Jiantao Pan wrote:
>
> I am using tomcat4.0 and slide recent build. It uses
> JDBCDescriptorsStore with mysql and FileContentStore
> It is configured to use JDBCRealm for authentication and role
> assignment. I have setup a user with role "root" and "groupA". And in
> permissions table, both root and groupA has write access to files.
> However, When I tries to Put a file. It give me forbidden response.
> Am I missing something? I am not clear with the following 2 questions.
> Maybe they are related to my problem...
> 1. When I insert a row in my user table, Then the new user can be
> authenticated and associated with certain role. But it is not inserted
> in the "objects" table, will this matter?
> 2. In web.xml, there is entries to open access for certain roles,which I
> uncomment to enable security. There is also "permissions" table for
> controlling access, what is the relationship between them?
> Thanks for the help.
> Jiantao
The tomcat roles have nothing to do with the slide groups or roles.
1) The roles that you configure in the JDBCRealm from tomcat are only
used for granting access to the servlet (the roles that are in web.xml).
Your user jpan has a realm role root and has access to the servlet.
2) Slide roles are defined like this (RootRole is a java interface)
<role name="root">slideroles.basic.RootRole</role>
For your user to have this role, he has to be of a class that implements
that interface.
<objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/jpan">
RootRoleImpl is a class that implements the RootRole interface.
It will then match:
<permission action="/actions" subject="root"/>
3) A Slide group is GroupNode that has links to other nodes (its
members)
<objectnode classname="org.apache.slide.structure.GroupNode"
uri="/users/groupA">
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/groupA/jpan" linkedUri="/users/jpan" />
</objectnode>
When you grant a permission to a group you have put a "+" sign in front
of the principal to indicate its a group:
<permission action="/actions/write" subject="+/users/groupA"/>
Bottom line, currently you have to create nodes for your users/groups
and classes for your roles.
Hope this helps
Dirk
