I believe it's possible for me to upgrade Roller to use Spring Security 2.0 in an hour or two, so if that should be done sooner than later - please let me know.
Matt On Wed, May 28, 2008 at 6:03 PM, Allen Gilliland <[EMAIL PROTECTED]> wrote: > I like Google Docs, but can we get that put into the wiki? > > I spent a while learning Acegi stuff so that I could create a custom SSO > integration with our identity system at Sun, so I could add quite a bit more > detail about "Whats going on in security.xml". > > There is also no mention of what happens beyond Acegi, which is an important > part of understanding how authentication works in Roller. In particular you > need to know about the RollerSession object and some of the other code in > the ui.core.security package, such as auto provisioning. i.e. how an > authentic user becomes a Roller User object the system can make use of. > > As it turns out, we have had a fairly high priority request come in to add > comment authentication to our installation, so I am going to be working on > that very soon. So I should be able to help out with this proposal a bit. > > A few quick comments on the proposal ... > > * Adding columns to the db for "openid_*" seems a little hokey to me. Is it > not better to find a generic (meaning non-openid specific) way of > accomplishing this? We are bound to run into a situation like this again in > the future and I don't think messing with the schema every time is the best > solution. > > * Is it expected that openid users will get a local account provisioned? or > are we planning this such that these users would be managed externally, > similar to an ldap directotry scenario? > > * A tricky part that will need more consideration is the comment > authentication part. In particular, Roller currently does not allow a > situation where an authentic user is not also available via lookup in the > UserManager. This will need some revising. > > -- Allen > > > Dave wrote: >> >> I just did this write-up for Tatyana to help her understand how auth >> works in Roller: >> http://docs.google.com/Doc?id=dg2cfnzw_11fcjbbgdz >> >> The latest version of the OpenID proposal she is working on is here: >> http://cwiki.apache.org/confluence/x/zVAB >> >> As always, feedback is welcome. >> >> - Dave > -- http://raibledesigns.com
