Re: How to Implement a Security Store

[Oliver Zeigermann]

Use are already using 2.1???

Oliver

John Gilbert schrieb:

Thanks!

I am using 2.1. When can I expect 2.1b2? When is the 2.1 GA release
expected?

Thanks again.
- John

-----Original Message-----
From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 7:02 AM
To: Slide Users Mailing List
Subject: Re: How to Implement a Security Store

The user was not denied, it is just that Slide tries to create (write) somthing (your user) in a read only request (GET). I suppose you use 2.0, right? In 2.1 there is a parameter that allows all request to run in a full transaction fixing this. Additionally, there seemed to be a bug in user creation which I (hopefully) have fixed with Slide 2.1b2 which will be released these days. I'd suggest to upgrade to it. If you do please have in mind it is still beta and I would not recommend it for

production, yet.

Oliver

John Gilbert schrieb:

Thanks Oliver.

I changed the config as you said, but get similar results. Here is the
output:

User user1 has logged in on Thu Oct 14 17:14:55 EDT 2004
14 Oct 2004 17:14:56 - WARNING - WARNING: No active transaction
ExecuteThread: '8' for queue: 'weblogic.kernel.Default', 14-Oct-2004
17:14:56, user1, GET, 500 "Internal Server Error", 0 ms, /

The first message shows that user1 was authenticated by the container
The second message shows that user1 was denied by Slide.
And the user was not auto-created.

Thoughts? I guess I don't understand the scenario under which this
should work.

We don't want to use JNDI store because our security framework already
wraps LDAP. But, I think I am going to use the JNDIStore as a template
for creating my own security store.

Thanks again!
- John

-----Original Message-----
From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 13, 2004 4:22 PM
To: Slide Users Mailing List
Subject: Re: How to Implement a Security Store

Hi John,

first of all your configuration for auto creation of users seems to be

wrong to me. auto-create-users-role is not boolean, but expects a role

class, like "slideroles.basic.RootRoleImpl" for "root" or "slideroles.basic.UserRoleImpl" for "user". This should give your new users decent access rights. However, if you do not configure rights

for

your single users why letting not switching off Slide's internal security checking? This will, however, not free you of the auto

creation

of users for certain reasons.

As you have the users accessible over LDAP why aren't you using the

JNDI

user store by James? I understand this will map your LDAP entries into

user objects.

Oliver

John Gilbert schrieb:

Background

==========

- We have a J2EE application running in WebLogic.

- We have JAAS modules that retrieve users and roles from our
own security DB or from LDAP.

-          Our security DB is also a generic store for permissions on
resources.

-          I have configured Slide to run in WebLogic along with our
application and have it using a SqlServer RDBMS store

-          I have configured the web.xml and weblogic.xml files to map
to our internal role that we use to control access to the container

- I created a root user in our store that matches the root

user

in the domain.xml and have given the user our internal role

- So, now I can login as root and our JAAS module grants

access

to the webdav servlet and then the Slide application security grants
access to the resources assigned to root

Questions

========

- I have added the auto-create-users and

auto-create-users-role

tags to the configuration section of the domain.xml, but still get
denied for users I have not added to domain.xml. Do I need to turn off
authentication? I'm not sure I understand how this is supposed to

work.

      <configuration>

          ...

          <auto-create-users>true</auto-create-users>

          <auto-create-users-role>true</auto-create-users-role>

      </configuration>

-          As an alternative, I have looked into creating my own
Security Store and implement the enumeratePermissions method.  Is this
all I need to do or do I also need to implement a Node Store and mount
the /users and /roles URI to the custom store?

Based on this posting   ->

http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html

Thanks!

- John

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]