Hi Tim, any idea why this did not work for you in the engine element? Oliver
On Wed, 03 Nov 2004 16:11:14 -0500, Tim Frank <[EMAIL PROTECTED]> wrote: > It was my inexperience with Tomcat that caused the problem... and due to > that a misunderstanding of the instructions on the following page: > > http://jakarta.apache.org/slide/howto-jaas.html > > ALSO, and more importantly, the server.xml bundled with the 2.1b2 binary > including Tomcat 5 has the JAAS Realm set in the Engine element. > This causes the Tomcat admin/manager apps to not work per the default > setup instructions for Tomcat. > > I have modified my server.xml to place this block inside of the Host > element defining localhost instead and then (finally) everything works! > > <Context path="/slide" debug="0" privileged="true" useNaming="true"> > <Realm className="org.apache.catalina.realm.JAASRealm" > appName="slide_login" > userClassNames="org.apache.slide.jaas.spi.SlidePrincipal" > roleClassNames="org.apache.slide.jaas.spi.SlideRole" > name="Slide DAV Server" > namespace="slide" > useContextClassLoader="false" /> > </Context> > > Thanks to Nick for pointing out the wiki page which made me realise I > did not have this Realm inside of the correct element. > > I think it would be helpful to change the default bundle to handle this > change as well, and maybe also point it out more explicitly on the JAAS > instruction page for newcomers like myself. > > Thanks, > > Tim > > Nick Longinow wrote on 03/11/04 03:07 PM: > > > > Tim > > > > I was able to get this working using Slide 2.1B2. The wiki steps shown are > > almost completely sufficient (on Windows) > > > > Nick > > > > -----Original Message----- > > From: Tim Frank [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 03, 2004 3:03 PM > > To: Slide Users Mailing List > > Subject: Re: Accessing Tomcat Manager and Admin apps with Slide/Tomcat > > bundle ? > > > > I would just like to add that I am having the exact same problem with > > the 2.1b2 bundle that uses JAAS authentication. The only way I can login > > to the Tomcat admin/manager apps is to change the server.xml file to not > > use JAAS but the old MemoryRealm. Which of course then doesn't let me > > login to slide. > > > > I also apologise if this is a Tomcat issue, but it IS an issue with the > > 2.1b2 bundle you provide for download. > > > > Thanks, > > > > Tim > > > > Nick Longinow wrote on 03/11/04 01:26 PM: > > > >>Hi, > >> > >>Again, apologies for what may be a Tomcat issue, but... > >> > >>Per Tomcat's documentation, I am trying to set the credentials for the > > > > admin > > > >>and manager webapps that ship with Tomcat. I've added them to the > >>tomcat-users.xml file (root/root), but when I try to login to > >>http://localhost:8080/admin I get a stack dump like this: > >> > >>WARNING: Login exception authenticating username root > >>javax.security.auth.login.LoginException: > >>org.apache.slide.common.DomainInitializationFailedError: Domain > >>initialization error : Domain.xml (The system cannot find the file > >>specified) > >> > >>Any ideas ? > >> > >>Nick > >> > >>-----Original Message----- > >>From: Ryan Rhodes [mailto:[EMAIL PROTECTED] > >>Sent: Wednesday, November 03, 2004 12:58 PM > >>To: [EMAIL PROTECTED] > >>Subject: RE: Custom authorization and authentication best practices > >> > >>John, > >> > >>Well, it looks like there are three cases we need to handle and we are > > > > only > > > >>handling one of them. Right now the username/password/url are coming from > > > > > >>the connection spec. They can also come from configuration properties. > >> > >>The case I need is when the credentials come from the JAAS Subject as a: > >>javax.resource.spi.security.PasswordCredential. > >> > >>I don't think that the JCA specifications are clear on exactly which > >>credentials should be used when they are supplied through more than one > >>method. > >> > >>I'm using JBoss. I'm pretty sure the PasswordCredential should work the > >>same under weblogic because I was using a lot of weblogic docs for info. > > > > I > > > >>think weblogic also supports caller impersonation. > >> > >>I was really hoping somebody could shed some light on making the url > >>configurable. I'm doing it from a config property right now like you > > > > said. > > > >>That means I can only set the url to the slide root. I'm then using > >>WebdavResource.getChildResources() to navigate down, but I feel like that > >>might be doing a whole bunch of extra round trips, when I usually only > > > > want > > > >>one resource at a time. > >> > >>Whats the best way to do this? > >> > >>Regards, > >> > >>-Ryan Rhodes > >> > >> > >> > >> > >> > >> > >> > >>>From: "John Gilbert" <[EMAIL PROTECTED]> > >>>Reply-To: "Slide Users Mailing List" <[EMAIL PROTECTED]> > >>>To: "Slide Users Mailing List" <[EMAIL PROTECTED]> > >>>Subject: RE: Custom authorization and authentication best practices > >>>Date: Wed, 3 Nov 2004 12:22:20 -0500 > >>> > >>>Ryan, > >>> > >>>What kind of changes are you looking to do for the jca connector? I was > >>>thinking of doing the same thing. For example, providing a property for > >>>the url and using container managed authentication. > >>> > >>>Also, are you using weblogic? > >>> > >>>- John > >>> > >>> > >>>-----Original Message----- > >>>From: Ryan Rhodes [mailto:[EMAIL PROTECTED] > >>>Sent: Wednesday, November 03, 2004 11:31 AM > >>>To: [EMAIL PROTECTED] > >>>Subject: RE: Custom authorization and authentication best practices > >>> > >>>Hi Morten, > >>> > >>>I'm working on something similar to this right now. One way it "Could" > >>>be > >>>done is this. > >>> > >>>1) Use a JAAS Login module to make slide the authentication realm for > >>>the > >>>web container. This way users and roles are pulled from Slide for web > >>>applications. > >>> > >>>2) Use the JCA Connector to connect web applications to Slide. > >>> > >>>3) Use a second JAAS login config for the JCA Connector. JCA supports > >>>3 or > >>>4 different types of authentication. The type called "Caller > >>>Impersonation" > >>> allows you to pass on the user/roles from the calling web/ejb > >>>application > >>>to be used by the JCA connection. This way you don't have to keep > >>>around > >>>the username/password from the web login to re-use with Slide. The > >>>application server handles it for you, and the web user will > >>>automatically > >>>be limited to whatever document permisions they have in slide. > >>> > >>>Right now, the JCA Connector doesn't support any type of declarative > >>>configuration. The login/pass are passed programatically through the > >>>WebDavConnectionSpec when you create a connection. > >>> > >>>When I finish making it configurable I'll submit the changes, but I'll > >>>warn > >>>you that (#3) will always require configuration that is specific to the > >>>application server. Not every app server supports Caller Impersonation, > >>>and > >>>I think (#1), at least on Jboss, requires a JAAS Login Module that uses > >>>propriertary JBoss libraries and I heard those can't be mixed with > >>>Apache > >>>License, so... it probably won't be support by Slide. > >>> > >>>Hope that Helps, > >>> > >>>Ryan Rhodes > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>>>From: Morten <[EMAIL PROTECTED]> > >>>>Reply-To: "Slide Users Mailing List" <[EMAIL PROTECTED]> > >>>>To: [EMAIL PROTECTED] > >>>>Subject: Custom authorization and authentication best practices > >>>>Date: Mon, 01 Nov 2004 19:15:34 +0100 > >>>> > >>>>Hi. > >>>> > >>>>I will be using Slide as a file system based content repository. It > >>> > >>>will be > >>> > >>> > >>>>part of a web-application which contains a UI to add/remove users and > >>> > >>>set > >>> > >>> > >>>>permissions at folder level. > >>>> > >>>>This means I need to integrate Slide with my web-app. I see 2 possible > >>>>methods: > >>>> > >>>>1. Slide accesses an external data-source for authentication and > >>>>authorization, possibly via a custom plug-in (could be done using WCK, > >>> > >>>but > >>> > >>> > >>>>that impacts DeltaV). > >>>> > >>>>2. The users and permissions get set in Slide explicitly using an API > >>>>(pointers to which greatly appreciated). > >>>> > >>>>Functionally, I need to be able to answer the questions "Is user X with > >>> > >>>>password Y a valid user?" and "Can user X access folder Z?" > >>>> > >>>>Which of the above is the preferred approach and what is the "proper" > >>> > >>>way > >>> > >>> > >>>>to go about it? What's considered best practices? Studying WCK, Realms, > >>> > >>>>JAAS, Projector gives lots of options on authentication, but I fail to > >>> > >>>find > >>> > >>> > >>>>options for authorization. > >>>> > >>>>Br, > >>>> > >>>>Morten > >>>> > >>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>> > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
