Hi Roy,
Another option besides auto-create-users is to use Slide as the actual authentication realm. That way you can manage your users in Slide, and let Tomcat pull its usernames and passwords from Slide when you try to login.
A SlideLoginModule that works with jboss was posted to the list by James Higginbotham. I don't think I had to make any changes to it for jboss 3.2.5 - 3.2.7. You can find it here:
http://www.mail-archive.com/[email protected]/msg03493.html
Here is a policy file that you can use for this:
<application-policy name = "slide-domain">
<authentication>
<login-module code="com.greenmud.auth.SlideLoginModule" flag="required">
<module-option name="namespace">slide</module-option>
</login-module>
</authentication>
</application-policy>
Good Luck, Ryan Rhodes
From: "Roy Russo" <[EMAIL PROTECTED]> Reply-To: "Slide Users Mailing List" <[EMAIL PROTECTED]> To: "Slide Users Mailing List" <[EMAIL PROTECTED]> Subject: Re: slide and jboss Date: Tue, 30 Nov 2004 11:50:59 -0500
ok... I got it working, without going to the DB for now, and heres what I did. (I will update our wiki page this week) It is exactly the same as securing the jmx-console: http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
1. Upack the slide.war and place it under the deploy dir.
2. Create /WEB-INF/classes/slide-users.properties and /WEB-INF/classes/slide-roles.properties
3. Edit the /server/standard/conf/login-config.xml and add a security domain for slide-domain:
<!-- Security domain for JBoss Portal - Jakarta Slide -->
<application-policy name = "slide-domain">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">slide-users.properties</module-option>
<module-option name="rolesProperties">slide-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
4. Create /WEB-INF/jboss-web.xml and add this to it:
<jboss-web> <security-domain>java:/jaas/slide-domain</security-domain> </jboss-web>
5. Go in to /WEB-INF/web.xml and uncomment the security contraint blocks at the bottom.
6. Start jboss.
7. Go to http://localhost:8080/slide and you should be prompted for a login.
I think I got it all. Thank you very much, Pat.
Roy Russo JBoss Portal Developer JBoss, Inc. 404-467-8555 x223 [EMAIL PROTECTED]
----- Original Message ----- From: "Patrick van Kann" <[EMAIL PROTECTED]>
To: "Slide Users Mailing List" <[EMAIL PROTECTED]>; "Slide Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, November 30, 2004 10:54 AM
Subject: RE: slide and jboss
auto-create-users will have no effect until you secure slide using a non-Slide realm. You have to get that working first - and the wiki page doesn't really describe this properly. The effect it will have is that when you authenticate against the external realm, Slide will automatically create a collection in /slide/users named after the principal you have logged in as.
I believe there is also a setting for auto-create-roles that will do the same with any of the roles that the principal has in /slide/roles.
The effect of this is that you will then be able to set ACLS on specific URIs based on these users and roles.
If you don't use auto-create-users and auto-create-roles, you can use application logic (say in the portlet itself, assuming this is what you are developing) that can create these collections for you.
These settings got non-slide authentication working for me:
server/default/deploy/slide.war/WEB-INF/jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd";>
<jboss-web>
<class-loading java2ClassLoadingCompliance="false">
<loader-repository>org.apache.slide:loader=slide.war</loader-repository>
</class-loading>
<security-domain>java:/jaas/slide-domain</security-domain>
<resource-ref> <res-ref-name>jdbc/SlideDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <jndi-name>java:/jdbc/SlideDS</jndi-name> </resource-ref>
</jboss-web>
in server/default/conf/login-config.xml I added a policy
<application-policy name = "slide-domain">
<authentication>
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name = "dsJndiName">java:/jdbc/SecurityDS</module-option>
<module-option name = "principalsQuery">
select password from Users where username=?
</module-option>
<module-option name = "rolesQuery">
select groupname, null
from GroupMembers m
where m.username = ?
</module-option>
</login-module>
</authentication>
</application-policy>
Hope it helps.
Patrick
-----Original Message----- From: Roy Russo [mailto:[EMAIL PROTECTED] Sent: Tue 11/30/2004 3:29 PM To: Slide Users Mailing List Subject: Re: slide and jboss
Well, its definitely good news to hear that someone got it working.
I'm building on jboss-4.0. Shouldn't be too different, save the fact that its sitting on Tomcat 5. I tried adding the auto-create-users node to domain.xml and it had no effect. Could you give me an example of of configuring the SlideRealm?
Once I get this working, I'll update the wiki page as well... it leaves a lot of loose ends.
Roy Russo JBoss Portal Developer JBoss, Inc. 404-467-8555 x223 [EMAIL PROTECTED]
----- Original Message ----- From: "Patrick van Kann" <[EMAIL PROTECTED]>
To: "Slide Users Mailing List" <[EMAIL PROTECTED]>
Sent: Tuesday, November 30, 2004 10:01 AM
Subject: RE: slide and jboss
I got it working with JBoss 3.2.5 by following the advice on the JBoss wiki:
http://www.jboss.org/wiki/Wiki.jsp?page=JakartaSlide
I am not using the Slide authentication - I am using the JBoss RDBMS realm. This means that you either need to use the "auto-create-users" = true setting in Domain.xml or manually synchronise users in your Realm with the Slide users at /slide/users.
Hope this helps.
Patrick
-----Original Message----- From: Roy Russo [mailto:[EMAIL PROTECTED] Sent: Tue 11/30/2004 2:29 PM To: 'Slide Users Mailing List' Subject: slide and jboss
I'm curious if anyone has been able to get authentication to work in jboss. Commenting out the lines in web.xml, brings up a login prompt, using DAVExplorer, but no username or passwords are accepted.
My log spits out the following: 09:21:29,624 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: Properties file users.properties not found at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:491) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:442) ...
Moving a users.properties file around in the slide.war seems to do
absolutely nothing. I'm not sure if this is the way to go, either, and I may
be missing something simple.
I'm currently evaluating slide for use in JBoss Portal.
Roy Russo
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
