Thanks for the excellent reply.
I am struggling to understand the code and the philosophy behind the code so that I may use slide effectively, and integrate it into Liferay Portal.
I understand the first paragraph, and tnaks for explaining the Role Authorisation philosophy especially the part about the compliancy to WebDAV ACL spec ( which of course I have not read, which I should do really ).
I dont really understand the second part, and this is the most critical for me.
I believe that as you say I am authenticating ok, and I think you are confirming my belief that its just the ACL part that does not work.
Did you have a look at my second post about
auto-create-users
I had a closer look at the code, and from what I could see, if i set this and the role correctly in the Domain.xml, then when I try to do a .getPrincipal the user will be auto created with the default role.
Is that what you are alluding to when you say the 'slide repository', or do I need to do something else.
Thanks for your help.
Paul.
James Mason wrote:
Slide needs to be able to enumerate all of the available roles in order to be WebDAV compliant. JAAS integration works great for *authentication*, but when it comes to authorization Slide uses other methods for discovering role memberships. If you want to provide your own Security implementation that uses JAAS for roles as well it shouldn't be too hard, but your implementation would not be compliant with WebDAV ACL specification (probably not that big of a deal for your application).
If you configure your Slide repository so that the "authenticated" principal has inherited read permissions to the root node everything should work fine (with auto-create-users turned on).
-James
On Tue, 2005-01-11 at 18:00 +0100, Paul Hussein wrote:
I cant believe this is the way it is, as does it not defeat the objective,
I thought the objective of JAAS is to allow external authentication. If I need a preconfigured store, then thats not right.
Autocreate user autocreates a user with some authentication, so there must be something wrong in the configuration, maybe the wrong user role is being auto created that is not authorised to see stuff.
Who wrote this stuff ? Has anyone else written an non Slide JAAS module? Otherwise it seems a lot of effort has been made to create a module that wont work in the correct | clean way.
Regards
Paul.
Oliver Zeigermann wrote:
I see. You will either have to grant the rights to anyone or have a user store that displays the appropriate rights like James has done in the JNDI user store, I guess. If so and you are authenticated, but not authorized, your problem has got nothing to do with JAAS.
Oliver
On Tue, 11 Jan 2005 17:20:41 +0100, Paul Hussein <[EMAIL PROTECTED]> wrote:
Thanks for the reply.
The problem I am having is that from the resources I see available to give me information on how to write my own login module ( for which I am using http://forum.java.sun.com/thread.jspa?threadID=233317&tstart=75 to guide me ), all I need to do is replace the Slide login module with my own ( which I have done with a hardcoded authentication )
Add the auto create users/role to the Domain.xml
and the JAAS stuff should log me in ok.
However, I believe I am being authenticated, as the username and password dialog pops up, but I am not authorised to look at the contents of the slide repository. That is, when I point my browser to 127.0.0.1:8080/slide/files after entering the username and password i get :
HTTP Status 403 - Access to the requested resource has been denied
As described ( unclearly !!! ) below.
If you could point to where I am going wrong, or could look, or if this is a bug I would be greatful.
Cheers
Paul.
Oliver Zeigermann wrote:
Now this is a question I understand. I guess you are right. I was able to switch on user auto creation by adding
<auto-create-users>true</auto-create-users> <auto-create-users-role>org.apache.slide.structure.SubjectNode</auto-create-users-role>
to the configuration section of Domain.xml
Oliver
On Tue, 11 Jan 2005 11:25:49 +0100, Paul Hussein <[EMAIL PROTECTED]> wrote:
The JAAS authentication for me is working happily.
However, I wish to remove the custom authentication within the slide login module and replace it with my own authentication.
At the moment a fixed username and password 'jaas' jaas'
I would like to know how to do this, as I believe ther is a complication associated with auto creating users, that when I authenticate, I need to tell slide to auto create a user and role for mt foreign authenticated user.
What parts do I need to retain in the login module and what parts can I remove ?
Regards
Paul.
Oliver Zeigermann wrote:
Hi Paul,
if the original JAAS authentication did work for you this does not seem to be a Slide related problem. I have no idea what parts of the Sun tutorial you used or what you even want ot achieve. The information you provide does not give me a clue either.
Oliver
On Tue, 04 Jan 2005 15:11:49 +0100, Paul Hussein <[EMAIL PROTECTED]> wrote:
I am having a slight problem configuring a simple JAAS authentication using slide 2.1rc1 ( tomcat binary ) and the example code from the JAAS tutorial
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
I have downloaded and build the example code from above and jar'd that up and placed it in common/lib
I have modified the jaas.conf to be
slide_login { sample.module.SampleLoginModule required namespace=slide; };
And through some debug i have added to the sample login module I can see that the login method takes the credentials and returns true.
However i still get
HTTP Status 403 - Access to the requested resource has been denied
------------------------------------------------------------------------
*type* Status report
*message* _Access to the requested resource has been denied_
*description* _Access to the specified resource (Access to the requested resource has been denied) has been forbidden._
------------------------------------------------------------------------
Apache Tomcat/5.0.28
I have read from the lists that maybe i need to set :
<auto-create-users>true</auto-create-users> <auto-create-users-role>user</auto-create-users-role>
Which I have done but I still get the same error.
Is there another setting I am missing to get this simple sample JAAS authentication working with Slide.
Regards
Paul.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
