Jonathan, You shouldn't need to deal with SecurityImpl at all. The enumeratePermissions() method of the SecurityStore interface returns an enumeration of NodePermission objects. These objects detail which users have which rights over the passed in Uri. The SecurityImpl takes this list and checks it against the current user and the requested action.
If you can create a mapping between the security features of your CMS and a list of NodePermission objects you should be able to take advantage of Slide's built-in security logic. You may want to turn on auto-create-users so that you don't have to mess with that, and you may find that you want your Store implementation to handle role membership as well. If you can setup your AD server as an LDAP server you may be able to take advantage of the JNDIPrincipalStore to handle user-to-role mappings. I don't believe it's been tested with AD, so there may be some bugs, but it may save you some effort. Also, take a look at the code for the existing Stores to see how they implement the SecurityStore interface. That should point you in the right direction. -James >>> [EMAIL PROTECTED] 7/6/2004 8:36:56 AM >>> I am writing my own content store to integrate Slide into an existing Content Management Application. For security and authentication I am using a third party commercial product that can talk with Windows Active Directory to get the authentication credentials of the user. This third party tool is implemented as a Servlet Filter and places the username into the Servlet Request where it can be retrieved using the getUserPrincipal() method. When incorporated into my current Slide implementation I see that the username is output to the WebDAV logs as the LogFilter class uses the HttpServletRequest.getUserPrincipal() method when outputting information. Its not practical for me to configure users and roles using XML like the default File Content Store as there are too many users and their privileges for specific files are maintained elsewhere. In fact, my current Slide implementation has security and authentication turned off. My question is how should I proceed to integrate this third party mechanism into Slide. Looking at the java docs for SecurityStore and SecurityImpl I'm not sure how to get at the getPrincipal(SlideToken token) method of the SecurityImpl class. http://jakarta.apache.org/slide/javadoc/org/apache/slide/security/SecurityIm pl.html#getPrincipal(org.apache.slide.common.SlideToken) <http://jakarta.apache.org/slide/javadoc/org/apache/slide/security/SecurityI mpl.html#getPrincipal(org.apache.slide.common.SlideToken)> How should I implement the SecurityImpl class? How can I get the SlideToken object? My current store extends AbstractSimpleService and implements NodeStore, LockStore, RevisionDescriptorsStore, RevisionDescriptorStore, SecurityStore, and ContentStore. Right now I have the void methods from the Store interfaces doing nothing. The methods that return Enumerations, RevisionDescriptors, and Content call methods on my existing Content Management Application's API and return the correct Slide specific objects. I simply want to enhance those API calls to include the userPrincipal information of the user making the request and the authentication methods of my existing Content Management Application. Thanks Jonathan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
