-----Original Message-----
From: Ben Groeneveld [mailto:bgroeneveld@]
>>As an aside, I would also like to be able to control access to the paths
>>mapped by jrun using .htaccess or AuthUserFile, but it seems that they
>>get intercepted first by the mod_jrun. Do you know of a way around this?
>
>>BenG.
Any way I can think of would be messy and, at best, not more easy to
maintain.
One thing might be to use a base servlet which, for every GET or POST, tries
to
connect back to apache (as if it was a local web-browser) with the supplied
credentials.
Of course you risk unwanted side-effects and worse performance...
Then again, maybe some bright spark perl-coder or java-whiz has coded
something
that will read apache's .htaccess etc and derive a web.xml security
constraint list..
JRUN_DIR/lib/global.properties : (relevent fragments; backup your
global.properties and edit carefully!)
basically you need to add "authentication" to the line
"webapp.services=scheduler,logging,session,jsp,file"
The rest should be okay.
########################################################################
## control services
########################################################################
# List of services to start for Servlet/JSP support
servlet.services={servlet.webapps}
webapp.services=scheduler,logging,session,authentication,jsp,file
# service aliases
webapp.SessionManager=session
webapp.ResourceAuthenticator=authentication
webapp.PageTranslator=jsp
########################################################################
## misc JRun properties
########################################################################
# login/authentication service (new for 3.0)
authentication.class=allaire.jrun.servlet.ResourceAuthenticator
authentication.service=propfile
authentication.propfile.class=allaire.jrun.security.PropertyFileAuthenticati
on
authentication.propfile.filename={jrun.rootdir}/lib/users.properties
JRUN_DIR/lib/users.properties : (complete file)
see batchfile below for adding users & computing password hashes
# users.properties
# (this is nonsense data !)
# my_managers
user.B32=B3iMnzTIUIZGq
user.B34=B5LR2zgVT5HJq
# my_team
user.A7O=A37I7zUX4GyZq
user.AXY=AXLHozK39XQ0q
user.AYF=AYkiqzhPvctwq
# my_testers
user.BDP=B3.Lvz8ULo7uq
user.BL5=BuWDGzQo1BbLq
user.AXU=AGXQJzAQ5/qmq
group.my_managers=B32,B34
group.my_team=A7O,AXY,AYF, group.my_managers
group.my_testers=BDP,BL5,AXU
role.my_manager_role=group.my_managers
role.my_developer_role=group.my_team
role.my_user_role=group.my_team, group.my_testers
Also, to create users and passwords, you can use this batchfile:
adduser.bat : (check your JDK dir and JRUN dir!) (complete file)
@echo off
REM make sure the correct JDK bin dir is first in the path
set PATH=c:\jdk1.3\bin;%PATH%
set JRUN_HOME=c:\progra~1\allaire\jrun
set CLASSPATH=
set CLASSPATH=%CLASSPATH%;%JRUN_HOME%\lib\ext\servlet.jar
set CLASSPATH=%CLASSPATH%;%JRUN_HOME%\lib\jrun.jar
@echo ..... Removing user %1 :
java -cp %CLASSPATH% allaire.jrun.security.PropertyFileAuthentication
-remove %JRUN_HOME%\lib\users.properties %1
@echo ..... Adding user %1 password %2 :
java -cp %CLASSPATH% allaire.jrun.security.PropertyFileAuthentication
-add %JRUN_HOME%\lib\users.properties %1 %2
This app/servlet is accessed by: "http://localhost/myapp/ThingListServlet";
or "http://User:Password@localhost/myapp/ThingListServlet";
JRUN_DIR/servers/default/myapp/WEB-INF/web.xml : (complete file)
<web-app>
<servlet>
<servlet-name>ThingListServlet</servlet-name>
<servlet-class>be.thiscorp.my.ThingListServlet</servlet-class>
<security-role-ref>
<role-name>manager</role-name><role-link>my_manager_role</role-link>
<role-name>developer</role-name><role-link>my_developer_role</role-link>
<role-name>user</role-name><role-link>my_user_role</role-link>
</security-role-ref>
</servlet>
<servlet-mapping>
<servlet-name>ThingListServlet</servlet-name>
<url-pattern>/ThingListServlet</url-pattern>
</servlet-mapping>
<!-- Security Configuration -->
<!--
In JRUN there's a bunch of tricky bits to get just right in the
{jrun_home}/lib/global.properties,
{jrun_home}/lib/users.properties and
{jrun_home}/servers/{server}/local.properties
before it will actually ask you for a userid/password
(case-sensitive)
-->
<security-constraint>
<web-resource-collection>
<!-- the web-resource-name should be the same as the
directory the app maps to,
defined in local.properties, eg
"webapp.mapping./myapp=myapp"
I always make the app name the same as the dir because
actually I'm not completely
sure which is used (name or Dir) for web-resource-name
... -->
<web-resource-name>myapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>my_manager_role</role-name>
<role-name>my_developer_role</role-name>
<role-name>my_user_role</role-name>
</auth-constraint>
</security-constraint>
<!-- this constraint I havn't tested, though I imagine it ought to
at least nearly work .. ->
<security-constraint>
<web-resource-collection>
<web-resource-name>myapp</web-resource-name>
<!--
I suppose the url-pattern would either be a physical
path under (local.properties) myapp.rootdir,
or part of a path mapping defined in a <servlet-mapping>
-->
<url-pattern>/managers_only/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>my_manager_role</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>my_manager_role</role-name>
<role-name>my_developer_role</role-name>
<role-name>my_user_role</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MY_BASIC_REALM</realm-name>
</login-config>
<!-- End of Security Configuration -->
</web-app>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
