentation. I really appreciate if someone can provide 
>pointers here.
>
>1. We already have users and roles set up in a database and would like 
>to authenticate portal users against this store. I want to write a new 
>LoginModule to accomplish this. I recollect seeing some issues being 
>raised about replacing the LoginModules. Is this the right approach or 
>is it recommended to extend the existing LoginModuleProxy. All the user 
>management activities are taken care by another workflow in place that 
>has to go through approvals.
>
>2. A list of available portlets and information about roles that can 
>access them are already available in a database. What is the right 
>approach to extend the permission management in Jetspeed to use this 
>data store. Should I write my own implementation similar to rdbms 
>policy ? The portal is envisioned to be deployed on multiple midtiers 
>with one database. I do not want to use PSML page security where 
>folders are created on the filesystem for roles and users. However, 
>admin should be able to create new tabs and set up access permissions 
>to it based on roles. Can I achieve this without writing my own 
>security valve in J2.
>
>Thanks in advance.
>Arun
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
>For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

Re: Setting up J2 security with existing user and permissions database.

[Randy Watler <wa...@wispertel.net>]

Arun:

There have been plenty of threads on this list that have tackled the 
external authentication needs you have here. There are generally two 
integration approaches available: via Security APIs or SecurityValve 
replacement.

There is a Java Permissions based security model for the PageManager. 
One can disable the existing constraints in the PSML and instead utilize 
the permissions managed in the J2 DB. See the J2 *.sql configuration 
files for example permissions. The PageManager can be configured to use 
the permissions in the WEB-INF/assembly/page-manager.xml spring 
configuration. I am not sure if there is an admin portlet for 
permissions yet... the PSML based security is far more popular at this 
point.

HTH,

Randy

Arun wrote:

>Hello folks,
>
>I would first like to congratulate the contributors to this project
>and the forum for the wonderful work being done.  We are in the
>process of building a new portal and I want to use Jetspeed 2. I have
>a few questions related to security and could not get all the answers
>from current documentation. I really appreciate if someone can provide
>pointers here.
>
>1. We already have users and roles set up in a database and would like
>to authenticate portal users against this store. I want to write a new
>LoginModule to accomplish this. I recollect seeing some issues being
>raised about replacing the LoginModules. Is this the right approach or
>is it recommended to extend the existing LoginModuleProxy. All the
>user management activities are taken care by another workflow in place
>that has to go through approvals.
>
>2. A list of available portlets and information about roles that can
>access them are already available in a database. What is the right
>approach to extend the permission management in Jetspeed to use this
>data store. Should I write my own implementation similar to rdbms
>policy ? The portal is envisioned to be deployed on multiple midtiers
>with one database. I do not want to use PSML page security where
>folders are created on the filesystem for roles and users. However,
>admin should be able to create new tabs and set up access permissions
>to it based on roles. Can I achieve this without writing my own
>security valve in J2.
>
>Thanks in advance.
>Arun
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
>For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org