Re: the mystery of root
Oliver Zeigermann gmail.com> writes: > What do you mean by WCK expects to have only one connection object? > Per request? JAAS login is called by Tomcat for every request. And WCK expects connection object for every operation as parameter to begin method of WebdavFileStore. Sergey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the mystery of root
On Wed, 19 Jan 2005 23:59:27 + (UTC), Sergey Vlasov <[EMAIL PROTECTED]> wrote: > Oliver Zeigermann gmail.com> writes: > > > > > On Mon, 17 Jan 2005 23:11:05 +0200, Roman D gmail.com> wrote: > > > We have WCK implementation and JAAS login modules. > > > JAAS is implemented at Tomcat level of because of Slide/WCK limitation > > > that you can have only one JAAS login module.(We need to have two login > > > modules simultaneously). > > > > Why can't you have more then one LoginModule? > You can have several LoginModules, but here is how it is done in WCK. > org.apache.slide.simple.authentication.JAASLoginModule > is expecting from > org.apache.slide.simple.authentication.SessionAuthenticationManager to make > decision if a user is valid or not for Slide/WCK. If the user is valid > SessionAuthenticationManager will create a connection object for WCK. So > SessionAuthenticationManager plays the role of LoginModule. From other hand > WCK > expects to have only one connection object. What do you mean by WCK expects to have only one connection object? Per request? Oliver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the mystery of root
Oliver Zeigermann gmail.com> writes: > > On Mon, 17 Jan 2005 23:11:05 +0200, Roman D gmail.com> wrote: > > We have WCK implementation and JAAS login modules. > > JAAS is implemented at Tomcat level of because of Slide/WCK limitation > > that you can have only one JAAS login module.(We need to have two login > > modules simultaneously). > > Why can't you have more then one LoginModule? You can have several LoginModules, but here is how it is done in WCK. org.apache.slide.simple.authentication.JAASLoginModule is expecting from org.apache.slide.simple.authentication.SessionAuthenticationManager to make decision if a user is valid or not for Slide/WCK. If the user is valid SessionAuthenticationManager will create a connection object for WCK. So SessionAuthenticationManager plays the role of LoginModule. From other hand WCK expects to have only one connection object. Sergey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the mystery of root
On Mon, 17 Jan 2005 23:11:05 +0200, Roman D <[EMAIL PROTECTED]> wrote: > We have WCK implementation and JAAS login modules. > JAAS is implemented at Tomcat level of because of Slide/WCK limitation > that you can have only one JAAS login module.(We need to have two login > modules simultaneously). Why can't you have more then one LoginModule? > Anyway, users are authenticated against DB and can access WebDAV, but > all users can only do PROPFIND and GET. They get "403 Forbidden" for all > "write" operations such as MKCOL, PUT, DELETE. > Except for user who's login name is "root", that user allowed to do all > operations. > > I know, Domain.xml is not documented, but maybe someone can tell us what > is the config problem that only user with login name "root" have proper > full access rights? Rights in Domain.xml correspond to ACLs as described along with the WebDAV spec. Oliver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the mystery of root
Spent many hours on this, adding or doesn't help. Finally, the only way to make it work is not to have any permissions on context; James Mason wrote: Best guess is that none of the other users have permissions granted to them. Take a look at http://wiki.apache.org/jakarta-slide/DataNode since it might help a little. The default Domain.xml grants all permissions to a user named "root". What you're going to need to do is grant the "write" permission to the users you want to have write access. If any user that authenticates using your JAAS module should have write access, you can use the "authenticated" principal. If not, you either need to grant rights to individual users or find a way to put the users into roles and grant rights to the roles. Note that the permissions defined in Domain.xml are the initial set only. You can further modify the permissions at runtime with a WebDAV client. -James On Mon, 2005-01-17 at 23:11 +0200, Roman D wrote: We have WCK implementation and JAAS login modules. JAAS is implemented at Tomcat level of because of Slide/WCK limitation that you can have only one JAAS login module.(We need to have two login modules simultaneously). Anyway, users are authenticated against DB and can access WebDAV, but all users can only do PROPFIND and GET. They get "403 Forbidden" for all "write" operations such as MKCOL, PUT, DELETE. Except for user who's login name is "root", that user allowed to do all operations. I know, Domain.xml is not documented, but maybe someone can tell us what is the config problem that only user with login name "root" have proper full access rights? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the mystery of root
Best guess is that none of the other users have permissions granted to them. Take a look at http://wiki.apache.org/jakarta-slide/DataNode since it might help a little. The default Domain.xml grants all permissions to a user named "root". What you're going to need to do is grant the "write" permission to the users you want to have write access. If any user that authenticates using your JAAS module should have write access, you can use the "authenticated" principal. If not, you either need to grant rights to individual users or find a way to put the users into roles and grant rights to the roles. Note that the permissions defined in Domain.xml are the initial set only. You can further modify the permissions at runtime with a WebDAV client. -James On Mon, 2005-01-17 at 23:11 +0200, Roman D wrote: > We have WCK implementation and JAAS login modules. > JAAS is implemented at Tomcat level of because of Slide/WCK limitation > that you can have only one JAAS login module.(We need to have two login > modules simultaneously). > > Anyway, users are authenticated against DB and can access WebDAV, but > all users can only do PROPFIND and GET. They get "403 Forbidden" for all > "write" operations such as MKCOL, PUT, DELETE. > Except for user who's login name is "root", that user allowed to do all > operations. > > I know, Domain.xml is not documented, but maybe someone can tell us what > is the config problem that only user with login name "root" have proper > full access rights? > > Thanks. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
the mystery of root
We have WCK implementation and JAAS login modules. JAAS is implemented at Tomcat level of because of Slide/WCK limitation that you can have only one JAAS login module.(We need to have two login modules simultaneously). Anyway, users are authenticated against DB and can access WebDAV, but all users can only do PROPFIND and GET. They get "403 Forbidden" for all "write" operations such as MKCOL, PUT, DELETE. Except for user who's login name is "root", that user allowed to do all operations. I know, Domain.xml is not documented, but maybe someone can tell us what is the config problem that only user with login name "root" have proper full access rights? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]