John, thanks. I was hoping to not introduce yet another passwd
machanism to maintain (anyone know if jrun has an LDAP interface
planned?) by keeping it all in apache. And 'bedankt' for the detailed
explain below; I'll use it. BenG.
Mullee John - ZGI wrote:
>-----Original Message-----
>From: Ben Groeneveld [mailto:bgroeneveld@]
>
>>>As an aside, I would also like to be able to control access to the paths
>>>mapped by jrun using .htaccess or AuthUserFile, but it seems that they
>>>get intercepted first by the mod_jrun. Do you know of a way around this?
>>>
>>>BenG.
>>>
>
>Any way I can think of would be messy and, at best, not more easy to
>maintain.
>One thing might be to use a base servlet which, for every GET or POST, tries
>to
>connect back to apache (as if it was a local web-browser) with the supplied
>credentials.
>Of course you risk unwanted side-effects and worse performance...
>
>Then again, maybe some bright spark perl-coder or java-whiz has coded
>something
>that will read apache's .htaccess etc and derive a web.xml security
>constraint list..
>
>JRUN_DIR/lib/global.properties : (relevent fragments; backup your
>global.properties and edit carefully!)
>basically you need to add "authentication" to the line
>"webapp.services=scheduler,logging,session,jsp,file"
>The rest should be okay.
>
> ########################################################################
> ## control services
> ########################################################################
>
> # List of services to start for Servlet/JSP support
> servlet.services={servlet.webapps}
> webapp.services=scheduler,logging,session,authentication,jsp,file
>
> # service aliases
> webapp.SessionManager=session
> webapp.ResourceAuthenticator=authentication
> webapp.PageTranslator=jsp
>
> ########################################################################
> ## misc JRun properties
> ########################################################################
>
> # login/authentication service (new for 3.0)
> authentication.class=allaire.jrun.servlet.ResourceAuthenticator
> authentication.service=propfile
>
>authentication.propfile.class=allaire.jrun.security.PropertyFileAuthenticati
>on
> authentication.propfile.filename={jrun.rootdir}/lib/users.properties
>
>JRUN_DIR/lib/users.properties : (complete file)
>see batchfile below for adding users & computing password hashes
>
> # users.properties
> # (this is nonsense data !)
> # my_managers
> user.B32=B3iMnzTIUIZGq
> user.B34=B5LR2zgVT5HJq
> # my_team
> user.A7O=A37I7zUX4GyZq
> user.AXY=AXLHozK39XQ0q
> user.AYF=AYkiqzhPvctwq
> # my_testers
> user.BDP=B3.Lvz8ULo7uq
> user.BL5=BuWDGzQo1BbLq
> user.AXU=AGXQJzAQ5/qmq
>
> group.my_managers=B32,B34
> group.my_team=A7O,AXY,AYF, group.my_managers<<
> group.my_testers=BDP,BL5,AXU
> role.my_manager_role=group.my_managers
> role.my_developer_role=group.my_team
> role.my_user_role=group.my_team, group.my_testers
>
>Also, to create users and passwords, you can use this batchfile:
>adduser.bat : (check your JDK dir and JRUN dir!) (complete file)
>
> @echo off
> REM make sure the correct JDK bin dir is first in the path
> set PATH=c:\jdk1.3\bin;%PATH%
> set JRUN_HOME=c:\progra~1\allaire\jrun
> set CLASSPATH=
> set CLASSPATH=%CLASSPATH%;%JRUN_HOME%\lib\ext\servlet.jar
> set CLASSPATH=%CLASSPATH%;%JRUN_HOME%\lib\jrun.jar
> @echo ..... Removing user %1 :
> java -cp %CLASSPATH% allaire.jrun.security.PropertyFileAuthentication
>-remove %JRUN_HOME%\lib\users.properties %1
> @echo ..... Adding user %1 password %2 :
> java -cp %CLASSPATH% allaire.jrun.security.PropertyFileAuthentication
>-add %JRUN_HOME%\lib\users.properties %1 %2
>
>
>This app/servlet is accessed by: "http://localhost/myapp/ThingListServlet";
>or "http://User:Password@localhost/myapp/ThingListServlet";
>JRUN_DIR/servers/default/myapp/WEB-INF/web.xml : (complete file)
>
> <web-app>
>
> <servlet>
> <servlet-name>ThingListServlet</servlet-name>
>
><servlet-class>be.thiscorp.my.ThingListServlet</servlet-class>
> <security-role-ref>
>
><role-name>manager</role-name><role-link>my_manager_role</role-link>
>
><role-name>developer</role-name><role-link>my_developer_role</role-link>
>
><role-name>user</role-name><role-link>my_user_role</role-link>
> </security-role-ref>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>ThingListServlet</servlet-name>
> <url-pattern>/ThingListServlet</url-pattern>
> </servlet-mapping>
>
> <!-- Security Configuration -->
>
> <!--
> In JRUN there's a bunch of tricky bits to get just right in the
> {jrun_home}/lib/global.properties,
> {jrun_home}/lib/users.properties and
> {jrun_home}/servers/{server}/local.properties
> before it will actually ask you for a userid/password
>(case-sensitive)
> -->
>
> <security-constraint>
>
> <web-resource-collection>
> <!-- the web-resource-name should be the same as the
>directory the app maps to,
> defined in local.properties, eg
>"webapp.mapping./myapp=myapp"
> I always make the app name the same as the dir because
>actually I'm not completely
> sure which is used (name or Dir) for web-resource-name
>... -->
> <web-resource-name>myapp</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>my_manager_role</role-name>
> <role-name>my_developer_role</role-name>
> <role-name>my_user_role</role-name>
> </auth-constraint>
>
> </security-constraint>
>
> <!-- this constraint I havn't tested, though I imagine it ought to
>at least nearly work .. ->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>myapp</web-resource-name>
> <!--
> I suppose the url-pattern would either be a physical
>path under (local.properties) myapp.rootdir,
> or part of a path mapping defined in a <servlet-mapping>
> -->
> <url-pattern>/managers_only/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>my_manager_role</role-name>
> </auth-constraint>
> </security-constraint>
>
>
> <security-role>
> <role-name>my_manager_role</role-name>
> <role-name>my_developer_role</role-name>
> <role-name>my_user_role</role-name>
> </security-role>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>MY_BASIC_REALM</realm-name>
> </login-config>
>
> <!-- End of Security Configuration -->
>
> </web-app>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
