On Aug 27, 2008, at 4:51 AM, JetWork wrote:
Hi Everybody,
We have our own Identity access management product.
All the permissions, principals and policies will be set in that
product.
For authentication ;we have written our own LoginModule and
configured it in
Jetspeed 2, authentication is working fine, it authenticates the
user and
fetches the Dynamic groups from the Identity access management
product and
stores them in session.
One of the dynamic group returned matches our security-constraint in
web.xml
i.e. secuirty-role.
Now to work it correctly, I have to use roles, permission portlets
exposed
by jetspeed 2, to add those group to Jetspeed 2.
But I want that Jetspeed 2 should be configured such that it
automatically
creates the user, roles, permissions fetched from the Identity access
management tool. (Avoid adding manually through portlets, as it
causes the
same work to do twice, once in the product and second in jetspeed )
I read on jetspeed security page that we can create roles using one
of the
four methods:
* With the administrative user/role/group browser/details portlets
* With the self-registration portlet
* With Jetspeed Seed Data
* Programmatically, writing your own portlet
specified on http://portals.apache.org/jetspeed-2/faq.html
How to accomplish my requirement, do i have to create my own security
valve??
By creating a security valve, and replacing (or extending) the default
security valve, you could achieve two things:
1. hook in your security principals without touching Jetspeed, saving
a lot of coding time that may not be necessary
2. Disable the Jetspeed Administration portlets for User, Role and
Group management (use your own). Don't make use of the user/group/role
services
The purpose of your security valve would be to create a Subject with
the correct User principal from your Login Module, as well as the set
of roles, groups and credentials (not required) providing Jetspeed
with the required Subject used in subsequent valves in the pipeline
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
