dlestrat 2005/02/21 13:34:10
Modified: components/security/xdocs navigation.xml
Added: portal/src/webapp/WEB-INF/assembly security-spi-atn.xml
security-managers.xml security-spi-atz.xml
security-atz.xml security-providers.xml
security-spi.xml security-atn.xml
components/security/xdocs config.xml
Removed: portal/src/webapp/WEB-INF/assembly authentication.xml
security.xml spi.xml
Log:
http://issues.apache.org/jira/browse/JS2-188#action_59540
LDAP Security Implementation. Services Code provided by Mike Long.
Revision Changes Path
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi-atn.xml
Index: security-spi-atn.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider"
class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
<constructor-arg index="0"><ref
bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/></constructor-arg>
<constructor-arg index="1"><ref
bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"/></constructor-arg>
</bean>
<bean
id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialHistoryHandlingInterceptor">
<!-- maxNumberOfAuthenticationFailures -->
<constructor-arg index="0"><value>3</value></constructor-arg>
<!-- maxLifeSpanInDays -->
<constructor-arg index="1"><value>60</value></constructor-arg>
<!-- historySize -->
<constructor-arg index="2"><value>3</value></constructor-arg>
</bean>
<!-- Security SPI: CredentialHandler -->
<bean id="org.apache.jetspeed.security.spi.CredentialHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler"
>
<constructor-arg index="0"><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
<constructor-arg index="1"><ref
bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/></constructor-arg>
<constructor-arg index="2"><ref
bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/></constructor-arg>
</bean>
<!-- Security SPI: UserSecurityHandler -->
<!-- The DefaultUSerSecurityHandler uses the raw SecurityAccessImpl so that
it
may demarcate its own transactions -->
<bean id="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"
class="org.apache.jetspeed.security.spi.impl.DefaultUserSecurityHandler"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.UserSecurityHandler"
parent="baseTransactionProxy"
name="userSecurityHandler" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.spi.UserSecurityHandler</value>
</property>
<property name="target">
<ref
bean="org.apache.jetspeed.security.spi.UserSecurityHandlerImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">PROPAGATION_REQUIRED</prop>
</props>
</property>
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-managers.xml
Index: security-managers.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- Security: User Manager -->
<bean id="org.apache.jetspeed.security.UserManager"
class="org.apache.jetspeed.security.impl.UserManagerImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Group Manager -->
<bean id="org.apache.jetspeed.security.GroupManager"
class="org.apache.jetspeed.security.impl.GroupManagerImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Role Manager -->
<bean id="org.apache.jetspeed.security.RoleManager"
class="org.apache.jetspeed.security.impl.RoleManagerImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.SecurityProvider"/></constructor-arg>
</bean>
<!-- Security: Permission Manager -->
<bean id="org.apache.jetspeed.security.impl.PermissionManagerImpl"
class="org.apache.jetspeed.security.impl.PermissionManagerImpl" />
<bean id="org.apache.jetspeed.security.PermissionManager"
parent="baseTransactionProxy"
name="permissionManager" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.PermissionManager</value>
</property>
<property name="target">
<ref
bean="org.apache.jetspeed.security.impl.PermissionManagerImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
<prop key="grant*">PROPAGATION_REQUIRED</prop>
<prop key="revoke*">PROPAGATION_REQUIRED</prop>
<prop key="grant*">PROPAGATION_REQUIRED</prop>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi-atz.xml
Index: security-spi-atz.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<!-- Security SPI: RoleSecurityHandler -->
<bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultRoleSecurityHandler"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<!-- Security SPI: GroupSecurityHandler -->
<bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultGroupSecurityHandler"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
</bean>
<!-- Security SPI: SecurityMappingHandler -->
<bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler"
class="org.apache.jetspeed.security.spi.impl.DefaultSecurityMappingHandler"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityAccess"/></constructor-arg>
<!-- Default role hierarchy strategy is by generalization. Add
contructor-arg to change the strategy. -->
<!-- Default group hierarchy strategy is by generalization. Add
contructor-arg to change the strategy. -->
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-atz.xml
Index: security-atz.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- Security: RDBMS Policy implementation for JAAS -->
<bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
class="org.apache.jetspeed.security.impl.RdbmsPolicy"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-providers.xml
Index: security-providers.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security Providers ************** -->
<!-- Security: Default Authentication Provider -->
<bean id="org.apache.jetspeed.security.AuthenticationProvider"
class="org.apache.jetspeed.security.impl.AuthenticationProviderImpl"
>
<constructor-arg
index="0"><value>DefaultAuthenticator</value></constructor-arg>
<constructor-arg index="1"><value>The default
authenticator</value></constructor-arg>
<constructor-arg
index="2"><value>login.conf</value></constructor-arg>
<constructor-arg index="3"><ref
bean="org.apache.jetspeed.security.spi.CredentialHandler"/></constructor-arg>
<constructor-arg index="4"><ref
bean="org.apache.jetspeed.security.spi.UserSecurityHandler"/></constructor-arg>
</bean>
<!-- Security: Authentication Provider Proxy -->
<bean id="org.apache.jetspeed.security.AuthenticationProviderProxy"
class="org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl"
>
<constructor-arg >
<list>
<ref
bean="org.apache.jetspeed.security.AuthenticationProvider"/>
</list>
</constructor-arg>
<constructor-arg
><value>DefaultAuthenticator</value></constructor-arg>
</bean>
<!-- Security: Security Provider -->
<bean id="org.apache.jetspeed.security.SecurityProvider"
class="org.apache.jetspeed.security.impl.SecurityProviderImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.AuthenticationProviderProxy"/></constructor-arg>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.RoleSecurityHandler"/></constructor-arg>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.GroupSecurityHandler"/></constructor-arg>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.spi.SecurityMappingHandler"/></constructor-arg>
</bean>
<!-- Security: Authorization Provider -->
<bean id="org.apache.jetspeed.security.AuthorizationProvider"
class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-spi.xml
Index: security-spi.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Security SPI Handlers ************** -->
<!-- Security SPI: CommonQueries -->
<bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
init-method="init"
>
<constructor-arg
><value>META-INF/security_repository.xml</value></constructor-arg>
</bean>
<bean id="org.apache.jetspeed.security.spi.SecurityAccess"
parent="baseTransactionProxy"
name="SecurityCommonQueries" >
<property name="proxyInterfaces">
<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
</property>
<property name="target">
<ref
bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="remove*">PROPAGATION_REQUIRED</prop>
<prop key="set*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
</beans>
1.1
jakarta-jetspeed-2/portal/src/webapp/WEB-INF/assembly/security-atn.xml
Index: security-atn.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans>
<!-- ************** Login Module ************** -->
<!-- Security: Login Module Proxy -->
<bean id="org.apache.jetspeed.security.LoginModuleProxy"
class="org.apache.jetspeed.security.impl.LoginModuleProxyImpl"
>
<constructor-arg ><ref
bean="org.apache.jetspeed.security.UserManager"/></constructor-arg>
</bean>
</beans>
1.3 +1 -1
jakarta-jetspeed-2/components/security/xdocs/navigation.xml
Index: navigation.xml
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/xdocs/navigation.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- navigation.xml 17 Oct 2004 19:22:38 -0000 1.2
+++ navigation.xml 21 Feb 2005 21:34:09 -0000 1.3
@@ -25,7 +25,7 @@
<item name="Authorization Security Services" href="#"/>
<item name="Aggregate Security Services" href="#"/>
<item name="SPI Architecture" href="#"/>
- <item name="Security Services Configuration" href="#"/>
+ <item name="Security Services Configuration" href="config.html"/>
</menu>
<menu name="Misc.">
<item name="Tasks" href="tasks.html"/>
1.1 jakarta-jetspeed-2/components/security/xdocs/config.xml
Index: config.xml
===================================================================
<?xml version="1.0"?>
<!--
Copyright 2004 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document>
<properties>
<title>Jetspeed 2 Security Services Configuration</title>
<authors>
<person name="David Le Strat" email="[EMAIL PROTECTED]"/>
</authors>
</properties>
<body>
<section name="Default configuration">
<p>
Jetspeed 2 default security services configuration leverages a relational
database as its default persitent
datastore for security information. Jetspeed 2 security service provider
interface provides a mechanism
to replace the default datastore configured.
</p>
<p>
3 files are involved when configuring Jetspeed 2 security SPI. All the SPI
configuration files are
located under
<i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i>.
</p>
<subsection name="security-spi.xml">
<p>
This configuration file contains configuration that are common to the
authentication and authorization SPIs.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.SecurityAccess</td>
<td>Used internally by the default OJB based SPI. Provide
access to common action/methods
for the various SPI implementations. The <i>SecurityAccess</i>
bean is used by both the Authentication
and Authorization SPIs.</td>
</tr>
</table>
</subsection>
<subsection name="security-spi-atn.xml">
<p>
This configuratio file contains all the configurations for configuring the
authentication SPI.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.CredentialHandler</td>
<td>The <i>CredentialHandler</i> encapsulates the operations
involving manipulation
of credentials. The default implementation provides support
for password protection as
defined by the <i>PasswordCredentialProvider</i>; as well as
lifecycle management of
credentials through
<i>InternalPasswordCredentialInterceptor</i> which manages parameters such as
maximum number of authentication failures, maximum life span of
a credential in days and how much history
to retain for a given credential.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.UserSecurityHandler</td>
<td>The <i>UserSecurityHandler</i> encapuslated all the
operations around the user principals.</td>
</tr>
</table>
</subsection>
<subsection name="security-spi-atz.xml">
<p>
This configuratio file contains all the configurations for configuring the
authorization SPI.
</p>
<table>
<tr>
<th>Bean</th>
<th>Description</th>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.RoleSecurityHandler</td>
<td>The <i>RoleSecurityHandler</i> encapsulates all the
operations around the role principals.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.GroupSecurityHandler</td>
<td>The <i>GroupSecurityHandler</i> encapsulates all the
operations around the group principals.</td>
</tr>
<tr>
<td>org.apache.jetspeed.security.spi.SecurityMappingHandler</td>
<td>The <i>SecurityMappingHandler</i> encapsulates all the
operations involving mapping between principals.
It contains the logic managing hierarchy resolution for
hierarchical principals (roles or groups).
The default hierarchy resolution provided is a hierarchy by
generalization (see overview for definitions).
A <i>contructor-arg</i> can be added to the
<i>SecurityMappingHandler</i> to change the hierarchy resolution
strategy. Jetspeed 2 also support a hierarchy resolution by
aggregation.</td>
</tr>
</table>
</subsection>
</section>
<section name="LDAP Configuration">
<p>
Jetspeed 2 provides LDAP support for authentication. Configuring LDAP
authentication can be done by replacing the
configuration files located under
<i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i> by the
files located under as indicated
<i>${jetspeed-source-home}/components/security/etc/</i>.
below.
</p>
<p>
Jetspeed 2 <b>does not currently provide an embedded LDAP directory</b>. A
external LDAP directory must be configured
in order to leverage this functionality.
</p>
<p>
<i>security-spi-atn.xml</i> should be replaced by
<i>security-spi-ldap-atn.xml</i> and
<i>security-spi-ldap.xml</i> should be copied to the assembly directory as
well.
</p>
<p>
The <i>security-spi-ldap-atn.xml</i> preforms the same functions as the
<i>security-spi-atn.xml</i>
described above. It replaces the default implementation for
<i>CredentialHandler</i> and
<i>UserSecurityHandler</i> with an LDAP specific implementation.
</p>
<p>
Additionally, <i>ldap.properties</i> located under
<i>${jetspeed-source-home}/components/security/etc/</i> should
be copied under
<i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/conf/</i>.
</p>
<subsection name="ldap.properties">
<table>
<tr>
<th>Property</th>
<th>Value</th>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.ldapServerName</td>
<td>The LDAP server name to connect to. E.g.
<i>localhost</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootDn</td>
<td>The root domain name. E.g.
<i>cn=Manager,dc=proto,dc=dataline,dc=com</i>. In
properties files the "=" in the value should be escaped, i.e.
<i>cn\=Manager,dc\=proto,dc\=dataline,dc\=com</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootPassword</td>
<td>The root password.</td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.rootContext</td>
<td>The root context. E.g.
<i>dc=proto,dc=dataline,dc=com</i></td>
</tr>
<tr>
<td>org.apache.jetspeed.ldap.defaultDnSuffix</td>
<td>The default suffix. E.g. <i>ou=Norfolk,o=Dataline</i></td>
</tr>
</table>
</subsection>
</section>
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
