You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Constantine Vetoshev <ge...@yahoo.com> on 2005/07/12 00:25:42 UTC
Adding a user without updating the group-member-set
This is perhaps more of a Tomcat question than a Slide question, but
here goes anyway:
For my application, I don't need to use Slide roles. Given the way ACEs
work in Slide, I can assign a privilege to any user on an individual
basis, which is exactly what I need. If, however, I create a user
without adding the user to a group-member-set, and then try to log in
as that user, I can't even get to the point of testing the resulting
ACL. Tomcat (5.0.28) throws a 403 error before even trying to run any
Slide code. I put a breakpoint on the first line of the service method
of WebdavServlet, and never reached it.
In a nutshell, I created a user, /users/john3, but did not add him to
any role's group-member-set. Logging in to Slide as john3 fails inside
Tomcat, before any Slide-specific code runs. Presumably, this has to do
with the realm and auth-constraints configured in Tomcat, which somehow
check user IDs and roles against Slide's idea of user roles. I'm using
a completely stock Tomcat configuration (except for adding the slide
realm).
Is it at all possible to use Slide without updating the
group-member-set? I'll never use ACEs which rely on group memberships.
I understand that I can just add all new users to /roles/user when I
create them, and remove them from /roles/user when I delete them, but
it seems like an unnecessary hassle. Are Tomcat and Slide so married to
the idea of roles that it cannot be removed?
Many thanks,
CV
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Adding a user without updating the group-member-set
Posted by James Mason <ma...@apache.org>.
By default I believe the Slide realm requires that a user be a member of
the root, user or guest role. To get the behavior you want you're going
to need to change the realm somehow. Either configure the webapp to
allow any valid user (may or may not be possible), modify the Slide
realm to behave the way you want, or setup an external user store that
both Slide and Tomcat can use (LDAP or Tomcat internal users +
auto-create-users in Slide).
-James
On Mon, 2005-07-11 at 15:25 -0700, Constantine Vetoshev wrote:
> This is perhaps more of a Tomcat question than a Slide question, but
> here goes anyway:
>
> For my application, I don't need to use Slide roles. Given the way ACEs
> work in Slide, I can assign a privilege to any user on an individual
> basis, which is exactly what I need. If, however, I create a user
> without adding the user to a group-member-set, and then try to log in
> as that user, I can't even get to the point of testing the resulting
> ACL. Tomcat (5.0.28) throws a 403 error before even trying to run any
> Slide code. I put a breakpoint on the first line of the service method
> of WebdavServlet, and never reached it.
>
> In a nutshell, I created a user, /users/john3, but did not add him to
> any role's group-member-set. Logging in to Slide as john3 fails inside
> Tomcat, before any Slide-specific code runs. Presumably, this has to do
> with the realm and auth-constraints configured in Tomcat, which somehow
> check user IDs and roles against Slide's idea of user roles. I'm using
> a completely stock Tomcat configuration (except for adding the slide
> realm).
>
> Is it at all possible to use Slide without updating the
> group-member-set? I'll never use ACEs which rely on group memberships.
> I understand that I can just add all new users to /roles/user when I
> create them, and remove them from /roles/user when I delete them, but
> it seems like an unnecessary hassle. Are Tomcat and Slide so married to
> the idea of roles that it cannot be removed?
>
> Many thanks,
> CV
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org