Re: J2 Security Customization
Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2 Security Customization
I see, his class. But i need to change for example: the data base acces, tables, columns, (the database model is diferent), a so on i think there is more classes ... isn't it ? - Original Message - From: Randy Watler [EMAIL PROTECTED] To: Jetspeed Users List jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 4:59 PM Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: J2 Security Customization
Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] /* * Created on Jun 21, 2004 * * TODO To change the template for this generated file go to * Window - Preferences - Java - Code Generation - Code and Comments */ package com.ugs.it.jetspeed.valves; import java.io.IOException; import java.security.Principal; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; import javax.security.auth.Subject; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.configuration.Configuration; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.jetspeed.pipeline.PipelineException; import org.apache.jetspeed.pipeline.valve.SecurityValve; import org.apache.jetspeed.pipeline.valve.ValveContext; import org.apache.jetspeed.request.RequestContext; import org.apache.jetspeed.security.SecurityHelper; import org.apache.jetspeed.security.UserPrincipal; import org.apache.jetspeed.security.impl.AbstractSecurityValve; import org.apache.jetspeed.security.impl.RolePrincipalImpl; import org.apache.jetspeed.security.impl.UserPrincipalImpl; import org.springframework.beans.BeansException; import org.springframework.beans.factory.BeanFactory; import org.springframework.beans.factory.BeanFactoryAware; import com.ugs.it.jetspeed.security.ProductPrincipal; import com.ugs.it.jetspeed.security.ZonePrincipal; import com.ugs.it.salescentre.user.MissingCookieException; import com.ugs.it.salescentre.user.MissingUserException; import com.ugs.it.salescentre.user.SalesCentreUser; import com.ugs.it.salescentre.util.spring.HttpServletRequestFactoryBean; /** * @author a href=mailto:[EMAIL PROTECTED]Scott T. Weaver /a * */ public class WebKeySecurityValve extends AbstractSecurityValve implements SecurityValve, BeanFactoryAware { protected final String WEBKEY_COOKIE = WEBKEY_SSO; protected final Log log = LogFactory.getLog(WebKeySecurityValve.class); protected String webKeyServer; private Configuration config; private BeanFactory beanFactory; public WebKeySecurityValve(Configuration config) { this.config = config; } /** * p * invoke * /p * * @see org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext, * org.apache.jetspeed.pipeline.valve.ValveContext) * @param arg0 * @param arg1 * @throws org.apache.jetspeed.pipeline.PipelineException */ public void invoke(RequestContext rc, ValveContext vc) throws PipelineException { HttpServletRequest request = rc.getRequest(); HttpServletResponse response = rc.getResponse(); HttpServletRequestFactoryBean requestFactoryBean = (HttpServletRequestFactoryBean) beanFactory .getBean(HttpServletRequest); requestFactoryBean.setRequest((HttpServletRequest) request); try { SalesCentreUser user = (SalesCentreUser) beanFactory .getBean(SalesCentreUser); if (isAuthorized(user
Re: J2 Security Customization
Thanks a lot !! But so, want is the usefull of the UserManager, RoleManager, and all the other interfaces ... the class you send me work at the request level, its there anuy posibility to change only the base layer of the aplication, like, the getUser(String user) method of the UserManager or something like that ?? or its convenient, to change al the clases begin with the SecurityValve ??? - Original Message - From: Scott T Weaver [EMAIL PROTECTED] To: 'Jetspeed Users List' jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 5:13 PM Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: J2 Security Customization
Scott, ... man this is excellent. I've been struggling with swapping out J2's security for days upon days. Being that the docs on security are somewhat sparse didn't help. I didn't want to even attempt to implement JAAS. Taking a look at you attached code cleared a few things up. If I reverse engineer your example for my custom needs and reconfigure the files in WEB-INF/assembly to use this class as the default security valve ... other than breaking PAM application ... is there anything else that has to be reimplemented to get a custom authentication authorization valve functional in J2? - Frank -Original Message- From: Scott T Weaver [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 03:13 PM To: 'Jetspeed Users List' Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: J2 Security Customization
Nope, I just removed all of the custom J2 security valve stuff and stuck mine in palce of it. Here is an example of my current pipeline config. -Scott -Original Message- From: Frank Villarreal [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:37 PM To: Jetspeed Users List Subject: RE: J2 Security Customization Scott, ... man this is excellent. I've been struggling with swapping out J2's security for days upon days. Being that the docs on security are somewhat sparse didn't help. I didn't want to even attempt to implement JAAS. Taking a look at you attached code cleared a few things up. If I reverse engineer your example for my custom needs and reconfigure the files in WEB-INF/assembly to use this class as the default security valve ... other than breaking PAM application ... is there anything else that has to be reimplemented to get a custom authentication authorization valve functional in J2? - Frank -Original Message- From: Scott T Weaver [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 03:13 PM To: 'Jetspeed Users List' Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ?xml version=1.0 encoding=UTF-8? !DOCTYPE beans PUBLIC -//SPRING//DTD BEAN//EN http://www.springframework.org/dtd/spring-beans.dtd; !-- Copyright 2004 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- beans bean id=webkeyValve class=com.ugs.it.jetspeed.valves.WebKeySecurityValve init-method=initialize constructor-arg ref bean=portal_configuration / /constructor-arg /bean bean id=ugs-webkey-pipeline class=org.apache.jetspeed.pipeline.JetspeedPipeline init-method=initialize constructor-arg valueUGSWebkeyPipeline/value /constructor-arg constructor-arg list ref bean=webkeyValve/ ref bean=localizationValve/ ref bean=capabilityValve/ ref bean=portalURLValve/ ref bean=profilerValve/ ref bean=containerValve/ ref bean=actionValve/ ref bean=aggregatorValve/ ref bean=cleanUpValve/ /list /constructor-arg /bean /beans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2 Security Customization
Scot, its really grate thanks ! i clarifiy mi requeriments with this: I must let new users to register in the portal. (create new users) This class, have anithing in common with this process ??? - Original Message - From: Frank Villarreal [EMAIL PROTECTED] To: Jetspeed Users List jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 5:37 PM Subject: RE: J2 Security Customization Scott, ... man this is excellent. I've been struggling with swapping out J2's security for days upon days. Being that the docs on security are somewhat sparse didn't help. I didn't want to even attempt to implement JAAS. Taking a look at you attached code cleared a few things up. If I reverse engineer your example for my custom needs and reconfigure the files in WEB-INF/assembly to use this class as the default security valve ... other than breaking PAM application ... is there anything else that has to be reimplemented to get a custom authentication authorization valve functional in J2? - Frank -Original Message- From: Scott T Weaver [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 03:13 PM To: 'Jetspeed Users List' Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: J2 Security Customization
We don't do any user management in the portal, as that is all taken care of through other means which we do not concern ourselves with currently. Regards, Scott -Original Message- From: Santiago Urrizola [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:29 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Thanks a lot !! But so, want is the usefull of the UserManager, RoleManager, and all the other interfaces ... the class you send me work at the request level, its there anuy posibility to change only the base layer of the aplication, like, the getUser(String user) method of the UserManager or something like that ?? or its convenient, to change al the clases begin with the SecurityValve ??? - Original Message - From: Scott T Weaver [EMAIL PROTECTED] To: 'Jetspeed Users List' jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 5:13 PM Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: J2 Security Customization
Our registration process is very controlled and goes through a work flow and verification process. The process is handled by an entirely different department. -Scott -Original Message- From: Santiago Urrizola [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:38 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Scot, its really grate thanks ! i clarifiy mi requeriments with this: I must let new users to register in the portal. (create new users) This class, have anithing in common with this process ??? - Original Message - From: Frank Villarreal [EMAIL PROTECTED] To: Jetspeed Users List jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 5:37 PM Subject: RE: J2 Security Customization Scott, ... man this is excellent. I've been struggling with swapping out J2's security for days upon days. Being that the docs on security are somewhat sparse didn't help. I didn't want to even attempt to implement JAAS. Taking a look at you attached code cleared a few things up. If I reverse engineer your example for my custom needs and reconfigure the files in WEB-INF/assembly to use this class as the default security valve ... other than breaking PAM application ... is there anything else that has to be reimplemented to get a custom authentication authorization valve functional in J2? - Frank -Original Message- From: Scott T Weaver [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 03:13 PM To: 'Jetspeed Users List' Subject: RE: J2 Security Customization Yes, writing a security valve is very simple since J2 uses standard javax.security.Subject for authorization. I have attached the code I use that builds a Subject from our home grown SSO application. Hth, Scott -Original Message- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Thursday, April 21, 2005 4:00 PM To: Jetspeed Users List Subject: Re: J2 Security Customization Santiago, There are multiple solutions to this common requirement. The easiest is probably to implement your own SecurityValve. Just make sure you use the existing o/a/j/security.impl.SecurityValveImpl.java as a template. Then there is JAAS... Scott can probably comment in more detail. Randy Santiago Urrizola wrote: Hi, i wan t to change a part of the security model of J2, to adapt they on mi organization model. Basically i need to change the part where J2, 1 - retrive users from de DataBase. (my own tables, not the default tables of the j2), and obiously where save new/modified users 2 - autenticate the passwords of login users 3 - retrive all groups and roles, and users in a group role. I see the sources for a while, and see a lot of places where i can change this, but i dont know where is the correct place (class or classes) to change it. I see UserManager, and think its posible to create a new UserManager, but this class dont have full control of the users, i know tht i need to change the implementor of some interfaces in the *.xml in the assembly director. But can some one tell me how classes i must modify (or create new implementor for this interaces) ??? Thank you very very very very much Santiago - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: jetspeed-user- [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2 Security Customization
Scott T Weaver wrote: Our registration process is very controlled and goes through a work flow and verification process. The process is handled by an entirely different department. Ive got the same kind of situation on a Jetspeed-2 portal deployment. The login is actually done by a federated authentication server, and then redirected to Jetspeed. -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773-4646 [mobile] +01 707 529 9194 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: J2 Security Customization
ok, thanks !! so ... anyone knows how can i change .. or where i mus see .. to change the registration and autentication procees, thats include: loks for an user when he try to login, and if tis valid asign some roles (roles of the portal, not of my organitzation) depending in some atributes of the user (who is stores in another database) register a new user, and permit a new user register its own to the portal (me by i can create a new portlet/application for this ??) Y see a lot of places where i can change this, buyt i dont want to change or create classes anyware, i want to create or modify the correct classses or implement the correct interfaces for this problem. Thanks a lot, all of you - Original Message - From: David Sean Taylor [EMAIL PROTECTED] To: Jetspeed Users List jetspeed-user@jakarta.apache.org Sent: Thursday, April 21, 2005 6:14 PM Subject: Re: J2 Security Customization Scott T Weaver wrote: Our registration process is very controlled and goes through a work flow and verification process. The process is handled by an entirely different department. Ive got the same kind of situation on a Jetspeed-2 portal deployment. The login is actually done by a federated authentication server, and then redirected to Jetspeed. -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773-4646 [mobile] +01 707 529 9194 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]