Ryan, What kind of changes are you looking to do for the jca connector? I was thinking of doing the same thing. For example, providing a property for the url and using container managed authentication.
Also, are you using weblogic? - John -----Original Message----- From: Ryan Rhodes [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: Custom authorization and authentication best practices Hi Morten, I'm working on something similar to this right now. One way it "Could" be done is this. 1) Use a JAAS Login module to make slide the authentication realm for the web container. This way users and roles are pulled from Slide for web applications. 2) Use the JCA Connector to connect web applications to Slide. 3) Use a second JAAS login config for the JCA Connector. JCA supports 3 or 4 different types of authentication. The type called "Caller Impersonation" allows you to pass on the user/roles from the calling web/ejb application to be used by the JCA connection. This way you don't have to keep around the username/password from the web login to re-use with Slide. The application server handles it for you, and the web user will automatically be limited to whatever document permisions they have in slide. Right now, the JCA Connector doesn't support any type of declarative configuration. The login/pass are passed programatically through the WebDavConnectionSpec when you create a connection. When I finish making it configurable I'll submit the changes, but I'll warn you that (#3) will always require configuration that is specific to the application server. Not every app server supports Caller Impersonation, and I think (#1), at least on Jboss, requires a JAAS Login Module that uses propriertary JBoss libraries and I heard those can't be mixed with Apache License, so... it probably won't be support by Slide. Hope that Helps, Ryan Rhodes >From: Morten <[EMAIL PROTECTED]> >Reply-To: "Slide Users Mailing List" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Custom authorization and authentication best practices >Date: Mon, 01 Nov 2004 19:15:34 +0100 > >Hi. > >I will be using Slide as a file system based content repository. It will be >part of a web-application which contains a UI to add/remove users and set >permissions at folder level. > >This means I need to integrate Slide with my web-app. I see 2 possible >methods: > >1. Slide accesses an external data-source for authentication and >authorization, possibly via a custom plug-in (could be done using WCK, but >that impacts DeltaV). > >2. The users and permissions get set in Slide explicitly using an API >(pointers to which greatly appreciated). > >Functionally, I need to be able to answer the questions "Is user X with >password Y a valid user?" and "Can user X access folder Z?" > >Which of the above is the preferred approach and what is the "proper" way >to go about it? What's considered best practices? Studying WCK, Realms, >JAAS, Projector gives lots of options on authentication, but I fail to find >options for authorization. > >Br, > >Morten > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
