David, Thanks. I guess I have my work cut out :). I was able to reuse my JAAS LoginModule with the login.conf, I stacked the J2 one and mine. It appears to work !. My only problem is, if the principal is not in the J2 DB, I get permission denied to the resource. Is there a quick configuration to assign 'guest' role/permission to authenticated non J2/DB principals?
Thanks Raj On 10/3/06, David Sean Taylor <[EMAIL PROTECTED]> wrote:
Raj M wrote: > Greetings, > First, I am working of the 2.1-dev trunk. I am looking for ideas or > pointers to > where I should look for a 'stackable' authentication mechanism. Basically, > we have different authentication domains accessing the 'portal', One > authentication domain has a 'cookie' based authentication. Essentially > it, the browser sends a 'externally' authenticated token as a Cookie > value. And i have java libraries to extract the principal/subject id and > verify the authentication. How can I integrate this with j2 security > architecture? Yes. The first level of integration is at the SecurityValve. Recommend writing a custom SecurityValve. Take a look at getting the Subject required by Jetspeed created in your SecurityValve. This may be enough integration for your requirements. More deep integration involves writing custom Jetspeed security components. > > Second, question to support multiple authentication mechanisms, can the > LoginPortlet be 'enhanced' to suport 'PAM' like architecture to support > multiple 'entry' points? We have a jaas login module that comes as the default http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/login-module.html Of course you can use your own login module Additionally, i have integrated with federated solutions like Athens Eduserv, Cams. Im still trying to authenticate with Shibboleth, but the configuration is killer. Once i have a sample sp/idp running here, integration should go quickly > > Third, is the security prinicpal/roles/groups available as programattic > API to do 'auto-register' type functions (like the cookie case above?). Yes. Its all there. See the security documentation http://portals.apache.org/jetspeed-2/guides/guide-security.html --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
