I am writing my own content store to integrate Slide into an existing Content Management Application. For security and authentication I am using a third party commercial product that can talk with Windows Active Directory to get the authentication credentials of the user. This third party tool is implemented as a Servlet Filter and places the username into the Servlet Request where it can be retrieved using the getUserPrincipal() method. When incorporated into my current Slide implementation I see that the username is output to the WebDAV logs as the LogFilter class uses the HttpServletRequest.getUserPrincipal() method when outputting information.
Its not practical for me to configure users and roles using XML like the default File Content Store as there are too many users and their privileges for specific files are maintained elsewhere. In fact, my current Slide implementation has security and authentication turned off. My question is how should I proceed to integrate this third party mechanism into Slide. Looking at the java docs for SecurityStore and SecurityImpl I'm not sure how to get at the getPrincipal(SlideToken token) method of the SecurityImpl class. http://jakarta.apache.org/slide/javadoc/org/apache/slide/security/SecurityIm pl.html#getPrincipal(org.apache.slide.common.SlideToken) <http://jakarta.apache.org/slide/javadoc/org/apache/slide/security/SecurityI mpl.html#getPrincipal(org.apache.slide.common.SlideToken)> How should I implement the SecurityImpl class? How can I get the SlideToken object? My current store extends AbstractSimpleService and implements NodeStore, LockStore, RevisionDescriptorsStore, RevisionDescriptorStore, SecurityStore, and ContentStore. Right now I have the void methods from the Store interfaces doing nothing. The methods that return Enumerations, RevisionDescriptors, and Content call methods on my existing Content Management Application's API and return the correct Slide specific objects. I simply want to enhance those API calls to include the userPrincipal information of the user making the request and the authentication methods of my existing Content Management Application. Thanks Jonathan
