Re: Using a JDBCRealm for authentication on slide?!

Mon, 19 Jul 2004 09:16:42 -0700 

Well, if auto-create-users isn't working for you your best bet may be to
write a Store implementation that Slide can use to see the users/roles
in your JDBCRealm.

-James

>>> [EMAIL PROTECTED] 07/19/04 2:15 AM >>>
thanks for the help, I'll try that: But let me get this straight:

You will end up with two users:
        - a user that is stored in the jdbc-realm
        - a slide-user
that somehow have to coordinated. Is there a way around that?! I'd like 
to delegate the whole slide-authentication to the container, leaving me 
with only the jdbc-realm-User. Is there a way to do that?!

cheers
stf


James Mason wrote:
> See step 4 in howto-create-users:
> http://jakarta.apache.org/slide/howto-create-users.html.
> 
> -James
> 
> 
>>>>[EMAIL PROTECTED] 7/16/2004 12:03:20 PM >>>
> 
> Hi James
> 
> Do you know how can I add those new users to the roles 'root' or
> 'user'? 
> I couldn't figure that out...
> 
> Thanks
> 
> Claudio.
> 
> ----- Original Message ----- 
> From: "James Mason" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 16, 2004 3:51 PM
> Subject: Re: Using a JDBCRealm for authentication on slide?!
> 
> 
> 
>>As far as I know, newly created users are not given membership in
> 
> any
> 
>>roles. Since by default membership in the 'root' or 'user' roles is
>>required for write access in /files, newly created users won't have
> 
> that
> 
>>access. If you grant write on /files to 'authenticated', any logged
> 
> in
> 
>>user should be able to write to /files.
>>
>>-James
>>
>>
>>>>>[EMAIL PROTECTED] 7/16/2004 6:37:49 AM >>>
>>
>>Hi,
>>
>>I did that steps
>>
>>1. uncomment the <security-constraint> in
>>%CATALINA_HOME%\webapps\slide\WEB-INF\web.xml.
>>2. put the <auto-create-users>true</auto-create-users> in
>>%CATALINA_HOME%\webapps\slide\domain.xml
>>3. create a role named "root" into my JDBC...
>>
>>Now I'm able to authenticate the users using my JDBCRealm and  read
>>the
>>files at http://localhost:8080/slides/files 
>>and  read the files at the mapping to the same URL, but I'm not able
>>to
>>"upload" (write,put) or (delete) the files.
>>
>>Does anybody knows if there are any other configurations to do?
>>
>>Thanks
>>
>>Claudio.
>>
>>
>>----- Original Message ----- 
>>From: "Jacob Lund" <[EMAIL PROTECTED]>
>>To: "Slide Users Mailing List" <[EMAIL PROTECTED]>
>>Sent: Thursday, July 15, 2004 4:08 AM
>>Subject: Re: Using a JDBCRealm for authentication on slide?!
>>
>>
>>
>>>You have to add the user in slide too! Have a look at the
> 
> domain.xml
> 
>>file.
>>
>>>For testing you could keep the default users defined in the
>>
>>domain.xml and
>>
>>>the add a user called root in your jdbc source.
>>>
>>>/jacob
>>>
>>>----- Original Message ----- 
>>>From: "Claudio Carvalho" <[EMAIL PROTECTED]>
>>>To: "Slide Users Mailing List" <[EMAIL PROTECTED]>
>>>Sent: Wednesday, July 14, 2004 10:32 PM
>>>Subject: Re: Using a JDBCRealm for authentication on slide?!
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>I couldn't get the "auto-create-users" working properly, and I
>>
>>just
>>
>>>noticed
>>>
>>>>that when I'm not logged I'm able to see the contents of
>>>>http://localhost:808/slide/files..., but if I'm logged I have
> 
> this
> 
>>error
>>
>>>>HTTP Status 403 - Forbidden: Access denied
>>>>/files/produtos/jcompany/javadoc/index.html by user *** Could
> 
> not
> 
>>>determine
>>>
>>>>principal *** for action /actions/read
>>>>
>>>>Could you help me?
>>>>
>>>>Thanks.
>>>>
>>>>Claudio.
>>>>
>>>>
>>>>----- Original Message ----- 
>>>>From: "Claudio Carvalho" <[EMAIL PROTECTED]>
>>>>To: "Slide Users Mailing List" <[EMAIL PROTECTED]>
>>>>Sent: Wednesday, July 14, 2004 1:03 PM
>>>>Subject: Re: Using a JDBCRealm for authentication on slide?!
>>>>
>>>>
>>>>
>>>>>I did that, but I think it doesn't work... do you know how I
>>
>>check if
>>it
>>
>>>>>works?
>>>>>
>>>>>Thanks.
>>>>>
>>>>>----- Original Message ----- 
>>>>>From: "Fallin, Jonathan A." <[EMAIL PROTECTED]>
>>>>>To: "'Slide Users Mailing List'"
> 
> <[EMAIL PROTECTED]>
> 
>>>>>Sent: Wednesday, July 14, 2004 11:47 AM
>>>>>Subject: RE: Using a JDBCRealm for authentication on slide?!
>>>>>
>>>>>
>>>>>
>>>>>>Just add <auto-create-users>true</auto-create-users> inside
>>
>>the
>>
>>>>>><configuration> tag in Domain.xml
>>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Claudio Carvalho [mailto:[EMAIL PROTECTED] 
>>>>>>Sent: Wednesday, July 14, 2004 9:56 AM
>>>>>>To: Slide Users Mailing List
>>>>>>Subject: Re: Using a JDBCRealm for authentication on slide?!
>>>>>>
>>>>>>There's no *auto-create-users* in Domain.xml (slide
> 
> 2.0/tomcat
> 
>>>5.0.19)!!
>>>
>>>>>>----- Original Message -----
>>>>>>From: "Ritu Kedia" <[EMAIL PROTECTED]>
>>>>>>To: "'Slide Users Mailing List'"
>>
>><[EMAIL PROTECTED]>
>>
>>>>>>Sent: Wednesday, July 14, 2004 10:33 AM
>>>>>>Subject: RE: Using a JDBCRealm for authentication on slide?!
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Or else you could set *auto-create-users* to true under
>>>
>>>Configuration
>>>
>>>>>Node
>>>>>
>>>>>>>in Domain.xml. The user authenticated by your JDBCRealm
> 
> will
> 
>>be
>>
>>>>>>auto-created
>>>>>>
>>>>>>>in Slide if it does not already exist.
>>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: Jacob Lund [mailto:[EMAIL PROTECTED] 
>>>>>>>Sent: Wednesday, July 14, 2004 6:09 PM
>>>>>>>To: Slide Users Mailing List
>>>>>>>Subject: Re: Using a JDBCRealm for authentication on
> 
> slide?!
> 
>>>>>>>
>>>>>>>You need to create the users in slide too! Try to log on
> 
> with
> 
>>a
>>user
>>
>>>>>>called:
>>>>>>
>>>>>>>root.
>>>>>>>
>>>>>>>/jacob
>>>>>>>
>>>>>>>----- Original Message ----- 
>>>>>>>From: "Stefan Frank" <[EMAIL PROTECTED]>
>>>>>>>To: "Slide Users Mailing List"
>>
>><[EMAIL PROTECTED]>
>>
>>>>>>>Sent: Wednesday, July 14, 2004 1:38 PM
>>>>>>>Subject: Using a JDBCRealm for authentication on slide?!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Hi folks,
>>>>>>>>
>>>>>>>>we've got a JDBCRealm configured in tomcat, that handles
>>
>>the
>>
>>>>security
>>>>
>>>>>>>>for the webapplications - we now have installed slide
> 
> and
> 
>>want
>>to
>>
>>>>>reuse
>>>>>
>>>>>>>>this realm: My first naive approach was to just
> 
> uncomment
> 
>>the
>>
>>>>>>>>constraints in slide/WEB-INF/web.xml and add the roles
> 
> we
> 
>>want
>>to
>>
>>>>>allow
>>>>>
>>>>>>>>access to slide - however, this does not work. When we
>>
>>access
>>
>>>slide
>>>
>>>>>>>>using a browser we get a simple HTTP Status 403(Access
> 
> to
> 
>>the
>>
>>>>>specified
>>>>>
>>>>>>>>resource () has been forbidden.), when we access it
> 
> using
> 
>>the
>>
>>>>>>>>DAVExplorer (http://www.ics.uci.edu/~webdav/), we get a
>>
>>"Access
>>
>>>>denied
>>>>
>>>>>>>>on / by User *** Could not determine principal for
> 
> action
> 
>>>>>/actions/read"
>>>>>
>>>>>>>>This is the realm we defined inside web.xml that we want
>>
>>to
>>
>>>>>authenticate
>>>>>
>>>>>>>>against:
>>>>>>>>
>>>>>>>><Realm  className="org.apache.catalina.realm.JDBCRealm"
>>
>>debug="99"
>>
>>>>>>>>             
> 
> driverName="oracle.jdbc.driver.OracleDriver"
> 
>>>>>>>>          
>>
>>connectionURL="jdbc:oracle:thin:@******:1521:***"
>>
>>>>>>>>          connectionName="***" connectionPassword="***"
>>>>>>>>               userTable="users" userNameCol="user_name"
>>>>>>>>userCredCol="user_password"
>>>>>>>>           userRoleTable="user_roles"
>>
>>roleNameCol="role_name" />
>>
>>>>>>>>I checked the username/password thrice, we can log into
>>
>>the
>>other
>>
>>>>>>>>webapps on the same tomcat withouit any problems: Does
>>
>>slide do
>>
>>>>>>>>something else than just have the user authenticate
> 
> against
> 
>>the
>>
>>>>>>realm???!
>>>>>>
>>>>>>>>any help appreciated!!
>>>>>>>>cheers
>>>>>>>>stf
>>>>>>>>
>>>>>>>>-- 
>>>>>>>>Stefan Frank
>>>>>>>>iBioS - Intelligent BioInformatics Systems
>>>>>>>>http://www.dkfz-heidelberg.de/ibios 
>>>>>>>>DKFZ - German Cancer Research Center
>>>>>>>>Im Neuenheimer Feld 580
>>>>>>>>69120 Heidelberg
>>>>>>>>Tel.: +49 (0) 6221 42-3612
>>>>>>>>Mail: [EMAIL PROTECTED] 
>>>>>>>>
>>>>>>>>
>>>>>>>
> ---------------------------------------------------------------------
> 
>>>>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>>>For additional commands, e-mail:
>>>
>>>[EMAIL PROTECTED] 
>>>
>>>>>>>
> ---------------------------------------------------------------------
> 
>>>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>>For additional commands, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>>
> ---------------------------------------------------------------------
> 
>>>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>>For additional commands, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>>
>>>>>>
> ---------------------------------------------------------------------
> 
>>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>For additional commands, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
> ---------------------------------------------------------------------
> 
>>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>For additional commands, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>>
>>>>>
>>>>>
> ---------------------------------------------------------------------
> 
>>>>>To unsubscribe, e-mail:
>>
>>[EMAIL PROTECTED] 
>>
>>>>>For additional commands, e-mail:
>>
>>[EMAIL PROTECTED]
>>
>>>>>
>>>>
>>>>
> ---------------------------------------------------------------------
> 
>>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> 
> 
>>>>For additional commands, e-mail:
> 
> [EMAIL PROTECTED] 
> 
>>>
>>>
> ---------------------------------------------------------------------
> 
>>>To unsubscribe, e-mail: [EMAIL PROTECTED] 
>>>For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
>>>
>>
>>
> ---------------------------------------------------------------------
> 
>>To unsubscribe, e-mail: [EMAIL PROTECTED] 
>>For additional commands, e-mail: [EMAIL PROTECTED] 
>>
>>
>>
> 
> ---------------------------------------------------------------------
> 
>>To unsubscribe, e-mail: [EMAIL PROTECTED] 
>>For additional commands, e-mail: [EMAIL PROTECTED] 
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED] 
> For additional commands, e-mail: [EMAIL PROTECTED] 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 

-- 
Stefan Frank
iBioS - Intelligent BioInformatics Systems
http://www.dkfz-heidelberg.de/ibios
DKFZ - German Cancer Research Center
Im Neuenheimer Feld 580
69120 Heidelberg
Tel.: +49 (0) 6221 42-3612
Mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to