Hi,
thank You for the advice.
I used one DefaultAuthorizationEntry with rank=0 and endpoint=* to replace
the default AuthorizationEntry.
The authentication will be done throught the JAAS PropertiesLoginModule.
The user *smx* has the role *admin* in the *users.properties*, but I become
*User not authenticated* exception.
When I remove the AuthorizationEntry from beans.xml, the user is
authenticated, no roles are checked and the service is working properly.
I can not find anywhere, why the role *admin* is not accepted. It seams all
to be configured properly.
I tested the same with LDAPLoginModule too, but with the same result (the
same exception).
1. Can You give me some example, how to properly configure the
DefaultAutorizationEntry to accept the roles?
2. Or must the JAAS LoginModule contain something specific to read the
roles?
3. What is the form of the *endpoint* property of the
DefaultAuthorizationEntry?
When I tried to secure *concrete endpoint*, the AuthorizationEntry wasn't
used anymore.
Endpoint to secure: <saxon:xquery service="isl:pokus"
endpoint="xquery" query="...
DefaultAuthorizationEntry: <property name="endpoint"
value="xquery" />
-> but no roles on the endpoint xquery were tested.
4. Can I see/put the rolename of the authenticated user in the log-file?
How?
I can't see it in the log in TRACE mode.
May be, the roles are really not readed.
*The exception:*
org.apache.servicemix.nmr.api.ServiceMixException: User not authenticated or
not authorized to access any matching endpoint.
at
org.apache.servicemix.nmr.core.FlowRegistryImpl.dispatch(FlowRegistryImpl.java:112)[98:org.apache.servicemix.nmr.core:1.5.0.fuse-00-43]
*AuthorizationEntry configuration:*
<osgi:service
interface="org.apache.servicemix.nmr.api.security.AuthorizationEntry">
<bean
class="org.apache.servicemix.nmr.core.security.DefaultAuthorizationEntry">
<property name="endpoint" value="*" />
<property name="rank" value="0" />
<property name="roles" value="admin" />
<property name="type" value="Set" />
</bean>
</osgi:service>
*users.properties file:*
smx = smx,admin
*JAAS PropertiesLoginModule - test 1 with users in properties file:*
<jaas:config name="servicemix-domain">
<jaas:module
className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
flags="sufficient">
users = $[karaf.base]/etc/users.properties
encryption.name = ${encryption.name}
encryption.enabled = ${encryption.enabled}
encryption.prefix = ${encryption.prefix}
encryption.suffix = ${encryption.suffix}
encryption.algorithm = ${encryption.algorithm}
encryption.encoding = ${encryption.encoding}
</jaas:module>
</jaas:config>
*JAAS LDAPLoginModule - test 2 with users in LDAP:*
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="sufficient">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=cn=nic+sn=nic+uid=nic,ou=users,ou=system,dc=test,dc=cz
connection.password=nic
connection.protocol=
connection.url=ldap://localhost:389
user.base.dn=ou=users,ou=system,dc=test,dc=cz
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=roles,ou=system,dc=test,dc=cz
role.name.attribute=cn
role.filter=(member=cn=%u+sn=%u+uid=%u,ou=users,ou=system,dc=test,dc=cz)
role.search.subtree=true
authentication=simple
</jaas:module>
Thank you,
Radomir
--
View this message in context:
http://servicemix.396122.n5.nabble.com/SecuredBroker-in-SMX4-tp4819311p4823104.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
