Re: How to Implement a Security Store

[Oliver Zeigermann]

Hi John,
first of all your configuration for auto creation of users seems to be 
wrong to me. auto-create-users-role is not boolean, but expects a role 
class, like "slideroles.basic.RootRoleImpl" for "root" or 
"slideroles.basic.UserRoleImpl" for "user". This should give your new 
users decent access rights. However, if you do not configure rights for 
your single users why letting not switching off Slide's internal 
security checking? This will, however, not free you of the auto creation 
of users for certain reasons.

As you have the users accessible over LDAP why aren't you using the JNDI 
user store by James? I understand this will map your LDAP entries into 
user objects.

Oliver
John Gilbert schrieb:
Background
==========
-          We have a J2EE application running in WebLogic. 

-          We have JAAS modules that retrieve users and roles from our
own security DB or from LDAP. 

-          Our security DB is also a generic store for permissions on
resources.
-          I have configured Slide to run in WebLogic along with our
application and have it using a SqlServer RDBMS store
-          I have configured the web.xml and weblogic.xml files to map
to our internal role that we use to control access to the container
-          I created a root user in our store that matches the root user
in the domain.xml and have given the user our internal role
-          So, now I can login as root and our JAAS module grants access
to the webdav servlet and then the Slide application security grants
access to the resources assigned to root
 

Questions
========
-          I have added the auto-create-users and auto-create-users-role
tags to the configuration section of the domain.xml, but still get
denied for users I have not added to domain.xml. Do I need to turn off
authentication? I'm not sure I understand how this is supposed to work.
 

        <configuration>
            ...
            <auto-create-users>true</auto-create-users>
            <auto-create-users-role>true</auto-create-users-role>
        </configuration>
 

-          As an alternative, I have looked into creating my own
Security Store and implement the enumeratePermissions method.  Is this
all I need to do or do I also need to implement a Node Store and mount
the /users and /roles URI to the custom store?
 

Based on this posting   ->
http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html
 

Thanks!
- John


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]