You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@stanbol.apache.org by Reto Bachmann-Gmür <re...@apache.org> on 2012/09/14 09:26:59 UTC
Authentication
Hi Rupert
While the problems you encountered with the stable launcher obviously must
be resolved (the problem afaik being that a bundle is missing that happens
to be provided by the shell list in the full launcher) I don't think that
disabling the authenticationg modules altogether is a good option.
Disabling authentication is fine, in this case all operations are being
executed by an allmighty anonymous user but removing the bundles means that
stanbol bundles cannot rely in bundles being there telling who the current
user is. However I think that this is a feature not only needed for
multi-tenancy but one that can be used for many purposes.
So I think the basic features should be included in all launchers as all
modules should be able to access this functionality. Developers of
components should be encouraged to use these features to make their bundle
user-aware and to provide reasonable permission checks for the
functionality thei're offering.
Cheers,
Reto
On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
> Author: rwesten
> Date: Mon Sep 10 17:54:19 2012
> New Revision: 1383002
>
> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
> Log:
> STANBOL-721: Moved the dependencies needed for authentication to an own
> partial bundlelist. Currently used by the full and full-war launcher
>
> Added:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/ (with
> props)
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> (with props)
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> (with props)
> Modified:
>
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> incubator/stanbol/trunk/launchers/full-war/pom.xml
> incubator/stanbol/trunk/launchers/full/pom.xml
> incubator/stanbol/trunk/pom.xml
>
> Propchange: incubator/stanbol/trunk/launchers/bundlelists/authentication/
>
> ------------------------------------------------------------------------------
> --- svn:ignore (added)
> +++ svn:ignore Mon Sep 10 17:54:19 2012
> @@ -0,0 +1,3 @@
> +.settings
> +
> +.project
>
> Added: incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
>
> ==============================================================================
> --- incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> (added)
> +++ incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> Mon Sep 10 17:54:19 2012
> @@ -0,0 +1,65 @@
> +<?xml version="1.0" encoding="UTF-8"?>
> +<!--
> + Licensed to the Apache Software Foundation (ASF) under one or more
> + contributor license agreements. See the NOTICE file distributed with
> + this work for additional information regarding copyright ownership.
> + The ASF licenses this file to You under the Apache License, Version 2.0
> + (the "License"); you may not use this file except in compliance with
> + the License. You may obtain a copy of the License at
> +
> + http://www.apache.org/licenses/LICENSE-2.0
> +
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + See the License for the specific language governing permissions and
> + limitations under the License.
> +-->
> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/maven-v4_0_0.xsd">
> + <modelVersion>4.0.0</modelVersion>
> + <parent>
> + <groupId>org.apache.stanbol</groupId>
> + <artifactId>stanbol-parent</artifactId>
> + <version>2-incubating-SNAPSHOT</version>
> + <relativePath>../../../parent</relativePath>
> + </parent>
> +
> + <groupId>org.apache.stanbol</groupId>
> +
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> + <version>0.10.0-incubating-SNAPSHOT</version>
> + <packaging>partialbundlelist</packaging>
> +
> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
> + <description>This is a Maven project which produces the partial list
> containing the bundles related to Authentication.</description>
> +
> + <scm>
> + <connection>
> + scm:svn:
> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
> + </connection>
> + <developerConnection>
> + scm:svn:
> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
> + </developerConnection>
> + <url>http://incubator.apache.org/stanbol/</url>
> + </scm>
> +
> + <build>
> + <plugins>
> + <plugin>
> + <groupId>org.apache.sling</groupId>
> + <artifactId>maven-launchpad-plugin</artifactId>
> + <executions>
> + <execution>
> + <id>attach-bundle-list</id>
> + <goals>
> + <goal>attach-bundle-list</goal>
> + </goals>
> + <configuration>
> + <includeDefaultBundles>false</includeDefaultBundles>
> + </configuration>
> + </execution>
> + </executions>
> + </plugin>
> + </plugins>
> + </build>
> +</project>
>
> Propchange:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>
> ------------------------------------------------------------------------------
> svn:mime-type = text/plain
>
> Added:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
>
> ==============================================================================
> ---
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> (added)
> +++
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> Mon Sep 10 17:54:19 2012
> @@ -0,0 +1,47 @@
> +<?xml version="1.0" encoding="UTF-8"?>
> +<!--
> + Licensed to the Apache Software Foundation (ASF) under one or more
> + contributor license agreements. See the NOTICE file distributed with
> + this work for additional information regarding copyright ownership.
> + The ASF licenses this file to You under the Apache License, Version 2.0
> + (the "License"); you may not use this file except in compliance with
> + the License. You may obtain a copy of the License at
> +
> + http://www.apache.org/licenses/LICENSE-2.0
> +
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + See the License for the specific language governing permissions and
> + limitations under the License.
> +-->
> +<bundles>
> + <!-- authentication -->
> + <startLevel level="27">
> + <bundle>
> + <groupId>org.apache.clerezza</groupId>
> + <artifactId>platform.config</artifactId>
> + <version>0.3-incubating</version>
> + </bundle>
> + <bundle>
> + <groupId>org.apache.clerezza</groupId>
> + <artifactId>permissiondescriptions</artifactId>
> + <version>0.1-incubating</version>
> + </bundle>
> + <bundle>
> + <groupId>org.apache.clerezza</groupId>
> + <artifactId>platform</artifactId>
> + <version>0.1-incubating</version>
> + </bundle>
> + <bundle>
> + <groupId>org.apache.stanbol</groupId>
> + <artifactId>org.apache.stanbol.commons.security</artifactId>
> + <version>0.10.0-incubating-SNAPSHOT</version>
> + </bundle>
> + <bundle>
> + <groupId>org.apache.stanbol</groupId>
> +
> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
> + <version>0.10.0-incubating-SNAPSHOT</version>
> + </bundle>
> + </startLevel>
> +</bundles>
> \ No newline at end of file
>
> Propchange:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>
> ------------------------------------------------------------------------------
> svn:mime-type = text/plain
>
> Modified:
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>
> ==============================================================================
> ---
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> (original)
> +++
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> Mon Sep 10 17:54:19 2012
> @@ -293,35 +293,6 @@
> </bundle>
> </startLevel>
>
> - <!-- authentication -->
> - <startLevel level="27">
> - <bundle>
> - <groupId>org.apache.clerezza</groupId>
> - <artifactId>platform.config</artifactId>
> - <version>0.3-incubating</version>
> - </bundle>
> - <bundle>
> - <groupId>org.apache.clerezza</groupId>
> - <artifactId>permissiondescriptions</artifactId>
> - <version>0.1-incubating</version>
> - </bundle>
> - <bundle>
> - <groupId>org.apache.clerezza</groupId>
> - <artifactId>platform</artifactId>
> - <version>0.1-incubating</version>
> - </bundle>
> - <bundle>
> - <groupId>org.apache.stanbol</groupId>
> - <artifactId>org.apache.stanbol.commons.security</artifactId>
> - <version>0.10.0-incubating-SNAPSHOT</version>
> - </bundle>
> - <bundle>
> - <groupId>org.apache.stanbol</groupId>
> -
> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
> - <version>0.10.0-incubating-SNAPSHOT</version>
> - </bundle>
> - </startLevel>
> -
> <!-- Stanbol Commons -->
> <startLevel level="27">
> <!-- Allows to run Stanbol in offline mode -->
>
> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>
> ==============================================================================
> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10 17:54:19
> 2012
> @@ -135,6 +135,14 @@
> <version>0.10.0-incubating-SNAPSHOT</version>
> <type>partialbundlelist</type>
> </dependency>
> + <!-- Authentication Support-->
> + <dependency>
> + <groupId>org.apache.stanbol</groupId>
> +
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> + <version>0.10.0-incubating-SNAPSHOT</version>
> + <type>partialbundlelist</type>
> + <scope>provided</scope>
> + </dependency>
>
> <!-- Stanbol CMS Adapter Bundle List -->
> <dependency>
>
> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>
> ==============================================================================
> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10 17:54:19 2012
> @@ -165,6 +165,15 @@
> <type>partialbundlelist</type>
> <scope>provided</scope>
> </dependency>
> +
> + <!-- Authentication Support-->
> + <dependency>
> + <groupId>org.apache.stanbol</groupId>
> +
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> + <version>0.10.0-incubating-SNAPSHOT</version>
> + <type>partialbundlelist</type>
> + <scope>provided</scope>
> + </dependency>
>
> <!-- zz> Shell Bundle List -->
> <dependency>
>
> Modified: incubator/stanbol/trunk/pom.xml
> URL:
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>
> ==============================================================================
> --- incubator/stanbol/trunk/pom.xml (original)
> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
> @@ -85,6 +85,7 @@
>
> <module>launchers/bundlelists/osgiframework</module>
> <module>launchers/bundlelists/stanbolcommons</module>
> + <module>launchers/bundlelists/authentication</module>
> <module>launchers/bundlelists/zzshell</module>
> <module>launchers/full</module>
> <module>integration-tests</module>
>
>
>
Re: Authentication
Posted by Rupert Westenthaler <ru...@gmail.com>.
On Wed, Sep 19, 2012 at 10:55 AM, Reto Bachmann-Gmür <re...@apache.org> wrote:
> I don't think that having standard java security calls (as they are present
> in standard java libraries like java.io means bloating the code.
I agree with that ...
> Imho, it would be much
> cleaner if permission for a higher level functionality rather than for
> those lower level library calls would be required.
>
But exactly when we start to introduce this higher level permissions
we need to think about how to do it. This was also the reason for all
my questions. I wanted to get a better feeling of what is
possible/feasible.
> Cheers,
> Reto
> On Sep 19, 2012 9:46 AM, "Bertrand Delacretaz" <bd...@apache.org>
>> On Tue, Sep 18, 2012 at 7:45 AM, Rupert Westenthaler
>> <ru...@gmail.com> wrote:
>> > ...So your proposal is to introduce "Security" on the Component level....
>>
>> It might be useful to agree on the overall Stanbol security model in a
>> wiki or website page before digging into the details.
>>
That might be very useful
>> Case A: I don't care much about access control if using Stanbol as a
>> stateless content enhancement engine, as long as each request is
>> isolated from others I'm fine. I want a lean Stanbol in this case,
>> maybe even embed its bundles in my Sling or other OSGi-based
>> application.
>>
>> Case B: the picture is very different for someone who wants to use
>> Stanbol as a content store, where you might need granular access
>> control. You could easily turn Stanbol into a complex content
>> management system here, with the correspondingly complex security
>> features.
>>
let me give some additional use cases
Case C: A user can upload its own vocabulary and use it for enhancing
his content. However might not want other users to access his
vocabulary.
Case D: A user might want to use an EnhancementEngine that requires
some authentication with an external service.
Case E: A user might only be able to read/query a Vocabulary on the
Entityhub. An other user might also be able to modify it
(create/modify/delete entities).
>> IMO we need to define the possible security levels to cover the
>> spectrum of A to B, based on use cases, before (potentially) bloating
>> the Stanbol codebase with things that case A doesn't need.
True. This was also the reason why I created an own BundleList for
authentication. To make it users not interested in (B) easier to skip
this feature.
best
Rupert
--
| Rupert Westenthaler rupert.westenthaler@gmail.com
| Bodenlehenstraße 11 ++43-699-11108907
| A-5500 Bischofshofen
Re: Authentication
Posted by Reto Bachmann-Gmür <re...@apache.org>.
I don't think that having standard java security calls (as they are present
in standard java libraries like java.io means bloating the code. These can
be usefull both in the situation were Stanbol is accessed via web as well
as when it is embedded. Fo embedded stanbol what makes the difference is
wether a SecurityManager is in place or not. Currently the engines require
permissions like file access or networking permissions. It is not clear to
the client what permissions a certain call requires. Imho, it would be much
cleaner if permission for a higher level functionality rather than for
those lower level library calls would be required.
Cheers,
Reto
On Sep 19, 2012 9:46 AM, "Bertrand Delacretaz" <bd...@apache.org>
wrote:
> On Tue, Sep 18, 2012 at 7:45 AM, Rupert Westenthaler
> <ru...@gmail.com> wrote:
> > ...So your proposal is to introduce "Security" on the Component level....
>
> It might be useful to agree on the overall Stanbol security model in a
> wiki or website page before digging into the details.
>
> Case A: I don't care much about access control if using Stanbol as a
> stateless content enhancement engine, as long as each request is
> isolated from others I'm fine. I want a lean Stanbol in this case,
> maybe even embed its bundles in my Sling or other OSGi-based
> application.
>
> Case B: the picture is very different for someone who wants to use
> Stanbol as a content store, where you might need granular access
> control. You could easily turn Stanbol into a complex content
> management system here, with the correspondingly complex security
> features.
>
> IMO we need to define the possible security levels to cover the
> spectrum of A to B, based on use cases, before (potentially) bloating
> the Stanbol codebase with things that case A doesn't need.
>
> -Bertrand
>
Re: Authentication
Posted by Bertrand Delacretaz <bd...@apache.org>.
On Tue, Sep 18, 2012 at 7:45 AM, Rupert Westenthaler
<ru...@gmail.com> wrote:
> ...So your proposal is to introduce "Security" on the Component level....
It might be useful to agree on the overall Stanbol security model in a
wiki or website page before digging into the details.
Case A: I don't care much about access control if using Stanbol as a
stateless content enhancement engine, as long as each request is
isolated from others I'm fine. I want a lean Stanbol in this case,
maybe even embed its bundles in my Sling or other OSGi-based
application.
Case B: the picture is very different for someone who wants to use
Stanbol as a content store, where you might need granular access
control. You could easily turn Stanbol into a complex content
management system here, with the correspondingly complex security
features.
IMO we need to define the possible security levels to cover the
spectrum of A to B, based on use cases, before (potentially) bloating
the Stanbol codebase with things that case A doesn't need.
-Bertrand
Re: Authentication
Posted by Rupert Westenthaler <ru...@gmail.com>.
Hi Reto,
thx Reto for your Response. Those infos helped a lot. Now that I
better understand your goals I do have an other set of Questions.
So your proposal is to introduce "Security" on the Component level.
Some Examples:
* User A can "execute" EnhancementChain "ehealth" -
ChainPermission("ehealth",{"execute"})
* User A has CRUD on ManagedSite "myCompanyVoc" -
ManagedSitePermission("myCompanyVoc",{"dereference","write","delete","query","find"})
* User B can access "myCompanyVoc" -
ManagedSitePermission("myCompanyVoc",{"dereference"})
What effect would that have on the RESTful services?
* should the Entityhub return a list of all Entityhub Sites only
return those that are accessible to the current user? Should it rather
return all Sites and that throw Exceptions when the user tries to
access it?
* should the Enhancer provide information about all EnhancementChains
or only the executable one?
What effect does this have on Components that depend on others?
e.g. a User that has the permission to execute the "ehealth" chain,
but he is not allowed to execute the "language-detection"
EnhancementEngine that is part of this chain?
* Do we need to track those dependencies? Or shall we start to execute
and run into SecurityExceptions? I guess the later, right?
* What if the "language-detection" is an optional Engine? Should we
catch the SecurityException and continue or should we let it through?
Can we use the same system to also introduce security on the
WebService Level (e.g. to protect the ServletFilters that allow to use
the Solr RESTful API)?
best
Rupert
On Mon, Sep 17, 2012 at 11:36 AM, Reto Bachmann-Gmür <re...@apache.org> wrote:
> Hi Rupert, all
>
> Indeed I have to explain more about security and how this is to be used.
>
> What do developer of Stanbol module need to know t support access control:
>
> 1. What to do do
>
> Your application can explicitly require permission, you can create your own
> permission class and check for a permission with the AccessController
>
> Permission perm = new WeaponUsePermission("missiles", "fire");
> AccessController.checkPermission(perm);
>
>
> Many library calls already require Permission, for example if you access a
> File with java.io or a graph with TcManager specific permissions are
> required.
>
> If the application wants to execute code without requiring the user to have
> the permissions required by the libraries a code block can be executed as
> privileged.
>
> From the AccessController Javadoc:
>
> ...normal code here...
> AccessController.doPrivileged(new PrivilegedAction() {
> public Object run() {
> // privileged code goes here, for example:
> System.loadLibrary("awt");
> return null; // nothing to return
> }
> });
> ...normal code here...
>
>
> A frequent pattern is to check a specific permission with AccessController
> and then execute code as priviledged so that if a user has a send-mail
> permission she doesn’t additionally need a netweor-access permission.
>
> e.g.
>
> AccessController.checkPermission(new SendMailPermission());
> return AccessController.doPrivileged(new PrivilegedAction() {
>
> @Override
> public Response run() {
> //do the networking and send the mail
> }
> });
> 2. What not to do
>
> Never catch SecurityExceptions, only SecurityException that reach the
> authenticating filter will allow the user to login.
>
> How does it work:
>
> The current code does not use Jaas LoginModules as this brings all the
> ClassPath difficulties and I couldn't identify clear benefits. It is a port
> of the clerezza login mechanism. Clerezza supports http-auth, foem based
> login with cookies and webid. To get us started I wanted to port http-auth.
>
> To your questions:
>
>
> * What is the WebIdBasedPermissionProvider for?
>
>
> The need for WebIdBasedPermissionProvider arises when you have roaming
> users, i.e. when OpenId or WebId authentication is supported, in this case
> a WebIdBasedPermissionProvider can give those users unknown to the system
> some permissions (e.g. based on the social distance to the site owner).
>
> * What is the intension of the LoginListener?
>>
> I think this can be dropped. Can't think of a compelling usecase.
>
>
>> * Is there a Code example on how to use Permissions in Stanbol?
>>
> See above
>
>
>> * How would components define Permissions (e.g the Stanbol Enhancer to
>> allow the execution of an EnhancementChain/
>> EnhancementEngine)
>>
>
> Just define a class extending java.util.Permission, make sure it has a
> (String,String) constructor and that its equals and hashcode methods are
> properly implemented. And then use it as the WeaponUsePermission above.
>
> To your suggestions:
> - I agree with using the service.ranking instead of the weight method.
>
> For the other suggestion designed to increase flexibility I'd suggest to
> postbone them a bit and see what is needed. I'm currently working on a user
> management interface which seems a preliminary to start playing with the
> stuff. In a next step we can discuss how to best integrate Ldap (a
> different AuthenticationChecker or a virtual graph, AuthenticationChecker
> seems very limited anyway as it only supports password auth, drop that
> interface).
>
> I hope that I'll soon be able to present a usable usermanager and that this
> will allow to have a minimalistic but working system which gives a
> foundation for (discussing) further developments.
>
> Cheers,
> Reto
>
>
> On Mon, Sep 17, 2012 at 10:33 AM, Rupert Westenthaler <
> rupert.westenthaler@gmail.com> wrote:
>
>> Hi Reto, all
>>
>> spent some more time trying to understand the Stanbol Authentication
>> module. In the following my findings, many questions and some
>> suggestions.
>>
>> Architecture:
>> ---------
>>
>> This tires to explain the Architecture of
>> "o.a.stanbol.commons.security" as I understood it while looking at the
>> code. Reto please correct me if I got something wrong.
>>
>> ### extension points
>>
>> As far as I can see there are two extension points:
>>
>> * AuthenticationChecker: checks if a user exists and if the password
>> matches
>> * AuthenticationMethod: authenticate an user with the information
>> provided in a http request
>>
>> ### Services:
>>
>> The
>>
>> * AuthenticationService: can be used to authenticate a Users. Wraps
>> all available AuthenticationChecker
>> * UserAwarePolicy: Class extending java.security.Policy registered as
>> OSGI service. It uses information stored in an RDF graph (the Clerezza
>> SYSTEM_GRAPH) to map a an authenticated user with Permissions.
>> Permissions are defined using an RDF schema.
>>
>> Note also the SecurityActivator Component that ensures that the
>> UserAwarePolicy is set/unset as soon as registered/unregistered as
>> OSGI service.
>>
>> ### Questions:
>>
>> * What is the WebIdBasedPermissionProvider for?
>> * What is the intension of the LoginListener?
>> * Is there a Code example on how to use Permissions in Stanbol?
>> * How would components define Permissions (e.g the Stanbol Enhancer to
>> allow the execution of an EnhancementChain/EnhancementEngine)
>>
>>
>> Stanbol Security and JAAS:
>> -------
>>
>> ? How is this related to JAAS: I see that the code seems to be based
>> on JAAS as it uses a lot of classes from the according packages. Some
>> code snippets are similar to [1], but a Google search also reveals
>> that Karaf supports JAAS. There are even some hits for Sling and JAAS.
>> I am not familiar with JAAS so it would be cool if someone could
>> provide more information about that.
>>
>> ? Configuration: The current implementation uses a RDF for the
>> configuration of users, permission ... The Karaf implementation uses
>> an XML schema to do the same. Does it make sense ( and would it be
>> possible) to use both possibilities within Stanbol? Would that be an
>> other extension point related to the UserAwarePolicy?
>>
>> ? OSGI integration: I have found a lot of references to Classpath
>> related problems with JAAS in OSGI. Karaf uses a ProxyLoginModule [2]
>> to workaround those problems. I would really like to understand how
>> this handled in the current implementation within Stanbol. How does
>> the current implementation deal with this problem?
>>
>> Other things I noticed:
>> -----
>>
>> * I would suggest to move the AuthenticationChecker implementation to
>> an own Module similar as the implementation of the
>> AutenthicationMethod already are.
>>
>> * I would suggest to use the standard OSGI service.ranking instead of
>> the "weight" property mainly because Stanbol already uses the
>> "service.ranking" on several occasions (e.g. EnhancementChains,
>> Entityhub Sites, Contenthub Stores). In addition using service.ranking
>> also ensures that the OSGI ServiceTracker and @Refernece annotations
>> do inject automatically the service with the highest ranking (in case
>> single cardinality is used).
>>
>> * I would like to have the option to use a Stanbol specific variant of
>> registering/populate/manage the MGraph used to read the permissions
>> from (e.g. by making the OSGI filter string for the SystemGraph
>> configurable). Than different components could be used to
>> register/populate/manage the MGraph with the permissions. As bundles
>> can also contribute configurations we could also automatically set the
>> configuration based on the bundles loaded in the OSGI environment.
>>
>>
>> best
>> Rupert
>>
>> [1]
>> http://wiki.trialox.org/confluence/display/DEV/User+Authorization+based+on+JAAS+in+OSGi+Environment
>> [2]
>> http://felix.apache.org/site/45-security-framework.html#4.5.Securityframework-Architecture
>>
>> On Sun, Sep 16, 2012 at 9:26 PM, Rupert Westenthaler
>> <ru...@gmail.com> wrote:
>> > Hi,
>> >
>> > The reason why I opted to exclude the authentication bundles form the
>> > "stable" launcher was
>> >
>> > 1. The stable launcher is also some kind of a minimum launcher (only
>> > containing the Enhancer and the Entityhub).
>> > 2. Adding authentication forced me to use the "-XX:MaxPermSize=256m"
>> > option to avoid PermGen OOM errors during startup
>> >
>> > Independent of that I think that having authentication in an own
>> > bundle-list is a good think as it makes it more easy to add/skip this
>> > feature by users that build their own customized Stanbol launcher.
>> >
>> >> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>> >>> While the problems you encountered with the stable launcher obviously
>> must
>> >>> be resolved (the problem afaik being that a bundle is missing that
>> happens
>> >>> to be provided by the shell list in the full launcher)
>> >
>> > I think you can solve this by adding those bundles to multiple bundle
>> list.
>> >
>> >>> I don't think that disabling the authenticationg modules altogether is
>> a good option.
>> >
>> > But why do I see this increase of the PermGen size if the feature is
>> > disabled? Any Idea?
>> >
>> > Can we provide a dummy implementation of "AuthenticationMethod" with
>> > no external dependencies that has the same effect as disabling. Than
>> > we can use this implementation in Launchers that do not use/support
>> > authentication?
>> >
>> > best
>> > Rupert
>> >
>> > On Fri, Sep 14, 2012 at 9:44 AM, Fabian Christ
>> > <ch...@googlemail.com> wrote:
>> >> Hi,
>> >>
>> >> I think this is valid point by Reto. The functionality is really
>> >> useful for business applications. So disabling like Reto described may
>> >> be a better choice than removing the bundles.
>> >>
>> >> Anyway, I did not have a closer look at this feature but I imagine
>> >> that it is possible to customize the authentication in many
>> >> directions, right? If this is not the case, we should think about it
>> >> as many companies use very different authentication policies and
>> >> technologies.
>> >>
>> >> Best,
>> >> - Fabian
>> >>
>> >> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>> >>> Hi Rupert
>> >>>
>> >>> While the problems you encountered with the stable launcher obviously
>> must
>> >>> be resolved (the problem afaik being that a bundle is missing that
>> happens
>> >>> to be provided by the shell list in the full launcher) I don't think
>> that
>> >>> disabling the authenticationg modules altogether is a good option.
>> >>>
>> >>> Disabling authentication is fine, in this case all operations are being
>> >>> executed by an allmighty anonymous user but removing the bundles means
>> that
>> >>> stanbol bundles cannot rely in bundles being there telling who the
>> current
>> >>> user is. However I think that this is a feature not only needed for
>> >>> multi-tenancy but one that can be used for many purposes.
>> >>>
>> >>> So I think the basic features should be included in all launchers as
>> all
>> >>> modules should be able to access this functionality. Developers of
>> >>> components should be encouraged to use these features to make their
>> bundle
>> >>> user-aware and to provide reasonable permission checks for the
>> >>> functionality thei're offering.
>> >>>
>> >>> Cheers,
>> >>> Reto
>> >>>
>> >>> On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
>> >>>
>> >>>> Author: rwesten
>> >>>> Date: Mon Sep 10 17:54:19 2012
>> >>>> New Revision: 1383002
>> >>>>
>> >>>> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
>> >>>> Log:
>> >>>> STANBOL-721: Moved the dependencies needed for authentication to an
>> own
>> >>>> partial bundlelist. Currently used by the full and full-war launcher
>> >>>>
>> >>>> Added:
>> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/
>> (with
>> >>>> props)
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> >>>> (with props)
>> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
>> >>>>
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
>> >>>>
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> >>>> (with props)
>> >>>> Modified:
>> >>>>
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> >>>> incubator/stanbol/trunk/launchers/full-war/pom.xml
>> >>>> incubator/stanbol/trunk/launchers/full/pom.xml
>> >>>> incubator/stanbol/trunk/pom.xml
>> >>>>
>> >>>> Propchange:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/
>> >>>>
>> >>>>
>> ------------------------------------------------------------------------------
>> >>>> --- svn:ignore (added)
>> >>>> +++ svn:ignore Mon Sep 10 17:54:19 2012
>> >>>> @@ -0,0 +1,3 @@
>> >>>> +.settings
>> >>>> +
>> >>>> +.project
>> >>>>
>> >>>> Added:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> ---
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> >>>> (added)
>> >>>> +++
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> >>>> Mon Sep 10 17:54:19 2012
>> >>>> @@ -0,0 +1,65 @@
>> >>>> +<?xml version="1.0" encoding="UTF-8"?>
>> >>>> +<!--
>> >>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>> >>>> + contributor license agreements. See the NOTICE file distributed
>> with
>> >>>> + this work for additional information regarding copyright ownership.
>> >>>> + The ASF licenses this file to You under the Apache License,
>> Version 2.0
>> >>>> + (the "License"); you may not use this file except in compliance
>> with
>> >>>> + the License. You may obtain a copy of the License at
>> >>>> +
>> >>>> + http://www.apache.org/licenses/LICENSE-2.0
>> >>>> +
>> >>>> + Unless required by applicable law or agreed to in writing, software
>> >>>> + distributed under the License is distributed on an "AS IS" BASIS,
>> >>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> >>>> + See the License for the specific language governing permissions and
>> >>>> + limitations under the License.
>> >>>> +-->
>> >>>> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
>> >>>> http://www.w3.org/2001/XMLSchema-instance"
>> >>>> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>> >>>> http://maven.apache.org/maven-v4_0_0.xsd">
>> >>>> + <modelVersion>4.0.0</modelVersion>
>> >>>> + <parent>
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> + <artifactId>stanbol-parent</artifactId>
>> >>>> + <version>2-incubating-SNAPSHOT</version>
>> >>>> + <relativePath>../../../parent</relativePath>
>> >>>> + </parent>
>> >>>> +
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> +
>> >>>>
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> + <packaging>partialbundlelist</packaging>
>> >>>> +
>> >>>> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
>> >>>> + <description>This is a Maven project which produces the partial
>> list
>> >>>> containing the bundles related to Authentication.</description>
>> >>>> +
>> >>>> + <scm>
>> >>>> + <connection>
>> >>>> + scm:svn:
>> >>>>
>> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>> >>>> + </connection>
>> >>>> + <developerConnection>
>> >>>> + scm:svn:
>> >>>>
>> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>> >>>> + </developerConnection>
>> >>>> + <url>http://incubator.apache.org/stanbol/</url>
>> >>>> + </scm>
>> >>>> +
>> >>>> + <build>
>> >>>> + <plugins>
>> >>>> + <plugin>
>> >>>> + <groupId>org.apache.sling</groupId>
>> >>>> + <artifactId>maven-launchpad-plugin</artifactId>
>> >>>> + <executions>
>> >>>> + <execution>
>> >>>> + <id>attach-bundle-list</id>
>> >>>> + <goals>
>> >>>> + <goal>attach-bundle-list</goal>
>> >>>> + </goals>
>> >>>> + <configuration>
>> >>>> + <includeDefaultBundles>false</includeDefaultBundles>
>> >>>> + </configuration>
>> >>>> + </execution>
>> >>>> + </executions>
>> >>>> + </plugin>
>> >>>> + </plugins>
>> >>>> + </build>
>> >>>> +</project>
>> >>>>
>> >>>> Propchange:
>> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> >>>>
>> >>>>
>> ------------------------------------------------------------------------------
>> >>>> svn:mime-type = text/plain
>> >>>>
>> >>>> Added:
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> ---
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> >>>> (added)
>> >>>> +++
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> >>>> Mon Sep 10 17:54:19 2012
>> >>>> @@ -0,0 +1,47 @@
>> >>>> +<?xml version="1.0" encoding="UTF-8"?>
>> >>>> +<!--
>> >>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>> >>>> + contributor license agreements. See the NOTICE file distributed
>> with
>> >>>> + this work for additional information regarding copyright ownership.
>> >>>> + The ASF licenses this file to You under the Apache License,
>> Version 2.0
>> >>>> + (the "License"); you may not use this file except in compliance
>> with
>> >>>> + the License. You may obtain a copy of the License at
>> >>>> +
>> >>>> + http://www.apache.org/licenses/LICENSE-2.0
>> >>>> +
>> >>>> + Unless required by applicable law or agreed to in writing, software
>> >>>> + distributed under the License is distributed on an "AS IS" BASIS,
>> >>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> >>>> + See the License for the specific language governing permissions and
>> >>>> + limitations under the License.
>> >>>> +-->
>> >>>> +<bundles>
>> >>>> + <!-- authentication -->
>> >>>> + <startLevel level="27">
>> >>>> + <bundle>
>> >>>> + <groupId>org.apache.clerezza</groupId>
>> >>>> + <artifactId>platform.config</artifactId>
>> >>>> + <version>0.3-incubating</version>
>> >>>> + </bundle>
>> >>>> + <bundle>
>> >>>> + <groupId>org.apache.clerezza</groupId>
>> >>>> + <artifactId>permissiondescriptions</artifactId>
>> >>>> + <version>0.1-incubating</version>
>> >>>> + </bundle>
>> >>>> + <bundle>
>> >>>> + <groupId>org.apache.clerezza</groupId>
>> >>>> + <artifactId>platform</artifactId>
>> >>>> + <version>0.1-incubating</version>
>> >>>> + </bundle>
>> >>>> + <bundle>
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> + <artifactId>org.apache.stanbol.commons.security</artifactId>
>> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> + </bundle>
>> >>>> + <bundle>
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> +
>> >>>>
>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> + </bundle>
>> >>>> + </startLevel>
>> >>>> +</bundles>
>> >>>> \ No newline at end of file
>> >>>>
>> >>>> Propchange:
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> >>>>
>> >>>>
>> ------------------------------------------------------------------------------
>> >>>> svn:mime-type = text/plain
>> >>>>
>> >>>> Modified:
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> ---
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> >>>> (original)
>> >>>> +++
>> >>>>
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> >>>> Mon Sep 10 17:54:19 2012
>> >>>> @@ -293,35 +293,6 @@
>> >>>> </bundle>
>> >>>> </startLevel>
>> >>>>
>> >>>> - <!-- authentication -->
>> >>>> - <startLevel level="27">
>> >>>> - <bundle>
>> >>>> - <groupId>org.apache.clerezza</groupId>
>> >>>> - <artifactId>platform.config</artifactId>
>> >>>> - <version>0.3-incubating</version>
>> >>>> - </bundle>
>> >>>> - <bundle>
>> >>>> - <groupId>org.apache.clerezza</groupId>
>> >>>> -
>> <artifactId>permissiondescriptions</artifactId>
>> >>>> - <version>0.1-incubating</version>
>> >>>> - </bundle>
>> >>>> - <bundle>
>> >>>> - <groupId>org.apache.clerezza</groupId>
>> >>>> - <artifactId>platform</artifactId>
>> >>>> - <version>0.1-incubating</version>
>> >>>> - </bundle>
>> >>>> - <bundle>
>> >>>> - <groupId>org.apache.stanbol</groupId>
>> >>>> - <artifactId>org.apache.stanbol.commons.security</artifactId>
>> >>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> - </bundle>
>> >>>> - <bundle>
>> >>>> - <groupId>org.apache.stanbol</groupId>
>> >>>> -
>> >>>>
>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>> >>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> - </bundle>
>> >>>> - </startLevel>
>> >>>> -
>> >>>> <!-- Stanbol Commons -->
>> >>>> <startLevel level="27">
>> >>>> <!-- Allows to run Stanbol in offline mode -->
>> >>>>
>> >>>> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
>> >>>> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10
>> 17:54:19
>> >>>> 2012
>> >>>> @@ -135,6 +135,14 @@
>> >>>> <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> <type>partialbundlelist</type>
>> >>>> </dependency>
>> >>>> + <!-- Authentication Support-->
>> >>>> + <dependency>
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> +
>> >>>>
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> + <type>partialbundlelist</type>
>> >>>> + <scope>provided</scope>
>> >>>> + </dependency>
>> >>>>
>> >>>> <!-- Stanbol CMS Adapter Bundle List -->
>> >>>> <dependency>
>> >>>>
>> >>>> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
>> >>>> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10
>> 17:54:19 2012
>> >>>> @@ -165,6 +165,15 @@
>> >>>> <type>partialbundlelist</type>
>> >>>> <scope>provided</scope>
>> >>>> </dependency>
>> >>>> +
>> >>>> + <!-- Authentication Support-->
>> >>>> + <dependency>
>> >>>> + <groupId>org.apache.stanbol</groupId>
>> >>>> +
>> >>>>
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> >>>> + <type>partialbundlelist</type>
>> >>>> + <scope>provided</scope>
>> >>>> + </dependency>
>> >>>>
>> >>>> <!-- zz> Shell Bundle List -->
>> >>>> <dependency>
>> >>>>
>> >>>> Modified: incubator/stanbol/trunk/pom.xml
>> >>>> URL:
>> >>>>
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>> >>>>
>> >>>>
>> ==============================================================================
>> >>>> --- incubator/stanbol/trunk/pom.xml (original)
>> >>>> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
>> >>>> @@ -85,6 +85,7 @@
>> >>>>
>> >>>> <module>launchers/bundlelists/osgiframework</module>
>> >>>> <module>launchers/bundlelists/stanbolcommons</module>
>> >>>> + <module>launchers/bundlelists/authentication</module>
>> >>>> <module>launchers/bundlelists/zzshell</module>
>> >>>> <module>launchers/full</module>
>> >>>> <module>integration-tests</module>
>> >>>>
>> >>>>
>> >>>>
>> >>
>> >>
>> >>
>> >> --
>> >> Fabian
>> >> http://twitter.com/fctwitt
>> >
>> >
>> >
>> > --
>> > | Rupert Westenthaler rupert.westenthaler@gmail.com
>> > | Bodenlehenstraße 11 ++43-699-11108907
>> > | A-5500 Bischofshofen
>>
>>
>>
>> --
>> | Rupert Westenthaler rupert.westenthaler@gmail.com
>> | Bodenlehenstraße 11 ++43-699-11108907
>> | A-5500 Bischofshofen
>>
--
| Rupert Westenthaler rupert.westenthaler@gmail.com
| Bodenlehenstraße 11 ++43-699-11108907
| A-5500 Bischofshofen
Re: Authentication
Posted by Reto Bachmann-Gmür <re...@apache.org>.
Hi Rupert, all
Indeed I have to explain more about security and how this is to be used.
What do developer of Stanbol module need to know t support access control:
1. What to do do
Your application can explicitly require permission, you can create your own
permission class and check for a permission with the AccessController
Permission perm = new WeaponUsePermission("missiles", "fire");
AccessController.checkPermission(perm);
Many library calls already require Permission, for example if you access a
File with java.io or a graph with TcManager specific permissions are
required.
If the application wants to execute code without requiring the user to have
the permissions required by the libraries a code block can be executed as
privileged.
>From the AccessController Javadoc:
...normal code here...
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
// privileged code goes here, for example:
System.loadLibrary("awt");
return null; // nothing to return
}
});
...normal code here...
A frequent pattern is to check a specific permission with AccessController
and then execute code as priviledged so that if a user has a send-mail
permission she doesn’t additionally need a netweor-access permission.
e.g.
AccessController.checkPermission(new SendMailPermission());
return AccessController.doPrivileged(new PrivilegedAction() {
@Override
public Response run() {
//do the networking and send the mail
}
});
2. What not to do
Never catch SecurityExceptions, only SecurityException that reach the
authenticating filter will allow the user to login.
How does it work:
The current code does not use Jaas LoginModules as this brings all the
ClassPath difficulties and I couldn't identify clear benefits. It is a port
of the clerezza login mechanism. Clerezza supports http-auth, foem based
login with cookies and webid. To get us started I wanted to port http-auth.
To your questions:
* What is the WebIdBasedPermissionProvider for?
The need for WebIdBasedPermissionProvider arises when you have roaming
users, i.e. when OpenId or WebId authentication is supported, in this case
a WebIdBasedPermissionProvider can give those users unknown to the system
some permissions (e.g. based on the social distance to the site owner).
* What is the intension of the LoginListener?
>
I think this can be dropped. Can't think of a compelling usecase.
> * Is there a Code example on how to use Permissions in Stanbol?
>
See above
> * How would components define Permissions (e.g the Stanbol Enhancer to
> allow the execution of an EnhancementChain/
> EnhancementEngine)
>
Just define a class extending java.util.Permission, make sure it has a
(String,String) constructor and that its equals and hashcode methods are
properly implemented. And then use it as the WeaponUsePermission above.
To your suggestions:
- I agree with using the service.ranking instead of the weight method.
For the other suggestion designed to increase flexibility I'd suggest to
postbone them a bit and see what is needed. I'm currently working on a user
management interface which seems a preliminary to start playing with the
stuff. In a next step we can discuss how to best integrate Ldap (a
different AuthenticationChecker or a virtual graph, AuthenticationChecker
seems very limited anyway as it only supports password auth, drop that
interface).
I hope that I'll soon be able to present a usable usermanager and that this
will allow to have a minimalistic but working system which gives a
foundation for (discussing) further developments.
Cheers,
Reto
On Mon, Sep 17, 2012 at 10:33 AM, Rupert Westenthaler <
rupert.westenthaler@gmail.com> wrote:
> Hi Reto, all
>
> spent some more time trying to understand the Stanbol Authentication
> module. In the following my findings, many questions and some
> suggestions.
>
> Architecture:
> ---------
>
> This tires to explain the Architecture of
> "o.a.stanbol.commons.security" as I understood it while looking at the
> code. Reto please correct me if I got something wrong.
>
> ### extension points
>
> As far as I can see there are two extension points:
>
> * AuthenticationChecker: checks if a user exists and if the password
> matches
> * AuthenticationMethod: authenticate an user with the information
> provided in a http request
>
> ### Services:
>
> The
>
> * AuthenticationService: can be used to authenticate a Users. Wraps
> all available AuthenticationChecker
> * UserAwarePolicy: Class extending java.security.Policy registered as
> OSGI service. It uses information stored in an RDF graph (the Clerezza
> SYSTEM_GRAPH) to map a an authenticated user with Permissions.
> Permissions are defined using an RDF schema.
>
> Note also the SecurityActivator Component that ensures that the
> UserAwarePolicy is set/unset as soon as registered/unregistered as
> OSGI service.
>
> ### Questions:
>
> * What is the WebIdBasedPermissionProvider for?
> * What is the intension of the LoginListener?
> * Is there a Code example on how to use Permissions in Stanbol?
> * How would components define Permissions (e.g the Stanbol Enhancer to
> allow the execution of an EnhancementChain/EnhancementEngine)
>
>
> Stanbol Security and JAAS:
> -------
>
> ? How is this related to JAAS: I see that the code seems to be based
> on JAAS as it uses a lot of classes from the according packages. Some
> code snippets are similar to [1], but a Google search also reveals
> that Karaf supports JAAS. There are even some hits for Sling and JAAS.
> I am not familiar with JAAS so it would be cool if someone could
> provide more information about that.
>
> ? Configuration: The current implementation uses a RDF for the
> configuration of users, permission ... The Karaf implementation uses
> an XML schema to do the same. Does it make sense ( and would it be
> possible) to use both possibilities within Stanbol? Would that be an
> other extension point related to the UserAwarePolicy?
>
> ? OSGI integration: I have found a lot of references to Classpath
> related problems with JAAS in OSGI. Karaf uses a ProxyLoginModule [2]
> to workaround those problems. I would really like to understand how
> this handled in the current implementation within Stanbol. How does
> the current implementation deal with this problem?
>
> Other things I noticed:
> -----
>
> * I would suggest to move the AuthenticationChecker implementation to
> an own Module similar as the implementation of the
> AutenthicationMethod already are.
>
> * I would suggest to use the standard OSGI service.ranking instead of
> the "weight" property mainly because Stanbol already uses the
> "service.ranking" on several occasions (e.g. EnhancementChains,
> Entityhub Sites, Contenthub Stores). In addition using service.ranking
> also ensures that the OSGI ServiceTracker and @Refernece annotations
> do inject automatically the service with the highest ranking (in case
> single cardinality is used).
>
> * I would like to have the option to use a Stanbol specific variant of
> registering/populate/manage the MGraph used to read the permissions
> from (e.g. by making the OSGI filter string for the SystemGraph
> configurable). Than different components could be used to
> register/populate/manage the MGraph with the permissions. As bundles
> can also contribute configurations we could also automatically set the
> configuration based on the bundles loaded in the OSGI environment.
>
>
> best
> Rupert
>
> [1]
> http://wiki.trialox.org/confluence/display/DEV/User+Authorization+based+on+JAAS+in+OSGi+Environment
> [2]
> http://felix.apache.org/site/45-security-framework.html#4.5.Securityframework-Architecture
>
> On Sun, Sep 16, 2012 at 9:26 PM, Rupert Westenthaler
> <ru...@gmail.com> wrote:
> > Hi,
> >
> > The reason why I opted to exclude the authentication bundles form the
> > "stable" launcher was
> >
> > 1. The stable launcher is also some kind of a minimum launcher (only
> > containing the Enhancer and the Entityhub).
> > 2. Adding authentication forced me to use the "-XX:MaxPermSize=256m"
> > option to avoid PermGen OOM errors during startup
> >
> > Independent of that I think that having authentication in an own
> > bundle-list is a good think as it makes it more easy to add/skip this
> > feature by users that build their own customized Stanbol launcher.
> >
> >> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
> >>> While the problems you encountered with the stable launcher obviously
> must
> >>> be resolved (the problem afaik being that a bundle is missing that
> happens
> >>> to be provided by the shell list in the full launcher)
> >
> > I think you can solve this by adding those bundles to multiple bundle
> list.
> >
> >>> I don't think that disabling the authenticationg modules altogether is
> a good option.
> >
> > But why do I see this increase of the PermGen size if the feature is
> > disabled? Any Idea?
> >
> > Can we provide a dummy implementation of "AuthenticationMethod" with
> > no external dependencies that has the same effect as disabling. Than
> > we can use this implementation in Launchers that do not use/support
> > authentication?
> >
> > best
> > Rupert
> >
> > On Fri, Sep 14, 2012 at 9:44 AM, Fabian Christ
> > <ch...@googlemail.com> wrote:
> >> Hi,
> >>
> >> I think this is valid point by Reto. The functionality is really
> >> useful for business applications. So disabling like Reto described may
> >> be a better choice than removing the bundles.
> >>
> >> Anyway, I did not have a closer look at this feature but I imagine
> >> that it is possible to customize the authentication in many
> >> directions, right? If this is not the case, we should think about it
> >> as many companies use very different authentication policies and
> >> technologies.
> >>
> >> Best,
> >> - Fabian
> >>
> >> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
> >>> Hi Rupert
> >>>
> >>> While the problems you encountered with the stable launcher obviously
> must
> >>> be resolved (the problem afaik being that a bundle is missing that
> happens
> >>> to be provided by the shell list in the full launcher) I don't think
> that
> >>> disabling the authenticationg modules altogether is a good option.
> >>>
> >>> Disabling authentication is fine, in this case all operations are being
> >>> executed by an allmighty anonymous user but removing the bundles means
> that
> >>> stanbol bundles cannot rely in bundles being there telling who the
> current
> >>> user is. However I think that this is a feature not only needed for
> >>> multi-tenancy but one that can be used for many purposes.
> >>>
> >>> So I think the basic features should be included in all launchers as
> all
> >>> modules should be able to access this functionality. Developers of
> >>> components should be encouraged to use these features to make their
> bundle
> >>> user-aware and to provide reasonable permission checks for the
> >>> functionality thei're offering.
> >>>
> >>> Cheers,
> >>> Reto
> >>>
> >>> On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
> >>>
> >>>> Author: rwesten
> >>>> Date: Mon Sep 10 17:54:19 2012
> >>>> New Revision: 1383002
> >>>>
> >>>> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
> >>>> Log:
> >>>> STANBOL-721: Moved the dependencies needed for authentication to an
> own
> >>>> partial bundlelist. Currently used by the full and full-war launcher
> >>>>
> >>>> Added:
> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/
> (with
> >>>> props)
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> >>>> (with props)
> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
> >>>>
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
> >>>>
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> >>>> (with props)
> >>>> Modified:
> >>>>
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> >>>> incubator/stanbol/trunk/launchers/full-war/pom.xml
> >>>> incubator/stanbol/trunk/launchers/full/pom.xml
> >>>> incubator/stanbol/trunk/pom.xml
> >>>>
> >>>> Propchange:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> --- svn:ignore (added)
> >>>> +++ svn:ignore Mon Sep 10 17:54:19 2012
> >>>> @@ -0,0 +1,3 @@
> >>>> +.settings
> >>>> +
> >>>> +.project
> >>>>
> >>>> Added:
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
> >>>>
> >>>>
> ==============================================================================
> >>>> ---
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> >>>> (added)
> >>>> +++
> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> >>>> Mon Sep 10 17:54:19 2012
> >>>> @@ -0,0 +1,65 @@
> >>>> +<?xml version="1.0" encoding="UTF-8"?>
> >>>> +<!--
> >>>> + Licensed to the Apache Software Foundation (ASF) under one or more
> >>>> + contributor license agreements. See the NOTICE file distributed
> with
> >>>> + this work for additional information regarding copyright ownership.
> >>>> + The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>>> + (the "License"); you may not use this file except in compliance
> with
> >>>> + the License. You may obtain a copy of the License at
> >>>> +
> >>>> + http://www.apache.org/licenses/LICENSE-2.0
> >>>> +
> >>>> + Unless required by applicable law or agreed to in writing, software
> >>>> + distributed under the License is distributed on an "AS IS" BASIS,
> >>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>>> + See the License for the specific language governing permissions and
> >>>> + limitations under the License.
> >>>> +-->
> >>>> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
> >>>> http://www.w3.org/2001/XMLSchema-instance"
> >>>> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> >>>> http://maven.apache.org/maven-v4_0_0.xsd">
> >>>> + <modelVersion>4.0.0</modelVersion>
> >>>> + <parent>
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> + <artifactId>stanbol-parent</artifactId>
> >>>> + <version>2-incubating-SNAPSHOT</version>
> >>>> + <relativePath>../../../parent</relativePath>
> >>>> + </parent>
> >>>> +
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> +
> >>>>
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> + <packaging>partialbundlelist</packaging>
> >>>> +
> >>>> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
> >>>> + <description>This is a Maven project which produces the partial
> list
> >>>> containing the bundles related to Authentication.</description>
> >>>> +
> >>>> + <scm>
> >>>> + <connection>
> >>>> + scm:svn:
> >>>>
> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
> >>>> + </connection>
> >>>> + <developerConnection>
> >>>> + scm:svn:
> >>>>
> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
> >>>> + </developerConnection>
> >>>> + <url>http://incubator.apache.org/stanbol/</url>
> >>>> + </scm>
> >>>> +
> >>>> + <build>
> >>>> + <plugins>
> >>>> + <plugin>
> >>>> + <groupId>org.apache.sling</groupId>
> >>>> + <artifactId>maven-launchpad-plugin</artifactId>
> >>>> + <executions>
> >>>> + <execution>
> >>>> + <id>attach-bundle-list</id>
> >>>> + <goals>
> >>>> + <goal>attach-bundle-list</goal>
> >>>> + </goals>
> >>>> + <configuration>
> >>>> + <includeDefaultBundles>false</includeDefaultBundles>
> >>>> + </configuration>
> >>>> + </execution>
> >>>> + </executions>
> >>>> + </plugin>
> >>>> + </plugins>
> >>>> + </build>
> >>>> +</project>
> >>>>
> >>>> Propchange:
> >>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> svn:mime-type = text/plain
> >>>>
> >>>> Added:
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
> >>>>
> >>>>
> ==============================================================================
> >>>> ---
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> >>>> (added)
> >>>> +++
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> >>>> Mon Sep 10 17:54:19 2012
> >>>> @@ -0,0 +1,47 @@
> >>>> +<?xml version="1.0" encoding="UTF-8"?>
> >>>> +<!--
> >>>> + Licensed to the Apache Software Foundation (ASF) under one or more
> >>>> + contributor license agreements. See the NOTICE file distributed
> with
> >>>> + this work for additional information regarding copyright ownership.
> >>>> + The ASF licenses this file to You under the Apache License,
> Version 2.0
> >>>> + (the "License"); you may not use this file except in compliance
> with
> >>>> + the License. You may obtain a copy of the License at
> >>>> +
> >>>> + http://www.apache.org/licenses/LICENSE-2.0
> >>>> +
> >>>> + Unless required by applicable law or agreed to in writing, software
> >>>> + distributed under the License is distributed on an "AS IS" BASIS,
> >>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>>> + See the License for the specific language governing permissions and
> >>>> + limitations under the License.
> >>>> +-->
> >>>> +<bundles>
> >>>> + <!-- authentication -->
> >>>> + <startLevel level="27">
> >>>> + <bundle>
> >>>> + <groupId>org.apache.clerezza</groupId>
> >>>> + <artifactId>platform.config</artifactId>
> >>>> + <version>0.3-incubating</version>
> >>>> + </bundle>
> >>>> + <bundle>
> >>>> + <groupId>org.apache.clerezza</groupId>
> >>>> + <artifactId>permissiondescriptions</artifactId>
> >>>> + <version>0.1-incubating</version>
> >>>> + </bundle>
> >>>> + <bundle>
> >>>> + <groupId>org.apache.clerezza</groupId>
> >>>> + <artifactId>platform</artifactId>
> >>>> + <version>0.1-incubating</version>
> >>>> + </bundle>
> >>>> + <bundle>
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> + <artifactId>org.apache.stanbol.commons.security</artifactId>
> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> + </bundle>
> >>>> + <bundle>
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> +
> >>>>
> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> + </bundle>
> >>>> + </startLevel>
> >>>> +</bundles>
> >>>> \ No newline at end of file
> >>>>
> >>>> Propchange:
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
> >>>>
> >>>>
> ------------------------------------------------------------------------------
> >>>> svn:mime-type = text/plain
> >>>>
> >>>> Modified:
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
> >>>>
> >>>>
> ==============================================================================
> >>>> ---
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> >>>> (original)
> >>>> +++
> >>>>
> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
> >>>> Mon Sep 10 17:54:19 2012
> >>>> @@ -293,35 +293,6 @@
> >>>> </bundle>
> >>>> </startLevel>
> >>>>
> >>>> - <!-- authentication -->
> >>>> - <startLevel level="27">
> >>>> - <bundle>
> >>>> - <groupId>org.apache.clerezza</groupId>
> >>>> - <artifactId>platform.config</artifactId>
> >>>> - <version>0.3-incubating</version>
> >>>> - </bundle>
> >>>> - <bundle>
> >>>> - <groupId>org.apache.clerezza</groupId>
> >>>> -
> <artifactId>permissiondescriptions</artifactId>
> >>>> - <version>0.1-incubating</version>
> >>>> - </bundle>
> >>>> - <bundle>
> >>>> - <groupId>org.apache.clerezza</groupId>
> >>>> - <artifactId>platform</artifactId>
> >>>> - <version>0.1-incubating</version>
> >>>> - </bundle>
> >>>> - <bundle>
> >>>> - <groupId>org.apache.stanbol</groupId>
> >>>> - <artifactId>org.apache.stanbol.commons.security</artifactId>
> >>>> - <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> - </bundle>
> >>>> - <bundle>
> >>>> - <groupId>org.apache.stanbol</groupId>
> >>>> -
> >>>>
> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
> >>>> - <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> - </bundle>
> >>>> - </startLevel>
> >>>> -
> >>>> <!-- Stanbol Commons -->
> >>>> <startLevel level="27">
> >>>> <!-- Allows to run Stanbol in offline mode -->
> >>>>
> >>>> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
> >>>>
> >>>>
> ==============================================================================
> >>>> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
> >>>> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10
> 17:54:19
> >>>> 2012
> >>>> @@ -135,6 +135,14 @@
> >>>> <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> <type>partialbundlelist</type>
> >>>> </dependency>
> >>>> + <!-- Authentication Support-->
> >>>> + <dependency>
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> +
> >>>>
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> + <type>partialbundlelist</type>
> >>>> + <scope>provided</scope>
> >>>> + </dependency>
> >>>>
> >>>> <!-- Stanbol CMS Adapter Bundle List -->
> >>>> <dependency>
> >>>>
> >>>> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
> >>>>
> >>>>
> ==============================================================================
> >>>> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
> >>>> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10
> 17:54:19 2012
> >>>> @@ -165,6 +165,15 @@
> >>>> <type>partialbundlelist</type>
> >>>> <scope>provided</scope>
> >>>> </dependency>
> >>>> +
> >>>> + <!-- Authentication Support-->
> >>>> + <dependency>
> >>>> + <groupId>org.apache.stanbol</groupId>
> >>>> +
> >>>>
> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
> >>>> + <version>0.10.0-incubating-SNAPSHOT</version>
> >>>> + <type>partialbundlelist</type>
> >>>> + <scope>provided</scope>
> >>>> + </dependency>
> >>>>
> >>>> <!-- zz> Shell Bundle List -->
> >>>> <dependency>
> >>>>
> >>>> Modified: incubator/stanbol/trunk/pom.xml
> >>>> URL:
> >>>>
> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
> >>>>
> >>>>
> ==============================================================================
> >>>> --- incubator/stanbol/trunk/pom.xml (original)
> >>>> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
> >>>> @@ -85,6 +85,7 @@
> >>>>
> >>>> <module>launchers/bundlelists/osgiframework</module>
> >>>> <module>launchers/bundlelists/stanbolcommons</module>
> >>>> + <module>launchers/bundlelists/authentication</module>
> >>>> <module>launchers/bundlelists/zzshell</module>
> >>>> <module>launchers/full</module>
> >>>> <module>integration-tests</module>
> >>>>
> >>>>
> >>>>
> >>
> >>
> >>
> >> --
> >> Fabian
> >> http://twitter.com/fctwitt
> >
> >
> >
> > --
> > | Rupert Westenthaler rupert.westenthaler@gmail.com
> > | Bodenlehenstraße 11 ++43-699-11108907
> > | A-5500 Bischofshofen
>
>
>
> --
> | Rupert Westenthaler rupert.westenthaler@gmail.com
> | Bodenlehenstraße 11 ++43-699-11108907
> | A-5500 Bischofshofen
>
Re: Authentication
Posted by Rupert Westenthaler <ru...@gmail.com>.
Hi Reto, all
spent some more time trying to understand the Stanbol Authentication
module. In the following my findings, many questions and some
suggestions.
Architecture:
---------
This tires to explain the Architecture of
"o.a.stanbol.commons.security" as I understood it while looking at the
code. Reto please correct me if I got something wrong.
### extension points
As far as I can see there are two extension points:
* AuthenticationChecker: checks if a user exists and if the password matches
* AuthenticationMethod: authenticate an user with the information
provided in a http request
### Services:
The
* AuthenticationService: can be used to authenticate a Users. Wraps
all available AuthenticationChecker
* UserAwarePolicy: Class extending java.security.Policy registered as
OSGI service. It uses information stored in an RDF graph (the Clerezza
SYSTEM_GRAPH) to map a an authenticated user with Permissions.
Permissions are defined using an RDF schema.
Note also the SecurityActivator Component that ensures that the
UserAwarePolicy is set/unset as soon as registered/unregistered as
OSGI service.
### Questions:
* What is the WebIdBasedPermissionProvider for?
* What is the intension of the LoginListener?
* Is there a Code example on how to use Permissions in Stanbol?
* How would components define Permissions (e.g the Stanbol Enhancer to
allow the execution of an EnhancementChain/EnhancementEngine)
Stanbol Security and JAAS:
-------
? How is this related to JAAS: I see that the code seems to be based
on JAAS as it uses a lot of classes from the according packages. Some
code snippets are similar to [1], but a Google search also reveals
that Karaf supports JAAS. There are even some hits for Sling and JAAS.
I am not familiar with JAAS so it would be cool if someone could
provide more information about that.
? Configuration: The current implementation uses a RDF for the
configuration of users, permission ... The Karaf implementation uses
an XML schema to do the same. Does it make sense ( and would it be
possible) to use both possibilities within Stanbol? Would that be an
other extension point related to the UserAwarePolicy?
? OSGI integration: I have found a lot of references to Classpath
related problems with JAAS in OSGI. Karaf uses a ProxyLoginModule [2]
to workaround those problems. I would really like to understand how
this handled in the current implementation within Stanbol. How does
the current implementation deal with this problem?
Other things I noticed:
-----
* I would suggest to move the AuthenticationChecker implementation to
an own Module similar as the implementation of the
AutenthicationMethod already are.
* I would suggest to use the standard OSGI service.ranking instead of
the "weight" property mainly because Stanbol already uses the
"service.ranking" on several occasions (e.g. EnhancementChains,
Entityhub Sites, Contenthub Stores). In addition using service.ranking
also ensures that the OSGI ServiceTracker and @Refernece annotations
do inject automatically the service with the highest ranking (in case
single cardinality is used).
* I would like to have the option to use a Stanbol specific variant of
registering/populate/manage the MGraph used to read the permissions
from (e.g. by making the OSGI filter string for the SystemGraph
configurable). Than different components could be used to
register/populate/manage the MGraph with the permissions. As bundles
can also contribute configurations we could also automatically set the
configuration based on the bundles loaded in the OSGI environment.
best
Rupert
[1] http://wiki.trialox.org/confluence/display/DEV/User+Authorization+based+on+JAAS+in+OSGi+Environment
[2] http://felix.apache.org/site/45-security-framework.html#4.5.Securityframework-Architecture
On Sun, Sep 16, 2012 at 9:26 PM, Rupert Westenthaler
<ru...@gmail.com> wrote:
> Hi,
>
> The reason why I opted to exclude the authentication bundles form the
> "stable" launcher was
>
> 1. The stable launcher is also some kind of a minimum launcher (only
> containing the Enhancer and the Entityhub).
> 2. Adding authentication forced me to use the "-XX:MaxPermSize=256m"
> option to avoid PermGen OOM errors during startup
>
> Independent of that I think that having authentication in an own
> bundle-list is a good think as it makes it more easy to add/skip this
> feature by users that build their own customized Stanbol launcher.
>
>> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>>> While the problems you encountered with the stable launcher obviously must
>>> be resolved (the problem afaik being that a bundle is missing that happens
>>> to be provided by the shell list in the full launcher)
>
> I think you can solve this by adding those bundles to multiple bundle list.
>
>>> I don't think that disabling the authenticationg modules altogether is a good option.
>
> But why do I see this increase of the PermGen size if the feature is
> disabled? Any Idea?
>
> Can we provide a dummy implementation of "AuthenticationMethod" with
> no external dependencies that has the same effect as disabling. Than
> we can use this implementation in Launchers that do not use/support
> authentication?
>
> best
> Rupert
>
> On Fri, Sep 14, 2012 at 9:44 AM, Fabian Christ
> <ch...@googlemail.com> wrote:
>> Hi,
>>
>> I think this is valid point by Reto. The functionality is really
>> useful for business applications. So disabling like Reto described may
>> be a better choice than removing the bundles.
>>
>> Anyway, I did not have a closer look at this feature but I imagine
>> that it is possible to customize the authentication in many
>> directions, right? If this is not the case, we should think about it
>> as many companies use very different authentication policies and
>> technologies.
>>
>> Best,
>> - Fabian
>>
>> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>>> Hi Rupert
>>>
>>> While the problems you encountered with the stable launcher obviously must
>>> be resolved (the problem afaik being that a bundle is missing that happens
>>> to be provided by the shell list in the full launcher) I don't think that
>>> disabling the authenticationg modules altogether is a good option.
>>>
>>> Disabling authentication is fine, in this case all operations are being
>>> executed by an allmighty anonymous user but removing the bundles means that
>>> stanbol bundles cannot rely in bundles being there telling who the current
>>> user is. However I think that this is a feature not only needed for
>>> multi-tenancy but one that can be used for many purposes.
>>>
>>> So I think the basic features should be included in all launchers as all
>>> modules should be able to access this functionality. Developers of
>>> components should be encouraged to use these features to make their bundle
>>> user-aware and to provide reasonable permission checks for the
>>> functionality thei're offering.
>>>
>>> Cheers,
>>> Reto
>>>
>>> On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
>>>
>>>> Author: rwesten
>>>> Date: Mon Sep 10 17:54:19 2012
>>>> New Revision: 1383002
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
>>>> Log:
>>>> STANBOL-721: Moved the dependencies needed for authentication to an own
>>>> partial bundlelist. Currently used by the full and full-war launcher
>>>>
>>>> Added:
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/ (with
>>>> props)
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>> (with props)
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
>>>>
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
>>>>
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>> (with props)
>>>> Modified:
>>>>
>>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>>> incubator/stanbol/trunk/launchers/full-war/pom.xml
>>>> incubator/stanbol/trunk/launchers/full/pom.xml
>>>> incubator/stanbol/trunk/pom.xml
>>>>
>>>> Propchange: incubator/stanbol/trunk/launchers/bundlelists/authentication/
>>>>
>>>> ------------------------------------------------------------------------------
>>>> --- svn:ignore (added)
>>>> +++ svn:ignore Mon Sep 10 17:54:19 2012
>>>> @@ -0,0 +1,3 @@
>>>> +.settings
>>>> +
>>>> +.project
>>>>
>>>> Added: incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
>>>>
>>>> ==============================================================================
>>>> --- incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>> (added)
>>>> +++ incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>> Mon Sep 10 17:54:19 2012
>>>> @@ -0,0 +1,65 @@
>>>> +<?xml version="1.0" encoding="UTF-8"?>
>>>> +<!--
>>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>>>> + contributor license agreements. See the NOTICE file distributed with
>>>> + this work for additional information regarding copyright ownership.
>>>> + The ASF licenses this file to You under the Apache License, Version 2.0
>>>> + (the "License"); you may not use this file except in compliance with
>>>> + the License. You may obtain a copy of the License at
>>>> +
>>>> + http://www.apache.org/licenses/LICENSE-2.0
>>>> +
>>>> + Unless required by applicable law or agreed to in writing, software
>>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>>> + See the License for the specific language governing permissions and
>>>> + limitations under the License.
>>>> +-->
>>>> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
>>>> http://www.w3.org/2001/XMLSchema-instance"
>>>> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>>>> http://maven.apache.org/maven-v4_0_0.xsd">
>>>> + <modelVersion>4.0.0</modelVersion>
>>>> + <parent>
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> + <artifactId>stanbol-parent</artifactId>
>>>> + <version>2-incubating-SNAPSHOT</version>
>>>> + <relativePath>../../../parent</relativePath>
>>>> + </parent>
>>>> +
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> +
>>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>>> + <packaging>partialbundlelist</packaging>
>>>> +
>>>> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
>>>> + <description>This is a Maven project which produces the partial list
>>>> containing the bundles related to Authentication.</description>
>>>> +
>>>> + <scm>
>>>> + <connection>
>>>> + scm:svn:
>>>> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>>>> + </connection>
>>>> + <developerConnection>
>>>> + scm:svn:
>>>> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>>>> + </developerConnection>
>>>> + <url>http://incubator.apache.org/stanbol/</url>
>>>> + </scm>
>>>> +
>>>> + <build>
>>>> + <plugins>
>>>> + <plugin>
>>>> + <groupId>org.apache.sling</groupId>
>>>> + <artifactId>maven-launchpad-plugin</artifactId>
>>>> + <executions>
>>>> + <execution>
>>>> + <id>attach-bundle-list</id>
>>>> + <goals>
>>>> + <goal>attach-bundle-list</goal>
>>>> + </goals>
>>>> + <configuration>
>>>> + <includeDefaultBundles>false</includeDefaultBundles>
>>>> + </configuration>
>>>> + </execution>
>>>> + </executions>
>>>> + </plugin>
>>>> + </plugins>
>>>> + </build>
>>>> +</project>
>>>>
>>>> Propchange:
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>>
>>>> ------------------------------------------------------------------------------
>>>> svn:mime-type = text/plain
>>>>
>>>> Added:
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
>>>>
>>>> ==============================================================================
>>>> ---
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>> (added)
>>>> +++
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>> Mon Sep 10 17:54:19 2012
>>>> @@ -0,0 +1,47 @@
>>>> +<?xml version="1.0" encoding="UTF-8"?>
>>>> +<!--
>>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>>>> + contributor license agreements. See the NOTICE file distributed with
>>>> + this work for additional information regarding copyright ownership.
>>>> + The ASF licenses this file to You under the Apache License, Version 2.0
>>>> + (the "License"); you may not use this file except in compliance with
>>>> + the License. You may obtain a copy of the License at
>>>> +
>>>> + http://www.apache.org/licenses/LICENSE-2.0
>>>> +
>>>> + Unless required by applicable law or agreed to in writing, software
>>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>>> + See the License for the specific language governing permissions and
>>>> + limitations under the License.
>>>> +-->
>>>> +<bundles>
>>>> + <!-- authentication -->
>>>> + <startLevel level="27">
>>>> + <bundle>
>>>> + <groupId>org.apache.clerezza</groupId>
>>>> + <artifactId>platform.config</artifactId>
>>>> + <version>0.3-incubating</version>
>>>> + </bundle>
>>>> + <bundle>
>>>> + <groupId>org.apache.clerezza</groupId>
>>>> + <artifactId>permissiondescriptions</artifactId>
>>>> + <version>0.1-incubating</version>
>>>> + </bundle>
>>>> + <bundle>
>>>> + <groupId>org.apache.clerezza</groupId>
>>>> + <artifactId>platform</artifactId>
>>>> + <version>0.1-incubating</version>
>>>> + </bundle>
>>>> + <bundle>
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> + <artifactId>org.apache.stanbol.commons.security</artifactId>
>>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>>> + </bundle>
>>>> + <bundle>
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> +
>>>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>>> + </bundle>
>>>> + </startLevel>
>>>> +</bundles>
>>>> \ No newline at end of file
>>>>
>>>> Propchange:
>>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>>
>>>> ------------------------------------------------------------------------------
>>>> svn:mime-type = text/plain
>>>>
>>>> Modified:
>>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>>
>>>> ==============================================================================
>>>> ---
>>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>>> (original)
>>>> +++
>>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>>> Mon Sep 10 17:54:19 2012
>>>> @@ -293,35 +293,6 @@
>>>> </bundle>
>>>> </startLevel>
>>>>
>>>> - <!-- authentication -->
>>>> - <startLevel level="27">
>>>> - <bundle>
>>>> - <groupId>org.apache.clerezza</groupId>
>>>> - <artifactId>platform.config</artifactId>
>>>> - <version>0.3-incubating</version>
>>>> - </bundle>
>>>> - <bundle>
>>>> - <groupId>org.apache.clerezza</groupId>
>>>> - <artifactId>permissiondescriptions</artifactId>
>>>> - <version>0.1-incubating</version>
>>>> - </bundle>
>>>> - <bundle>
>>>> - <groupId>org.apache.clerezza</groupId>
>>>> - <artifactId>platform</artifactId>
>>>> - <version>0.1-incubating</version>
>>>> - </bundle>
>>>> - <bundle>
>>>> - <groupId>org.apache.stanbol</groupId>
>>>> - <artifactId>org.apache.stanbol.commons.security</artifactId>
>>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>>>> - </bundle>
>>>> - <bundle>
>>>> - <groupId>org.apache.stanbol</groupId>
>>>> -
>>>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>>>> - </bundle>
>>>> - </startLevel>
>>>> -
>>>> <!-- Stanbol Commons -->
>>>> <startLevel level="27">
>>>> <!-- Allows to run Stanbol in offline mode -->
>>>>
>>>> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>>
>>>> ==============================================================================
>>>> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
>>>> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10 17:54:19
>>>> 2012
>>>> @@ -135,6 +135,14 @@
>>>> <version>0.10.0-incubating-SNAPSHOT</version>
>>>> <type>partialbundlelist</type>
>>>> </dependency>
>>>> + <!-- Authentication Support-->
>>>> + <dependency>
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> +
>>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>>> + <type>partialbundlelist</type>
>>>> + <scope>provided</scope>
>>>> + </dependency>
>>>>
>>>> <!-- Stanbol CMS Adapter Bundle List -->
>>>> <dependency>
>>>>
>>>> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>>
>>>> ==============================================================================
>>>> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
>>>> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10 17:54:19 2012
>>>> @@ -165,6 +165,15 @@
>>>> <type>partialbundlelist</type>
>>>> <scope>provided</scope>
>>>> </dependency>
>>>> +
>>>> + <!-- Authentication Support-->
>>>> + <dependency>
>>>> + <groupId>org.apache.stanbol</groupId>
>>>> +
>>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>>> + <type>partialbundlelist</type>
>>>> + <scope>provided</scope>
>>>> + </dependency>
>>>>
>>>> <!-- zz> Shell Bundle List -->
>>>> <dependency>
>>>>
>>>> Modified: incubator/stanbol/trunk/pom.xml
>>>> URL:
>>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>>
>>>> ==============================================================================
>>>> --- incubator/stanbol/trunk/pom.xml (original)
>>>> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
>>>> @@ -85,6 +85,7 @@
>>>>
>>>> <module>launchers/bundlelists/osgiframework</module>
>>>> <module>launchers/bundlelists/stanbolcommons</module>
>>>> + <module>launchers/bundlelists/authentication</module>
>>>> <module>launchers/bundlelists/zzshell</module>
>>>> <module>launchers/full</module>
>>>> <module>integration-tests</module>
>>>>
>>>>
>>>>
>>
>>
>>
>> --
>> Fabian
>> http://twitter.com/fctwitt
>
>
>
> --
> | Rupert Westenthaler rupert.westenthaler@gmail.com
> | Bodenlehenstraße 11 ++43-699-11108907
> | A-5500 Bischofshofen
--
| Rupert Westenthaler rupert.westenthaler@gmail.com
| Bodenlehenstraße 11 ++43-699-11108907
| A-5500 Bischofshofen
Re: Authentication
Posted by Rupert Westenthaler <ru...@gmail.com>.
Hi,
The reason why I opted to exclude the authentication bundles form the
"stable" launcher was
1. The stable launcher is also some kind of a minimum launcher (only
containing the Enhancer and the Entityhub).
2. Adding authentication forced me to use the "-XX:MaxPermSize=256m"
option to avoid PermGen OOM errors during startup
Independent of that I think that having authentication in an own
bundle-list is a good think as it makes it more easy to add/skip this
feature by users that build their own customized Stanbol launcher.
> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>> While the problems you encountered with the stable launcher obviously must
>> be resolved (the problem afaik being that a bundle is missing that happens
>> to be provided by the shell list in the full launcher)
I think you can solve this by adding those bundles to multiple bundle list.
>> I don't think that disabling the authenticationg modules altogether is a good option.
But why do I see this increase of the PermGen size if the feature is
disabled? Any Idea?
Can we provide a dummy implementation of "AuthenticationMethod" with
no external dependencies that has the same effect as disabling. Than
we can use this implementation in Launchers that do not use/support
authentication?
best
Rupert
On Fri, Sep 14, 2012 at 9:44 AM, Fabian Christ
<ch...@googlemail.com> wrote:
> Hi,
>
> I think this is valid point by Reto. The functionality is really
> useful for business applications. So disabling like Reto described may
> be a better choice than removing the bundles.
>
> Anyway, I did not have a closer look at this feature but I imagine
> that it is possible to customize the authentication in many
> directions, right? If this is not the case, we should think about it
> as many companies use very different authentication policies and
> technologies.
>
> Best,
> - Fabian
>
> 2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
>> Hi Rupert
>>
>> While the problems you encountered with the stable launcher obviously must
>> be resolved (the problem afaik being that a bundle is missing that happens
>> to be provided by the shell list in the full launcher) I don't think that
>> disabling the authenticationg modules altogether is a good option.
>>
>> Disabling authentication is fine, in this case all operations are being
>> executed by an allmighty anonymous user but removing the bundles means that
>> stanbol bundles cannot rely in bundles being there telling who the current
>> user is. However I think that this is a feature not only needed for
>> multi-tenancy but one that can be used for many purposes.
>>
>> So I think the basic features should be included in all launchers as all
>> modules should be able to access this functionality. Developers of
>> components should be encouraged to use these features to make their bundle
>> user-aware and to provide reasonable permission checks for the
>> functionality thei're offering.
>>
>> Cheers,
>> Reto
>>
>> On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
>>
>>> Author: rwesten
>>> Date: Mon Sep 10 17:54:19 2012
>>> New Revision: 1383002
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
>>> Log:
>>> STANBOL-721: Moved the dependencies needed for authentication to an own
>>> partial bundlelist. Currently used by the full and full-war launcher
>>>
>>> Added:
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/ (with
>>> props)
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>> (with props)
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
>>>
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
>>>
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>> (with props)
>>> Modified:
>>>
>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>> incubator/stanbol/trunk/launchers/full-war/pom.xml
>>> incubator/stanbol/trunk/launchers/full/pom.xml
>>> incubator/stanbol/trunk/pom.xml
>>>
>>> Propchange: incubator/stanbol/trunk/launchers/bundlelists/authentication/
>>>
>>> ------------------------------------------------------------------------------
>>> --- svn:ignore (added)
>>> +++ svn:ignore Mon Sep 10 17:54:19 2012
>>> @@ -0,0 +1,3 @@
>>> +.settings
>>> +
>>> +.project
>>>
>>> Added: incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
>>>
>>> ==============================================================================
>>> --- incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>> (added)
>>> +++ incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>> Mon Sep 10 17:54:19 2012
>>> @@ -0,0 +1,65 @@
>>> +<?xml version="1.0" encoding="UTF-8"?>
>>> +<!--
>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>>> + contributor license agreements. See the NOTICE file distributed with
>>> + this work for additional information regarding copyright ownership.
>>> + The ASF licenses this file to You under the Apache License, Version 2.0
>>> + (the "License"); you may not use this file except in compliance with
>>> + the License. You may obtain a copy of the License at
>>> +
>>> + http://www.apache.org/licenses/LICENSE-2.0
>>> +
>>> + Unless required by applicable law or agreed to in writing, software
>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> + See the License for the specific language governing permissions and
>>> + limitations under the License.
>>> +-->
>>> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
>>> http://www.w3.org/2001/XMLSchema-instance"
>>> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>>> http://maven.apache.org/maven-v4_0_0.xsd">
>>> + <modelVersion>4.0.0</modelVersion>
>>> + <parent>
>>> + <groupId>org.apache.stanbol</groupId>
>>> + <artifactId>stanbol-parent</artifactId>
>>> + <version>2-incubating-SNAPSHOT</version>
>>> + <relativePath>../../../parent</relativePath>
>>> + </parent>
>>> +
>>> + <groupId>org.apache.stanbol</groupId>
>>> +
>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>> + <packaging>partialbundlelist</packaging>
>>> +
>>> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
>>> + <description>This is a Maven project which produces the partial list
>>> containing the bundles related to Authentication.</description>
>>> +
>>> + <scm>
>>> + <connection>
>>> + scm:svn:
>>> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>>> + </connection>
>>> + <developerConnection>
>>> + scm:svn:
>>> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>>> + </developerConnection>
>>> + <url>http://incubator.apache.org/stanbol/</url>
>>> + </scm>
>>> +
>>> + <build>
>>> + <plugins>
>>> + <plugin>
>>> + <groupId>org.apache.sling</groupId>
>>> + <artifactId>maven-launchpad-plugin</artifactId>
>>> + <executions>
>>> + <execution>
>>> + <id>attach-bundle-list</id>
>>> + <goals>
>>> + <goal>attach-bundle-list</goal>
>>> + </goals>
>>> + <configuration>
>>> + <includeDefaultBundles>false</includeDefaultBundles>
>>> + </configuration>
>>> + </execution>
>>> + </executions>
>>> + </plugin>
>>> + </plugins>
>>> + </build>
>>> +</project>
>>>
>>> Propchange:
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>>
>>> ------------------------------------------------------------------------------
>>> svn:mime-type = text/plain
>>>
>>> Added:
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
>>>
>>> ==============================================================================
>>> ---
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>> (added)
>>> +++
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>> Mon Sep 10 17:54:19 2012
>>> @@ -0,0 +1,47 @@
>>> +<?xml version="1.0" encoding="UTF-8"?>
>>> +<!--
>>> + Licensed to the Apache Software Foundation (ASF) under one or more
>>> + contributor license agreements. See the NOTICE file distributed with
>>> + this work for additional information regarding copyright ownership.
>>> + The ASF licenses this file to You under the Apache License, Version 2.0
>>> + (the "License"); you may not use this file except in compliance with
>>> + the License. You may obtain a copy of the License at
>>> +
>>> + http://www.apache.org/licenses/LICENSE-2.0
>>> +
>>> + Unless required by applicable law or agreed to in writing, software
>>> + distributed under the License is distributed on an "AS IS" BASIS,
>>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>> + See the License for the specific language governing permissions and
>>> + limitations under the License.
>>> +-->
>>> +<bundles>
>>> + <!-- authentication -->
>>> + <startLevel level="27">
>>> + <bundle>
>>> + <groupId>org.apache.clerezza</groupId>
>>> + <artifactId>platform.config</artifactId>
>>> + <version>0.3-incubating</version>
>>> + </bundle>
>>> + <bundle>
>>> + <groupId>org.apache.clerezza</groupId>
>>> + <artifactId>permissiondescriptions</artifactId>
>>> + <version>0.1-incubating</version>
>>> + </bundle>
>>> + <bundle>
>>> + <groupId>org.apache.clerezza</groupId>
>>> + <artifactId>platform</artifactId>
>>> + <version>0.1-incubating</version>
>>> + </bundle>
>>> + <bundle>
>>> + <groupId>org.apache.stanbol</groupId>
>>> + <artifactId>org.apache.stanbol.commons.security</artifactId>
>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>> + </bundle>
>>> + <bundle>
>>> + <groupId>org.apache.stanbol</groupId>
>>> +
>>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>> + </bundle>
>>> + </startLevel>
>>> +</bundles>
>>> \ No newline at end of file
>>>
>>> Propchange:
>>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>>
>>> ------------------------------------------------------------------------------
>>> svn:mime-type = text/plain
>>>
>>> Modified:
>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>> (original)
>>> +++
>>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>>> Mon Sep 10 17:54:19 2012
>>> @@ -293,35 +293,6 @@
>>> </bundle>
>>> </startLevel>
>>>
>>> - <!-- authentication -->
>>> - <startLevel level="27">
>>> - <bundle>
>>> - <groupId>org.apache.clerezza</groupId>
>>> - <artifactId>platform.config</artifactId>
>>> - <version>0.3-incubating</version>
>>> - </bundle>
>>> - <bundle>
>>> - <groupId>org.apache.clerezza</groupId>
>>> - <artifactId>permissiondescriptions</artifactId>
>>> - <version>0.1-incubating</version>
>>> - </bundle>
>>> - <bundle>
>>> - <groupId>org.apache.clerezza</groupId>
>>> - <artifactId>platform</artifactId>
>>> - <version>0.1-incubating</version>
>>> - </bundle>
>>> - <bundle>
>>> - <groupId>org.apache.stanbol</groupId>
>>> - <artifactId>org.apache.stanbol.commons.security</artifactId>
>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>>> - </bundle>
>>> - <bundle>
>>> - <groupId>org.apache.stanbol</groupId>
>>> -
>>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>>> - <version>0.10.0-incubating-SNAPSHOT</version>
>>> - </bundle>
>>> - </startLevel>
>>> -
>>> <!-- Stanbol Commons -->
>>> <startLevel level="27">
>>> <!-- Allows to run Stanbol in offline mode -->
>>>
>>> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>
>>> ==============================================================================
>>> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
>>> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10 17:54:19
>>> 2012
>>> @@ -135,6 +135,14 @@
>>> <version>0.10.0-incubating-SNAPSHOT</version>
>>> <type>partialbundlelist</type>
>>> </dependency>
>>> + <!-- Authentication Support-->
>>> + <dependency>
>>> + <groupId>org.apache.stanbol</groupId>
>>> +
>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>> + <type>partialbundlelist</type>
>>> + <scope>provided</scope>
>>> + </dependency>
>>>
>>> <!-- Stanbol CMS Adapter Bundle List -->
>>> <dependency>
>>>
>>> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>
>>> ==============================================================================
>>> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
>>> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10 17:54:19 2012
>>> @@ -165,6 +165,15 @@
>>> <type>partialbundlelist</type>
>>> <scope>provided</scope>
>>> </dependency>
>>> +
>>> + <!-- Authentication Support-->
>>> + <dependency>
>>> + <groupId>org.apache.stanbol</groupId>
>>> +
>>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>>> + <version>0.10.0-incubating-SNAPSHOT</version>
>>> + <type>partialbundlelist</type>
>>> + <scope>provided</scope>
>>> + </dependency>
>>>
>>> <!-- zz> Shell Bundle List -->
>>> <dependency>
>>>
>>> Modified: incubator/stanbol/trunk/pom.xml
>>> URL:
>>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>>
>>> ==============================================================================
>>> --- incubator/stanbol/trunk/pom.xml (original)
>>> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
>>> @@ -85,6 +85,7 @@
>>>
>>> <module>launchers/bundlelists/osgiframework</module>
>>> <module>launchers/bundlelists/stanbolcommons</module>
>>> + <module>launchers/bundlelists/authentication</module>
>>> <module>launchers/bundlelists/zzshell</module>
>>> <module>launchers/full</module>
>>> <module>integration-tests</module>
>>>
>>>
>>>
>
>
>
> --
> Fabian
> http://twitter.com/fctwitt
--
| Rupert Westenthaler rupert.westenthaler@gmail.com
| Bodenlehenstraße 11 ++43-699-11108907
| A-5500 Bischofshofen
Re: Authentication
Posted by Fabian Christ <ch...@googlemail.com>.
Hi,
I think this is valid point by Reto. The functionality is really
useful for business applications. So disabling like Reto described may
be a better choice than removing the bundles.
Anyway, I did not have a closer look at this feature but I imagine
that it is possible to customize the authentication in many
directions, right? If this is not the case, we should think about it
as many companies use very different authentication policies and
technologies.
Best,
- Fabian
2012/9/14 Reto Bachmann-Gmür <re...@apache.org>:
> Hi Rupert
>
> While the problems you encountered with the stable launcher obviously must
> be resolved (the problem afaik being that a bundle is missing that happens
> to be provided by the shell list in the full launcher) I don't think that
> disabling the authenticationg modules altogether is a good option.
>
> Disabling authentication is fine, in this case all operations are being
> executed by an allmighty anonymous user but removing the bundles means that
> stanbol bundles cannot rely in bundles being there telling who the current
> user is. However I think that this is a feature not only needed for
> multi-tenancy but one that can be used for many purposes.
>
> So I think the basic features should be included in all launchers as all
> modules should be able to access this functionality. Developers of
> components should be encouraged to use these features to make their bundle
> user-aware and to provide reasonable permission checks for the
> functionality thei're offering.
>
> Cheers,
> Reto
>
> On Mon, Sep 10, 2012 at 7:54 PM, <rw...@apache.org> wrote:
>
>> Author: rwesten
>> Date: Mon Sep 10 17:54:19 2012
>> New Revision: 1383002
>>
>> URL: http://svn.apache.org/viewvc?rev=1383002&view=rev
>> Log:
>> STANBOL-721: Moved the dependencies needed for authentication to an own
>> partial bundlelist. Currently used by the full and full-war launcher
>>
>> Added:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/ (with
>> props)
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> (with props)
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/
>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/
>>
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> (with props)
>> Modified:
>>
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> incubator/stanbol/trunk/launchers/full-war/pom.xml
>> incubator/stanbol/trunk/launchers/full/pom.xml
>> incubator/stanbol/trunk/pom.xml
>>
>> Propchange: incubator/stanbol/trunk/launchers/bundlelists/authentication/
>>
>> ------------------------------------------------------------------------------
>> --- svn:ignore (added)
>> +++ svn:ignore Mon Sep 10 17:54:19 2012
>> @@ -0,0 +1,3 @@
>> +.settings
>> +
>> +.project
>>
>> Added: incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml?rev=1383002&view=auto
>>
>> ==============================================================================
>> --- incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> (added)
>> +++ incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>> Mon Sep 10 17:54:19 2012
>> @@ -0,0 +1,65 @@
>> +<?xml version="1.0" encoding="UTF-8"?>
>> +<!--
>> + Licensed to the Apache Software Foundation (ASF) under one or more
>> + contributor license agreements. See the NOTICE file distributed with
>> + this work for additional information regarding copyright ownership.
>> + The ASF licenses this file to You under the Apache License, Version 2.0
>> + (the "License"); you may not use this file except in compliance with
>> + the License. You may obtain a copy of the License at
>> +
>> + http://www.apache.org/licenses/LICENSE-2.0
>> +
>> + Unless required by applicable law or agreed to in writing, software
>> + distributed under the License is distributed on an "AS IS" BASIS,
>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> + See the License for the specific language governing permissions and
>> + limitations under the License.
>> +-->
>> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
>> http://www.w3.org/2001/XMLSchema-instance"
>> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
>> http://maven.apache.org/maven-v4_0_0.xsd">
>> + <modelVersion>4.0.0</modelVersion>
>> + <parent>
>> + <groupId>org.apache.stanbol</groupId>
>> + <artifactId>stanbol-parent</artifactId>
>> + <version>2-incubating-SNAPSHOT</version>
>> + <relativePath>../../../parent</relativePath>
>> + </parent>
>> +
>> + <groupId>org.apache.stanbol</groupId>
>> +
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> + <packaging>partialbundlelist</packaging>
>> +
>> + <name>Apache Stanbol Launchers Authentication Bundle List </name>
>> + <description>This is a Maven project which produces the partial list
>> containing the bundles related to Authentication.</description>
>> +
>> + <scm>
>> + <connection>
>> + scm:svn:
>> http://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>> + </connection>
>> + <developerConnection>
>> + scm:svn:
>> https://svn.apache.org/repos/asf/incubator/stanbol/trunk/launchers/bundlelists/authentication
>> + </developerConnection>
>> + <url>http://incubator.apache.org/stanbol/</url>
>> + </scm>
>> +
>> + <build>
>> + <plugins>
>> + <plugin>
>> + <groupId>org.apache.sling</groupId>
>> + <artifactId>maven-launchpad-plugin</artifactId>
>> + <executions>
>> + <execution>
>> + <id>attach-bundle-list</id>
>> + <goals>
>> + <goal>attach-bundle-list</goal>
>> + </goals>
>> + <configuration>
>> + <includeDefaultBundles>false</includeDefaultBundles>
>> + </configuration>
>> + </execution>
>> + </executions>
>> + </plugin>
>> + </plugins>
>> + </build>
>> +</project>
>>
>> Propchange:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/pom.xml
>>
>> ------------------------------------------------------------------------------
>> svn:mime-type = text/plain
>>
>> Added:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml?rev=1383002&view=auto
>>
>> ==============================================================================
>> ---
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> (added)
>> +++
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>> Mon Sep 10 17:54:19 2012
>> @@ -0,0 +1,47 @@
>> +<?xml version="1.0" encoding="UTF-8"?>
>> +<!--
>> + Licensed to the Apache Software Foundation (ASF) under one or more
>> + contributor license agreements. See the NOTICE file distributed with
>> + this work for additional information regarding copyright ownership.
>> + The ASF licenses this file to You under the Apache License, Version 2.0
>> + (the "License"); you may not use this file except in compliance with
>> + the License. You may obtain a copy of the License at
>> +
>> + http://www.apache.org/licenses/LICENSE-2.0
>> +
>> + Unless required by applicable law or agreed to in writing, software
>> + distributed under the License is distributed on an "AS IS" BASIS,
>> + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> + See the License for the specific language governing permissions and
>> + limitations under the License.
>> +-->
>> +<bundles>
>> + <!-- authentication -->
>> + <startLevel level="27">
>> + <bundle>
>> + <groupId>org.apache.clerezza</groupId>
>> + <artifactId>platform.config</artifactId>
>> + <version>0.3-incubating</version>
>> + </bundle>
>> + <bundle>
>> + <groupId>org.apache.clerezza</groupId>
>> + <artifactId>permissiondescriptions</artifactId>
>> + <version>0.1-incubating</version>
>> + </bundle>
>> + <bundle>
>> + <groupId>org.apache.clerezza</groupId>
>> + <artifactId>platform</artifactId>
>> + <version>0.1-incubating</version>
>> + </bundle>
>> + <bundle>
>> + <groupId>org.apache.stanbol</groupId>
>> + <artifactId>org.apache.stanbol.commons.security</artifactId>
>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> + </bundle>
>> + <bundle>
>> + <groupId>org.apache.stanbol</groupId>
>> +
>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> + </bundle>
>> + </startLevel>
>> +</bundles>
>> \ No newline at end of file
>>
>> Propchange:
>> incubator/stanbol/trunk/launchers/bundlelists/authentication/src/main/bundles/list.xml
>>
>> ------------------------------------------------------------------------------
>> svn:mime-type = text/plain
>>
>> Modified:
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>
>> ==============================================================================
>> ---
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> (original)
>> +++
>> incubator/stanbol/trunk/launchers/bundlelists/stanbolcommons/src/main/bundles/list.xml
>> Mon Sep 10 17:54:19 2012
>> @@ -293,35 +293,6 @@
>> </bundle>
>> </startLevel>
>>
>> - <!-- authentication -->
>> - <startLevel level="27">
>> - <bundle>
>> - <groupId>org.apache.clerezza</groupId>
>> - <artifactId>platform.config</artifactId>
>> - <version>0.3-incubating</version>
>> - </bundle>
>> - <bundle>
>> - <groupId>org.apache.clerezza</groupId>
>> - <artifactId>permissiondescriptions</artifactId>
>> - <version>0.1-incubating</version>
>> - </bundle>
>> - <bundle>
>> - <groupId>org.apache.clerezza</groupId>
>> - <artifactId>platform</artifactId>
>> - <version>0.1-incubating</version>
>> - </bundle>
>> - <bundle>
>> - <groupId>org.apache.stanbol</groupId>
>> - <artifactId>org.apache.stanbol.commons.security</artifactId>
>> - <version>0.10.0-incubating-SNAPSHOT</version>
>> - </bundle>
>> - <bundle>
>> - <groupId>org.apache.stanbol</groupId>
>> -
>> <artifactId>org.apache.stanbol.commons.authentication.basic</artifactId>
>> - <version>0.10.0-incubating-SNAPSHOT</version>
>> - </bundle>
>> - </startLevel>
>> -
>> <!-- Stanbol Commons -->
>> <startLevel level="27">
>> <!-- Allows to run Stanbol in offline mode -->
>>
>> Modified: incubator/stanbol/trunk/launchers/full-war/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full-war/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>
>> ==============================================================================
>> --- incubator/stanbol/trunk/launchers/full-war/pom.xml (original)
>> +++ incubator/stanbol/trunk/launchers/full-war/pom.xml Mon Sep 10 17:54:19
>> 2012
>> @@ -135,6 +135,14 @@
>> <version>0.10.0-incubating-SNAPSHOT</version>
>> <type>partialbundlelist</type>
>> </dependency>
>> + <!-- Authentication Support-->
>> + <dependency>
>> + <groupId>org.apache.stanbol</groupId>
>> +
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> + <type>partialbundlelist</type>
>> + <scope>provided</scope>
>> + </dependency>
>>
>> <!-- Stanbol CMS Adapter Bundle List -->
>> <dependency>
>>
>> Modified: incubator/stanbol/trunk/launchers/full/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/launchers/full/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>
>> ==============================================================================
>> --- incubator/stanbol/trunk/launchers/full/pom.xml (original)
>> +++ incubator/stanbol/trunk/launchers/full/pom.xml Mon Sep 10 17:54:19 2012
>> @@ -165,6 +165,15 @@
>> <type>partialbundlelist</type>
>> <scope>provided</scope>
>> </dependency>
>> +
>> + <!-- Authentication Support-->
>> + <dependency>
>> + <groupId>org.apache.stanbol</groupId>
>> +
>> <artifactId>org.apache.stanbol.launchers.bundlelists.authentication</artifactId>
>> + <version>0.10.0-incubating-SNAPSHOT</version>
>> + <type>partialbundlelist</type>
>> + <scope>provided</scope>
>> + </dependency>
>>
>> <!-- zz> Shell Bundle List -->
>> <dependency>
>>
>> Modified: incubator/stanbol/trunk/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/incubator/stanbol/trunk/pom.xml?rev=1383002&r1=1383001&r2=1383002&view=diff
>>
>> ==============================================================================
>> --- incubator/stanbol/trunk/pom.xml (original)
>> +++ incubator/stanbol/trunk/pom.xml Mon Sep 10 17:54:19 2012
>> @@ -85,6 +85,7 @@
>>
>> <module>launchers/bundlelists/osgiframework</module>
>> <module>launchers/bundlelists/stanbolcommons</module>
>> + <module>launchers/bundlelists/authentication</module>
>> <module>launchers/bundlelists/zzshell</module>
>> <module>launchers/full</module>
>> <module>integration-tests</module>
>>
>>
>>
--
Fabian
http://twitter.com/fctwitt