You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by dl...@apache.org on 2005/02/21 22:34:10 UTC
cvs commit: jakarta-jetspeed-2/components/security/xdocs config.xml navigation.xml
dlestrat 2005/02/21 13:34:10
Modified: components/security/xdocs navigation.xml
Added: portal/src/webapp/WEB-INF/assembly security-spi-atn.xml
security-managers.xml security-spi-atz.xml
security-atz.xml security-providers.xml
security-spi.xml security-atn.xml
components/security/xdocs config.xml
Removed: portal/src/webapp/WEB-INF/assembly authentication.xml
security.xml spi.xml
Log:
http://issues.apache.org/jira/browse/JS2-188#action_59540
LDAP Security Implementation. Services Code provided by Mike Long.
Revision Changes Path
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi-atn.xml
Index: security-spi-atn.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
<constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg>
<constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"/></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
<!-- maxNumberOfAuthenticationFailures -->
<constructor-arg index="0"><value>3</value></constructor-arg>
<!-- maxLifeSpanInDays -->
<constructor-arg index="1"><value>60</value></constructor-arg>
<!-- historySize -->
<constructor-arg index="2"><value>3</value></constructor-arg>
</bean>
<!-- Security SPI: CredentialHandler -->
<bean id="org.apache.jetspeed.security.spi.CredentialHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
>
<constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
<constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
<constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
</bean>
<!-- Security SPI: UserSecurityHandler -->
<!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so that it
may demarcate its own transactions -->
<bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"
class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" parent="baseTransactionProxy"
name="userSecurityHandler" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.spi.UserSecurityHandler</value>
</property>
<property name="target">
<ref bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-managers.xml
Index: security-managers.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- Security: User Manager -->
<bean id="org.apache.jetspeed.security.UserManager"
class="org.apache.jetspeed.security.impl.UserManagerImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Group Manager -->
<bean id="org.apache.jetspeed.security.GroupManager"
class="org.apache.jetspeed.security.impl.GroupManagerImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Role Manager -->
<bean id="org.apache.jetspeed.security.RoleManager"
class="org.apache.jetspeed.security.impl.RoleManagerImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Permission Manager -->
<bean id="org.apache.jetspeed.security.impl.PermissionManagerImpl"
class="org.apache.jetspeed.security.impl.PermissionManagerImpl" />
<bean id="org.apache.jetspeed.security.PermissionManager" parent="baseTransactionProxy"
name="permissionManager" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.PermissionManager</value>
</property>
<property name="target">
<ref bean="org.apache.jetspeed.security.impl.PermissionManagerImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
<prop key="grant*">PROPAGATION_REQUIRED</prop>
<prop key="revoke*">PROPAGATION_REQUIRED</prop>
<prop key="grant*">PROPAGATION_REQUIRED</prop>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi-atz.xml
Index: security-spi-atz.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<!-- Security SPI: RoleSecurityHandler -->
<bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultRoleSecurityHandler"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<!-- Security SPI: GroupSecurityHandler -->
<bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultGroupSecurityHandler"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<!-- Security SPI: SecurityMappingHandler -->
<bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultSecurityMappingHandler"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
<!-- Default role hierarchy strategy is by generalization. Add contructor-arg to change the strategy. -->
<!-- Default group hierarchy strategy is by generalization. Add contructor-arg to change the strategy. -->
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-atz.xml
Index: security-atz.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- Security: RDBMS Policy implementation for JAAS -->
<bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
class="org.apache.jetspeed.security.impl.RdbmsPolicy"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-providers.xml
Index: security-providers.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security Providers ************** -->
<!-- Security: Default Authentication Provider -->
<bean id="org.apache.jetspeed.security.AuthenticationProvider"
class="org.apache.jetspeed.security.impl.AuthenticationProviderImpl"
>
<constructor-arg index="0"><value>DefaultAuthenticator</value></constructor-arg>
<constructor-arg index="1"><value>The default authenticator</value></constructor-arg>
<constructor-arg index="2"><value>login.conf</value></constructor-arg>
<constructor-arg index="3"><ref bean="org.apache.jetspeed.security.spi.CredentialHandler"/></constructor-arg>
<constructor-arg index="4"><ref bean="org.apache.jetspeed.security.spi.UserSecurityHandler"/></constructor-arg>
</bean>
<!-- Security: Authentication Provider Proxy -->
<bean id="org.apache.jetspeed.security.AuthenticationProviderProxy"
class="org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl"
>
<constructor-arg >
<list>
<ref bean="org.apache.jetspeed.security.AuthenticationProvider"/>
</list>
</constructor-arg>
<constructor-arg ><value>DefaultAuthenticator</value></constructor-arg>
</bean>
<!-- Security: Security Provider -->
<bean id="org.apache.jetspeed.security.SecurityProvider"
class="org.apache.jetspeed.security.impl.SecurityProviderImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.AuthenticationProviderProxy"/></constructor-arg>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.RoleSecurityHandler"/></constructor-arg>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.GroupSecurityHandler"/></constructor-arg>
<constructor-arg ><ref bean="org.apache.jetspeed.security.spi.SecurityMappingHandler"/></constructor-arg>
</bean>
<!-- Security: Authorization Provider -->
<bean id="org.apache.jetspeed.security.AuthorizationProvider"
class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi.xml
Index: security-spi.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<!-- Security SPI: CommonQueries -->
<bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
init-method="init"
>
<constructor-arg ><value>META-INF/security_repository.xml</value></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy"
name="SecurityCommonQueries" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
</property>
<property name="target">
<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
<prop key="set*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
</beans>
1.1 jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-atn.xml
Index: security-atn.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Login Module ************** -->
<!-- Security: Login Module Proxy -->
<bean id="org.apache.jetspeed.security.LoginModuleProxy"
class="org.apache.jetspeed.security.impl.LoginModuleProxyImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.UserManager"/></constructor-arg>
</bean>
</beans>
1.3 +1 -1 jakarta-jetspeed-2/components/security/xdocs/navigation.xml
Index: navigation.xml
===================================================================
RCS file: /home/cvs/jakarta-jetspeed-2/components/security/xdocs/navigation.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- navigation.xml 17 Oct 2004 19:22:38 -0000 1.2
+++ navigation.xml 21 Feb 2005 21:34:09 -0000 1.3
@@ -25,7 +25,7 @@
<item name="Authorization Security Services" href="#"/>
<item name="Aggregate Security Services" href="#"/>
<item name="SPI Architecture" href="#"/>
- <item name="Security Services Configuration" href="#"/>
+ <item name="Security Services Configuration" href="config.html"/>
</menu>
<menu name="Misc.">
<item name="Tasks" href="tasks.html"/>
1.1 jakarta-jetspeed-2/components/security/xdocs/config.xml
Index: config.xml
===================================================================
<?xml version="1.0"?>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document>
<properties>
<title>Jetspeed 2 Security Services Configuration</title>
<authors>
<person name="David Le Strat" email="dlestrat@apache.org"/>
</authors>
</properties>
<body>
<section name="Default configuration">
<p>
Jetspeed 2 default security services configuration leverages a relational database as its default persitent
datastore for security information. Jetspeed 2 security service provider interface provides a mechanism
to replace the default datastore configured.
</p>
<p>
3 files are involved when configuring Jetspeed 2 security SPI. All the SPI configuration files are
located under <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i>.
</p>
<subsection name="security-spi.xml">
<p>
This configuration file contains configuration that are common to the authentication and authorization SPIs.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.SecurityAccess</td>
<td>Used internally by the default OJB based SPI. Provide access to common action/methods
for the various SPI implementations. The <i>SecurityAccess</i> bean is used by both the Authentication
and Authorization SPIs.</td>
</tr>
</table>
</subsection>
<subsection name="security-spi-atn.xml">
<p>
This configuratio file contains all the configurations for configuring the authentication SPI.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.CredentialHandler</td>
<td>The <i>CredentialHandler</i> encapsulates the operations involving manipulation
of credentials. The default implementation provides support for password protection as
defined by the <i>PasswordCredentialProvider</i>; as well as lifecycle management of
credentials through <i>InternalPasswordCredentialInterceptor</i> which manages parameters such as
maximum number of authentication failures, maximum life span of a credential in days and how much history
to retain for a given credential.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.UserSecurityHandler</td>
<td>The <i>UserSecurityHandler</i> encapuslated all the operations around the user principals.</td>
</tr>
</table>
</subsection>
<subsection name="security-spi-atz.xml">
<p>
This configuratio file contains all the configurations for configuring the authorization SPI.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.RoleSecurityHandler</td>
<td>The <i>RoleSecurityHandler</i> encapsulates all the operations around the role principals.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.GroupSecurityHandler</td>
<td>The <i>GroupSecurityHandler</i> encapsulates all the operations around the group principals.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.SecurityMappingHandler</td>
<td>The <i>SecurityMappingHandler</i> encapsulates all the operations involving mapping between principals.
It contains the logic managing hierarchy resolution for hierarchical principals (roles or groups).
The default hierarchy resolution provided is a hierarchy by generalization (see overview for definitions).
A <i>contructor-arg</i> can be added to the <i>SecurityMappingHandler</i> to change the hierarchy resolution
strategy. Jetspeed 2 also support a hierarchy resolution by aggregation.</td>
</tr>
</table>
</subsection>
</section>
<section name="LDAP Configuration">
<p>
Jetspeed 2 provides LDAP support for authentication. Configuring LDAP authentication can be done by replacing the
configuration files located under <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i> by the
files located under as indicated <i>${jetspeed-source-home}/components/security/etc/</i>.
below.
</p>
<p>
Jetspeed 2 <b>does not currently provide an embedded LDAP directory</b>. A external LDAP directory must be configured
in order to leverage this functionality.
</p>
<p>
<i>security-spi-atn.xml</i> should be replaced by <i>security-spi-ldap-atn.xml</i> and
<i>security-spi-ldap.xml</i> should be copied to the assembly directory as well.
</p>
<p>
The <i>security-spi-ldap-atn.xml</i> preforms the same functions as the <i>security-spi-atn.xml</i>
described above. It replaces the default implementation for <i>CredentialHandler</i> and
<i>UserSecurityHandler</i> with an LDAP specific implementation.
</p>
<p>
Additionally, <i>ldap.properties</i> located under <i>${jetspeed-source-home}/components/security/etc/</i> should
be copied under <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/conf/</i>.
</p>
<subsection name="ldap.properties">
<table>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.ldapServerName</td>
<td>The LDAP server name to connect to. E.g. <i>localhost</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootDn</td>
<td>The root domain name. E.g. <i>cn=Manager,dc=proto,dc=dataline,dc=com</i>. In
properties files the "=" in the value should be escaped, i.e. <i>cn\=Manager,dc\=proto,dc\=dataline,dc\=com</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootPassword</td>
<td>The root password.</td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootContext</td>
<td>The root context. E.g. <i>dc=proto,dc=dataline,dc=com</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
<td>The default suffix. E.g. <i>ou=Norfolk,o=Dataline</i></td>
</tr>
</table>
</subsection>
</section>
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org