You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by Guðmundur Ágúst Sæmundsson <gu...@idega.is> on 2004/11/11 13:08:53 UTC
JAAS LoginModule problem
Hi
I'm trying to write my own JAAS LoginModule where I add user
principal and roles to the javax.security.auth.Subject from another
user database. This dosen't work because slide doesn't use the roles
from the Subject, it just checks the username from the
getUserPrincipal() method in the request and then gets the roles again
from it's own structure. Does anyone know what I have to do to
abstract from the slide user and role structure?
~~~
Gudmundur Agust Saemundsson
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org
Re: JAAS LoginModule problem
Posted by Jim Myers <ji...@verizon.net>.
We (http://www.scidac.org/SAM/) have looked at making such a change -
essentially looking up a users role/group affiliations once in the login
module and removing that logic from the security class, but haven't done it.
The only other way to override roles/group lookups that I know of is to
implement your own store to ser the role/group nodes - i.e. instead of
passing in your info in the Subject, you'd respond to Slide's requests for
the user/role nodes and put your information in at that time.
Other than the disconect with webDAV, which expects users roles and groups
to all exist as nodes, sending everything in from a login module seems like
a nice way to do things. The autocreate users option that currently exists
bridges the gap for the user identity right now - you could do the same
thing for roles and groups - autocreate those nodes as well (a bit trickier
since you don't get full information about each role and group witha login,
just whether the current user is a member or not). On the other hand - if
you're really going to manage all of the user/group/role info externally,
you might just as well implement a store for these nodes and leave the rest
of slide alone.
Jim
----- Original Message -----
From: "Guðmundur Ágúst Sæmundsson" <gu...@idega.is>
To: "Slide Developers Mailing List" <sl...@jakarta.apache.org>
Sent: Thursday, November 11, 2004 7:08 AM
Subject: JAAS LoginModule problem
> Hi
> I'm trying to write my own JAAS LoginModule where I add user principal
> and roles to the javax.security.auth.Subject from another user database.
> This dosen't work because slide doesn't use the roles from the Subject, it
> just checks the username from the getUserPrincipal() method in the request
> and then gets the roles again from it's own structure. Does anyone know
> what I have to do to abstract from the slide user and role structure?
>
>
> ~~~
> Gudmundur Agust Saemundsson
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org
Re: JAAS LoginModule problem
Posted by Oliver Zeigermann <ol...@gmail.com>.
Have you tried setting auto creation of users as I recommended in
another thread? This worked for me when users are unknown to Slide.
Oliver
On Thu, 11 Nov 2004 12:08:53 +0000, Guðmundur Ágúst Sæmundsson
<gu...@idega.is> wrote:
> Hi
> I'm trying to write my own JAAS LoginModule where I add user
> principal and roles to the javax.security.auth.Subject from another
> user database. This dosen't work because slide doesn't use the roles
> from the Subject, it just checks the username from the
> getUserPrincipal() method in the request and then gets the roles again
> from it's own structure. Does anyone know what I have to do to
> abstract from the slide user and role structure?
>
> ~~~
> Gudmundur Agust Saemundsson
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org