I tried to implement my Class LdapUserManager without extending JdoUserManager.
But there are some problems: I set the hint of my implementation on ldap and changed the Requirements of the classes which use a UserManager on my Implementation (hint=ldap). But the only class I found where "org.apache.maven.continuum.web.action.ProjectGroupAction", but I think there must be classes in the Plexus Security (But I don't know how to change them)! After that I tried to give my Implementation the hint jdo (I know it is a dirty hack). Know Continuum uses sometimes my implementation and the default jdo-implementation. -David Joakim Erdfelt schrieb: > Some problems here. > > You can't extend JdoUserManager. > That won't work. > > If you need multiple sources for Users, then that is a feature we need > to add to the security framework. > We already do this with the Authorization bits. I see no reason we > can't do that for the Authentication bits too. > > Again, Use the maven 2 build process. > Look at the annotations within the code. > The 'role-hint' is the key. > Your LDAP code will have it's own unique role-hint. > > Do *NOT* manage the components.xml by hand. > > - Joakim > > David Goemans wrote: >> Hi, >> >> at first thanks for your help. I want to write a UserManager, which >> extends the JdoUserManager and only search in LDAP if the user isn't >> saved in Database. >> >> But my first problem is that I don't understand, how continuum knows >> that it should use my UserManager-implementation. >> >> - David >> >> Joakim Erdfelt schrieb: >> >>> There are 3 database stores for you to worry about. >>> >>> Users >>> Roles / Permissions / Resouces >>> Keys >>> >>> If you are just providing Users / Authentication ldap integration, then >>> you need only to create an LDAP Provider for the Users Store. >>> >>> Use the maven 2 build process and you don't have to manage the >>> components.xml manually, as the maven 2 build process creates them from >>> annotations within the source code. >>> >>> See the examples in source control - >>> https://svn.codehaus.org/plexus/plexus-redback/branches/plexus-security-1.0-alpha-11/user-management/providers/ >>> >>> - Joakim >>> >>> David Goemans wrote: >>> >>>> yes I am willing to share this implementation. But I didn't write a >>>> implementation now (only a dummy). At the moment I only want to know >>>> how to configure it in the component.xml-File. Then I will try to write >>>> a LDAP-implementation. >>>> >>>> greetz >>>> David >>>> >>>> Joakim Erdfelt schrieb: >>>> >>>> >>>>> Would you be willing to share this implementation? >>>>> As we would all be interested in getting access to this? >>>>> >>>>> - Joakim Erdfelt >>>>> >>>>> David Goemans wrote: >>>>> >>>>> >>>>>> Hi, >>>>>> >>>>>> I want to use LDAP to authenticate on Continuum. I tried to write a own >>>>>> RBAC-Manager and wanted to configure it in the file "components.xml" of >>>>>> the subproject continuum-security as follow: >>>>>> >>>>>> <!-- RBAC Manager, cached ldap --> >>>>>> <component> >>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role> >>>>>> <role-hint>cached</role-hint> >>>>>> <implementation>org.codehaus.plexus.security.authorization.rbac.store.cached.CachedRbacManager</implementation> >>>>>> <description>CachedRbacManager is a wrapped RBACManager with >>>>>> caching.</description> >>>>>> <requirements> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role> >>>>>> <role-hint>ldap</role-hint> >>>>>> <field-name>rbacImpl</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>operations</role-hint> >>>>>> <field-name>operationsCache</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>permissions</role-hint> >>>>>> <field-name>permissionsCache</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>resources</role-hint> >>>>>> <field-name>resourcesCache</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>roles</role-hint> >>>>>> <field-name>rolesCache</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>userAssignments</role-hint> >>>>>> <field-name>userAssignmentsCache</field-name> >>>>>> </requirement> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.ehcache.EhcacheComponent</role> >>>>>> <role-hint>userPermissions</role-hint> >>>>>> <field-name>userPermissionsCache</field-name> >>>>>> </requirement> >>>>>> </requirements> >>>>>> </component> >>>>>> >>>>>> <component> >>>>>> <role>org.codehaus.plexus.security.rbac.RBACManager</role> >>>>>> <role-hint>ldap</role-hint> >>>>>> <implementation>"my implementation"</implementation> >>>>>> <description>JdoRbacManager:</description> >>>>>> <requirements> >>>>>> <requirement> >>>>>> <role> >>>>>> org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool >>>>>> </role> >>>>>> <field-name>jdo</field-name> >>>>>> </requirement> >>>>>> </requirements> >>>>>> </component> >>>>>> <component> >>>>>> <role> >>>>>> org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool >>>>>> </role> >>>>>> <implementation> >>>>>> org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoTool >>>>>> </implementation> >>>>>> <description>JdoTool - RBAC JDO Tools.</description> >>>>>> <requirements> >>>>>> <requirement> >>>>>> <role>org.codehaus.plexus.jdo.JdoFactory</role> >>>>>> <role-hint>users</role-hint> >>>>>> <field-name>jdoFactory</field-name> >>>>>> </requirement> >>>>>> </requirements> >>>>>> </component> >>>>>> >>>>>> The continuum uses now my implementation, but no roles, permissions, etc >>>>>> are defined. How can I configure the continuum roles, permissions, etc >>>>>> in the components.xml-file. >>>>>> >>>>>> My implementation extends the >>>>>> "org.codehaus.plexus.security.authorization.rbac.store.jdo.JdoRbacManager", >>>>>> because I only want to authenticate on LDAP if the user isn't saved in >>>>>> the Database. >>>>>> >>>>>> greetz >>>>>> David >>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>> >> > >
