Hi Olli, the info you gave is really helpful. Thanks.
Do you know if this works the same way if Slide is deployed onto Weblogic App Server 7.0 (WL7)? I guess my question is does WL7 do the authentication first and let Slide do the authorization ? If so How could we configure this ? Thanks, Dovan --- [EMAIL PROTECTED] wrote: > Hello! > > I'm new to Slide, too. But I think I have understand > why there is such a confusion about user > authentication with Slide. > > I will describe what I think is happening and > someone who knows > better should correct me if I'm wrong. > > First I want to make sure that everybody understands > the difference > between authentication and authorization. > > authentication > > To verify the identity of someone. > Usually this happens when you give a username + > password. > The username gives the identity and I only believe > this if > the password is correct. > > authorization > > To decide if someone is allowed to do something. > An example: is user "joe" allowed to "GET" this file > (ressource) ? > > So before you can "authorize" someone for some > action you need to > "authenticate" > him to know his identity. > > > So back to a Tomcat and Slide. > > The authentication is done by Tomcat. In Tomcat you > configure something > called a "realm" or "security realm". > A "realm" is the configuration of a user/password DB > which is used for > the authentication. There are many possibilities > where you can store this: > in memory, in a database, in a LDAP server, ... > > You also configure for every webapp which "realm" to > use (where does Tomcat > find the allowed usernames/passwords) and which > users have access to this > webapp. > > With other words: you also configure the > "authorization" to access a webapp > in it's whole. > > Everything up to here happens in the Tomcat layer. > > If Tomcat decides that you have access he delegates > the request to the web > app. > For Slide this is the WebDAV Servlet. > > Now inside Slide there is second "authorization". To > make this work > Slide must find a "node" for the user (Tomcat tells > the web app the user > name) > below the /users folder. If Slide does not find the > name or he finds the > user > but this user does not have access rights (does not > have an valid ACL entry) > he denies the access. > > To summarize the above: > There are two places where you must insert > information about an user: > 1) In the "realm" used by Slide > 2) In the Slide "user directory"; in the default > config below "/slide/users" > > Because this is error prone there is an alternative. > There exists a special "realm" implementation - the > "SlideRealm". > This "realm" uses as it's datasource the Slide "user > directory". So this > unifies 1) and 2) and they can not differ. > > But there is a drawback: because you need access to > Slide in the SlideRealm > class > you need to move the needed java jars from the web > app directory into the > global > Tomcat lib directory. This is needed because by > design the classloaders of > Tomcat > and every web app are seperated in a certain way. > > Please excuse my errors but english is not my native > language. > > I hope you get the idea. > > cu > > Olli > > -- > Ceyoniq Technology > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
