Slide needs to be able to enumerate all of the available roles in order to be WebDAV compliant. JAAS integration works great for *authentication*, but when it comes to authorization Slide uses other methods for discovering role memberships. If you want to provide your own Security implementation that uses JAAS for roles as well it shouldn't be too hard, but your implementation would not be compliant with WebDAV ACL specification (probably not that big of a deal for your application).
If you configure your Slide repository so that the "authenticated" principal has inherited read permissions to the root node everything should work fine (with auto-create-users turned on). -James On Tue, 2005-01-11 at 18:00 +0100, Paul Hussein wrote: > I cant believe this is the way it is, as does it not defeat the objective, > > I thought the objective of JAAS is to allow external authentication. If > I need a preconfigured store, then thats not right. > > Autocreate user autocreates a user with some authentication, so there > must be something wrong in the configuration, maybe the wrong user role > is being auto created that is not authorised to see stuff. > > > Who wrote this stuff ? Has anyone else written an non Slide JAAS module? > Otherwise it seems a lot of effort has been made to create a module that > wont work in the correct | clean way. > > > Regards > > Paul. > > > Oliver Zeigermann wrote: > > >I see. You will either have to grant the rights to anyone or have a > >user store that displays the appropriate rights like James has done in > >the JNDI user store, I guess. If so and you are authenticated, but not > >authorized, your problem has got nothing to do with JAAS. > > > >Oliver > > > > > >On Tue, 11 Jan 2005 17:20:41 +0100, Paul Hussein <[EMAIL PROTECTED]> wrote: > > > > > >>Thanks for the reply. > >> > >>The problem I am having is that from the resources I see available to > >>give me information on how to write my own login module ( for which I am > >>using http://forum.java.sun.com/thread.jspa?threadID=233317&tstart=75 to > >>guide me ), all I need to do is replace the Slide login module with my > >>own ( which I have done with a hardcoded authentication ) > >> > >>Add the auto create users/role to the Domain.xml > >> > >>and the JAAS stuff should log me in ok. > >> > >>However, I believe I am being authenticated, as the username and > >>password dialog pops up, but I am not authorised to look at the contents > >>of the slide repository. That is, when I point my browser to > >>127.0.0.1:8080/slide/files after entering the username and password i get : > >> > >>HTTP Status 403 - Access to the requested resource has been denied > >> > >>As described ( unclearly !!! ) below. > >> > >>If you could point to where I am going wrong, or could look, or if this is > >>a bug I would be greatful. > >> > >>Cheers > >> > >>Paul. > >> > >> > >>Oliver Zeigermann wrote: > >> > >> > >> > >>>Now this is a question I understand. I guess you are right. I was able > >>>to switch on user auto creation by adding > >>> > >>><auto-create-users>true</auto-create-users> > >>><auto-create-users-role>org.apache.slide.structure.SubjectNode</auto-create-users-role> > >>> > >>>to the configuration section of Domain.xml > >>> > >>>Oliver > >>> > >>>On Tue, 11 Jan 2005 11:25:49 +0100, Paul Hussein <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>>>The JAAS authentication for me is working happily. > >>>> > >>>>However, I wish to remove the custom authentication within the slide > >>>>login module and replace it with my own authentication. > >>>> > >>>>At the moment a fixed username and password 'jaas' jaas' > >>>> > >>>>I would like to know how to do this, as I believe ther is a complication > >>>>associated with auto creating users, that when I authenticate, I need to > >>>>tell slide to auto create a user and role for mt foreign authenticated > >>>>user. > >>>> > >>>>What parts do I need to retain in the login module and what parts can I > >>>>remove ? > >>>> > >>>>Regards > >>>> > >>>>Paul. > >>>> > >>>> > >>>>Oliver Zeigermann wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Hi Paul, > >>>>> > >>>>>if the original JAAS authentication did work for you this does not > >>>>>seem to be a Slide related problem. I have no idea what parts of the > >>>>>Sun tutorial you used or what you even want ot achieve. The > >>>>>information you provide does not give me a clue either. > >>>>> > >>>>>Oliver > >>>>> > >>>>> > >>>>>On Tue, 04 Jan 2005 15:11:49 +0100, Paul Hussein <[EMAIL PROTECTED]> > >>>>>wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>I am having a slight problem configuring a simple JAAS authentication > >>>>>>using slide 2.1rc1 ( tomcat binary ) and the example code from the JAAS > >>>>>>tutorial > >>>>>> > >>>>>>http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html > >>>>>> > >>>>>>I have downloaded and build the example code from above and jar'd that > >>>>>>up and placed it in common/lib > >>>>>> > >>>>>>I have modified the jaas.conf to be > >>>>>> > >>>>>>slide_login { > >>>>>>sample.module.SampleLoginModule required > >>>>>>namespace=slide; > >>>>>>}; > >>>>>> > >>>>>>And through some debug i have added to the sample login module I can see > >>>>>>that the login method takes the credentials and returns true. > >>>>>> > >>>>>>However i still get > >>>>>> > >>>>>>HTTP Status 403 - Access to the requested resource has been denied > >>>>>> > >>>>>>------------------------------------------------------------------------ > >>>>>> > >>>>>>*type* Status report > >>>>>> > >>>>>>*message* _Access to the requested resource has been denied_ > >>>>>> > >>>>>>*description* _Access to the specified resource (Access to the requested > >>>>>>resource has been denied) has been forbidden._ > >>>>>> > >>>>>>------------------------------------------------------------------------ > >>>>>> > >>>>>> Apache Tomcat/5.0.28 > >>>>>> > >>>>>>I have read from the lists that maybe i need to set : > >>>>>> > >>>>>><auto-create-users>true</auto-create-users> > >>>>>><auto-create-users-role>user</auto-create-users-role> > >>>>>> > >>>>>>Which I have done but I still get the same error. > >>>>>> > >>>>>>Is there another setting I am missing to get this simple sample JAAS > >>>>>>authentication working with Slide. > >>>>>> > >>>>>>Regards > >>>>>> > >>>>>>Paul. > >>>>>> > >>>>>>--------------------------------------------------------------------- > >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>--------------------------------------------------------------------- > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
