ozeigermann 2004/06/24 07:00:52 Modified: src/conf/webapp JNDI-Domain.xml Log: Reformatting Revision Changes Path 1.2 +299 -320 jakarta-slide/src/conf/webapp/JNDI-Domain.xml Index: JNDI-Domain.xml =================================================================== RCS file: /home/cvs/jakarta-slide/src/conf/webapp/JNDI-Domain.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JNDI-Domain.xml 22 Jun 2004 17:59:28 -0000 1.1 +++ JNDI-Domain.xml 24 Jun 2004 14:00:52 -0000 1.2 @@ -1,333 +1,312 @@ <?xml version="1.0"?> <slide> - <namespace name="slide"> - <definition> - <!-- Use the Tx Stores for the main store. JNDIPrincipalStore + <namespace name="slide"> + <definition> + <!-- Use the Tx Stores for the main store. JNDIPrincipalStore *cannot* do this --> - <store name="main"> - <nodestore -classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> - <parameter -name="rootpath">main/store/metadata</parameter> - <parameter -name="workpath">main/work/metadata</parameter> - </nodestore> - <securitystore> - <reference store="nodestore"/> - </securitystore> - <lockstore> - <reference store="nodestore"/> - </lockstore> - <revisiondescriptorsstore> - <reference store="nodestore"/> - </revisiondescriptorsstore> - <revisiondescriptorstore> - <reference store="nodestore"/> - </revisiondescriptorstore> - <contentstore -classname="org.apache.slide.store.txfile.TxFileContentStore"> - <parameter -name="rootpath">main/store/content</parameter> - <parameter -name="workpath">main/work/content</parameter> - </contentstore> - </store> - - <!-- Use a JNDIPrincipalStore to for users --> - <store name="users"> - <nodestore -classname="org.apache.slide.store.txjndi.JNDIPrincipalStore"> - <parameter name="jndi.container">ou=XXXXXX,o=XXXXXXXX</parameter> - <parameter name="jndi.attributes.rdn">uid</parameter> - <parameter -name="jndi.search.filter">(objectClass=inetOrgPerson)</parameter> - <parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter> - <parameter -name="jndi.search.attributes">postalCode,initials,givenName,uid,mail,fullName,telephoneNumber,title,facsimileTelephoneNumber,groupMembership,l,sn,cn</parameter> - <parameter -name="java.naming.provider.url">ldap://xxxxxxxxxxxxxxxx</parameter> - <parameter -name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter> - <parameter -name="java.naming.security.principal">xxxxxxxxxxxxxxxx</parameter> - <parameter -name="java.naming.security.authentication">simple</parameter> - <parameter -name="java.naming.security.credentials">xxxxxxxxxxxxxxxxxx</parameter> - </nodestore> - <!-- Use a Tx Store to store security and lock information --> - <securitystore -classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> - <parameter -name="rootpath">users/store/metadata</parameter> - <parameter -name="workpath">users/work/metadata</parameter> - </securitystore> - <lockstore> - <reference store="securitystore"/> - </lockstore> - <revisiondescriptorsstore> - <reference store="nodestore"/> - </revisiondescriptorsstore> - <revisiondescriptorstore> - <reference store="nodestore"/> - </revisiondescriptorstore> - <contentstore> - <reference store="nodestore"/> - </contentstore> - </store> - - <!-- Use a JNDIPrincipalStore for roles --> - <store name="roles"> - <nodestore -classname="org.apache.slide.store.txjndi.JNDIPrincipalStore"> - <parameter -name="jndi.container">ou=XXXXX,ou=XXXXX,o=XXXXXXXXX</parameter> - <parameter name="jndi.attributes.rdn">cn</parameter> - <parameter -name="jndi.attributes.groupmemberset">uniqueMember</parameter> - <parameter -name="jndi.search.filter">objectClass=groupOfNames</parameter> - <parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter> - <parameter name="jndi.search.attributes">cn</parameter> - <parameter -name="java.naming.provider.url">ldap://xxxxxxxxxxxxxx</parameter> - <parameter -name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</parameter> - <parameter -name="java.naming.security.principal">xxxxxxxxxxxxxxxxxx</parameter> - <parameter -name="java.naming.security.authentication">simple</parameter> - <parameter -name="java.naming.security.credentials">xxxxxxxxxxxxxxxx</parameter> - </nodestore> - <!-- Use a Tx Store to store security and lock information --> - <securitystore -classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> - <parameter -name="rootpath">roles/store/metadata</parameter> - <parameter -name="workpath">roles/work/metadata</parameter> - </securitystore> - <lockstore> - <reference store="securitystore"/> - </lockstore> - <revisiondescriptorsstore> - <reference store="nodestore"/> - </revisiondescriptorsstore> - <revisiondescriptorstore> - <reference store="nodestore"/> - </revisiondescriptorstore> - <contentstore> - <reference store="nodestore"/> - </contentstore> - </store> - - <!-- Mount each store at the appropriate URI --> - <scope match="/" store="main"/> - <scope match="/users" store="users"/> - <scope match="/roles" store="roles"/> - </definition> - <configuration> - <read-object>/actions/read</read-object> - <create-object>/actions/write</create-object> - <remove-object>/actions/write</remove-object> - <grant-permission>/actions/write-acl</grant-permission> - <revoke-permission>/actions/write-acl</revoke-permission> - <read-permissions>/actions/read-acl</read-permissions> - -<read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions> - <lock-object>/actions/write</lock-object> - <kill-lock>/actions/unlock</kill-lock> - <read-locks>/actions/read</read-locks> - -<read-revision-metadata>/actions/read</read-revision-metadata> - -<create-revision-metadata>/actions/write-properties</create-revision-metadata> - -<modify-revision-metadata>/actions/write-properties</modify-revision-metadata> - -<remove-revision-metadata>/actions/write-properties</remove-revision-metadata> - -<read-revision-content>/actions/read</read-revision-content> - -<create-revision-content>/actions/write-content</create-revision-content> - -<modify-revision-content>/actions/write-content</modify-revision-content> - -<remove-revision-content>/actions/write-content</remove-revision-content> - <bind-member>/actions/bind</bind-member> - <unbind-member>/actions/unbind</unbind-member> - <userspath>/users</userspath> - <rolespath>/roles</rolespath> - <actionspath>/actions</actionspath> - <filespath>/files</filespath> - <parameter name="dav">true</parameter> - <parameter name="standalone">true</parameter> - <parameter name="acl_inheritance_type">path</parameter> - <parameter name="nested_roles_maxdepth">0</parameter> - </configuration> - <data> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/"> - <!-- Make sure the subject here is a valid LDAP group --> - <permission action="all" subject="/roles/connect users" -inheritable="true"/> - <permission action="/actions/read-acl" subject="all" -inheritable="true" negative="true"/> - <permission action="/actions/write-acl" subject="all" -inheritable="true" negative="true"/> - <permission action="/actions/unlock" subject="all" -inheritable="true" negative="true"/> - <permission action="/actions/read" subject="all" -inheritable="true"/> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/users"> - <permission action="all" subject="self" -inheritable="true"/> - <permission action="all" subject="unauthenticated" -inheritable="true" negative="true"/> - </objectnode> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/roles"> - <permission action="all" subject="self" -inheritable="true"/> - <permission action="all" subject="unauthenticated" -inheritable="true" negative="true"/> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" uri="/actions"> - <objectnode -classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> - <revision> - <property -name="privilege-member-set"><![CDATA[<D:href + <store name="main"> + <nodestore + classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> + <parameter name="rootpath">main/store/metadata</parameter> + <parameter name="workpath">main/work/metadata</parameter> + </nodestore> + <securitystore> + <reference store="nodestore"/> + </securitystore> + <lockstore> + <reference store="nodestore"/> + </lockstore> + <revisiondescriptorsstore> + <reference store="nodestore"/> + </revisiondescriptorsstore> + <revisiondescriptorstore> + <reference store="nodestore"/> + </revisiondescriptorstore> + <contentstore + classname="org.apache.slide.store.txfile.TxFileContentStore"> + <parameter name="rootpath">main/store/content</parameter> + <parameter name="workpath">main/work/content</parameter> + </contentstore> + </store> + <!-- Use a JNDIPrincipalStore to for users --> + <store name="users"> + <nodestore + classname="org.apache.slide.store.txjndi.JNDIPrincipalStore" + > + <parameter name="jndi.container">ou=XXXXXX,o=XXXXXXXX</parameter> + <parameter name="jndi.attributes.rdn">uid</parameter> + <parameter name="jndi.search.filter"> + (objectClass=inetOrgPerson)</parameter> + <parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter> + <parameter name="jndi.search.attributes"> + postalCode,initials,givenName,uid,mail,fullName,telephoneNumber,title,facsimileTelephoneNumber,groupMembership,l,sn,cn</parameter> + <parameter name="java.naming.provider.url"> + ldap://xxxxxxxxxxxxxxxx</parameter> + <parameter name="java.naming.factory.initial"> + com.sun.jndi.ldap.LdapCtxFactory</parameter> + <parameter name="java.naming.security.principal"> + xxxxxxxxxxxxxxxx</parameter> + <parameter name="java.naming.security.authentication">simple</parameter> + <parameter name="java.naming.security.credentials"> + xxxxxxxxxxxxxxxxxx</parameter> + </nodestore> + <!-- Use a Tx Store to store security and lock information --> + <securitystore + classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore" + > + <parameter name="rootpath">users/store/metadata</parameter> + <parameter name="workpath">users/work/metadata</parameter> + </securitystore> + <lockstore> + <reference store="securitystore"/> + </lockstore> + <revisiondescriptorsstore> + <reference store="nodestore"/> + </revisiondescriptorsstore> + <revisiondescriptorstore> + <reference store="nodestore"/> + </revisiondescriptorstore> + <contentstore> + <reference store="nodestore"/> + </contentstore> + </store> + <!-- Use a JNDIPrincipalStore for roles --> + <store name="roles"> + <nodestore + classname="org.apache.slide.store.txjndi.JNDIPrincipalStore" + > + <parameter name="jndi.container"> + ou=XXXXX,ou=XXXXX,o=XXXXXXXXX</parameter> + <parameter name="jndi.attributes.rdn">cn</parameter> + <parameter name="jndi.attributes.groupmemberset"> + uniqueMember</parameter> + <parameter name="jndi.search.filter"> + objectClass=groupOfNames</parameter> + <parameter name="jndi.search.scope">ONELEVEL_SCOPE</parameter> + <parameter name="jndi.search.attributes">cn</parameter> + <parameter name="java.naming.provider.url"> + ldap://xxxxxxxxxxxxxx</parameter> + <parameter name="java.naming.factory.initial"> + com.sun.jndi.ldap.LdapCtxFactory</parameter> + <parameter name="java.naming.security.principal"> + xxxxxxxxxxxxxxxxxx</parameter> + <parameter name="java.naming.security.authentication">simple</parameter> + <parameter name="java.naming.security.credentials"> + xxxxxxxxxxxxxxxx</parameter> + </nodestore> + <!-- Use a Tx Store to store security and lock information --> + <securitystore + classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore" + > + <parameter name="rootpath">roles/store/metadata</parameter> + <parameter name="workpath">roles/work/metadata</parameter> + </securitystore> + <lockstore> + <reference store="securitystore"/> + </lockstore> + <revisiondescriptorsstore> + <reference store="nodestore"/> + </revisiondescriptorsstore> + <revisiondescriptorstore> + <reference store="nodestore"/> + </revisiondescriptorstore> + <contentstore> + <reference store="nodestore"/> + </contentstore> + </store> + <!-- Mount each store at the appropriate URI --> + <scope match="/" store="main"/> + <scope match="/users" store="users"/> + <scope match="/roles" store="roles"/> + </definition> + <configuration> + <read-object>/actions/read</read-object> + <create-object>/actions/write</create-object> + <remove-object>/actions/write</remove-object> + <grant-permission>/actions/write-acl</grant-permission> + <revoke-permission>/actions/write-acl</revoke-permission> + <read-permissions>/actions/read-acl</read-permissions> + <read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions> + <lock-object>/actions/write</lock-object> + <kill-lock>/actions/unlock</kill-lock> + <read-locks>/actions/read</read-locks> + <read-revision-metadata>/actions/read</read-revision-metadata> + <create-revision-metadata>/actions/write-properties</create-revision-metadata> + <modify-revision-metadata>/actions/write-properties</modify-revision-metadata> + <remove-revision-metadata>/actions/write-properties</remove-revision-metadata> + <read-revision-content>/actions/read</read-revision-content> + <create-revision-content>/actions/write-content</create-revision-content> + <modify-revision-content>/actions/write-content</modify-revision-content> + <remove-revision-content>/actions/write-content</remove-revision-content> + <bind-member>/actions/bind</bind-member> + <unbind-member>/actions/unbind</unbind-member> + <userspath>/users</userspath> + <rolespath>/roles</rolespath> + <actionspath>/actions</actionspath> + <filespath>/files</filespath> + <parameter name="dav">true</parameter> + <parameter name="standalone">true</parameter> + <parameter name="acl_inheritance_type">path</parameter> + <parameter name="nested_roles_maxdepth">0</parameter> + </configuration> + <data> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/"> + <!-- Make sure the subject here is a valid LDAP group --> + <permission action="all" subject="/roles/connect users" + inheritable="true"/> + <permission action="/actions/read-acl" subject="all" + inheritable="true" negative="true"/> + <permission action="/actions/write-acl" subject="all" + inheritable="true" negative="true"/> + <permission action="/actions/unlock" subject="all" + inheritable="true" negative="true"/> + <permission action="/actions/read" subject="all" + inheritable="true"/> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/users"> + <permission action="all" subject="self" inheritable="true"/> + <permission action="all" subject="unauthenticated" + inheritable="true" negative="true"/> + </objectnode> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/roles"> + <permission action="all" subject="self" inheritable="true"/> + <permission action="all" subject="unauthenticated" + inheritable="true" negative="true"/> + </objectnode> + <objectnode classname="org.apache.slide.structure.ActionNode" + uri="/actions"> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/read"> + <revision> + <property name="privilege-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/actions/read-acl</D:href> <D:href xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]></property> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/read-acl"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/read-current-user-privilege-set"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> - <revision> - <property -name="privilege-member-set"><![CDATA[<D:href + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/read-acl"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/read-current-user-privilege-set"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/write"> + <revision> + <property name="privilege-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/actions/write-acl</D:href> <D:href xmlns:D='DAV:'>/actions/write-properties</D:href> <D:href xmlns:D='DAV:'>/actions/write-content</D:href>]]></property> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/write-acl"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/write-properties"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/write-content"> - <revision> - <property -name="privilege-member-set"><![CDATA[<D:href + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/write-acl"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/write-properties"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/write-content"> + <revision> + <property name="privilege-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/actions/bind</D:href> <D:href xmlns:D='DAV:'>/actions/unbind</D:href>]]></property> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/unbind"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - <objectnode -classname="org.apache.slide.structure.ActionNode" -uri="/actions/unlock"> - <revision> - <property name="privilege-member-set"/> - </revision> - </objectnode> - </objectnode> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/files"> - <permission action="all" subject="unauthenticated" -inheritable="true"/> - <!-- Make sure the subject here is a valid LDAP + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/bind"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/unbind"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + <objectnode + classname="org.apache.slide.structure.ActionNode" + uri="/actions/unlock"> + <revision> + <property name="privilege-member-set"/> + </revision> + </objectnode> + </objectnode> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/files"> + <permission action="all" subject="unauthenticated" + inheritable="true"/> + <!-- Make sure the subject here is a valid LDAP group --> - <permission action="/actions/write" subject="/roles/connect users" -inheritable="true"/> - <permission action="/actions/read-acl" -subject="owner" inheritable="true"/> - </objectnode> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/history"> - <permission action="all" subject="unauthenticated" -inheritable="true"/> - <!-- Make sure the subject here is a valid LDAP + <permission action="/actions/write" + subject="/roles/connect users" inheritable="true"/> + <permission action="/actions/read-acl" subject="owner" + inheritable="true"/> + </objectnode> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/history"> + <permission action="all" subject="unauthenticated" + inheritable="true"/> + <!-- Make sure the subject here is a valid LDAP group --> - <permission action="/actions/write" subject="/roles/connect users" -inheritable="true"/> - <permission action="/actions/read-acl" -subject="owner" inheritable="true"/> - </objectnode> - <objectnode -classname="org.apache.slide.structure.SubjectNode" uri="/workspace"> - <permission action="all" subject="unauthenticated" -inheritable="true"/> - <!-- Make sure the subject here is a valid LDAP + <permission action="/actions/write" + subject="/roles/connect users" inheritable="true"/> + <permission action="/actions/read-acl" subject="owner" + inheritable="true"/> + </objectnode> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/workspace"> + <permission action="all" subject="unauthenticated" + inheritable="true"/> + <!-- Make sure the subject here is a valid LDAP group --> - <permission action="/actions/write" subject="/roles/connect users" -inheritable="true"/> - <permission action="/actions/read-acl" -subject="owner" inheritable="true"/> - </objectnode> - <objectnode -classname="org.apache.slide.structure.SubjectNode" -uri="/workingresource"> - <permission action="all" subject="unauthenticated" -inheritable="true"/> - <!-- Make sure the subject here is a valid LDAP group --> - <permission action="/actions/write" subject="/roles/connect users" -inheritable="true"/> - <permission action="/actions/read-acl" -subject="owner" inheritable="true"/> - </objectnode> - </objectnode> - </data> - </namespace> - <parameter name="historypath">/history</parameter> - <parameter name="workspacepath">/workspace</parameter> - <parameter name="workingresourcepath">/workingresource</parameter> - <parameter name="auto-version">checkout-checkin</parameter> - <parameter name="auto-version-control">false</parameter> - <parameter name="versioncontrol-exclude"/> - <parameter name="checkout-fork">forbidden</parameter> - <parameter name="checkin-fork">forbidden</parameter> -</slide> \ No newline at end of file + <permission action="/actions/write" + subject="/roles/connect users" inheritable="true"/> + <permission action="/actions/read-acl" subject="owner" + inheritable="true"/> + </objectnode> + <objectnode classname="org.apache.slide.structure.SubjectNode" + uri="/workingresource"> + <permission action="all" subject="unauthenticated" + inheritable="true"/> + <!-- Make sure the subject here is a valid LDAP group --> + <permission action="/actions/write" + subject="/roles/connect users" inheritable="true"/> + <permission action="/actions/read-acl" subject="owner" + inheritable="true"/> + </objectnode> + </objectnode> + </data> + </namespace> + <parameter name="historypath">/history</parameter> + <parameter name="workspacepath">/workspace</parameter> + <parameter name="workingresourcepath">/workingresource</parameter> + <parameter name="auto-version">checkout-checkin</parameter> + <parameter name="auto-version-control">false</parameter> + <parameter name="versioncontrol-exclude"/> + <parameter name="checkout-fork">forbidden</parameter> + <parameter name="checkin-fork">forbidden</parameter> +</slide>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
