You can buy it :). It's a product called iChain from Novell. In addition to being a reverse proxy it has "form fill" capability, so it can be configured to automatically fill in login forms. It also rewrites the html it proxies so that all links/forms point to the reverse proxy rather than the original server. It's by no means perfect, but overall we've been happy with it.
-James On Tue, 2005-01-18 at 12:17 -0500, John Gilbert wrote: > James, > > Can you elaborate on the reverse-proxy you mentioned? Is the code available > somewhere? > > Thanks > John > > > -----Original Message----- > From: James Mason [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 18, 2005 11:09 AM > To: Slide Users Mailing List > Subject: Re: ldap securitystore > > You're right about the documentation not being on the Wiki. For now you > can look at the javadocs in CVS: > http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/stores/org/apache/slide/store/txjndi/JNDIPrincipalStore.java?rev=1.9&view=auto > > I'm currently running Slide with a JNDIPrincipalStore for users and for > roles. I 18,000+ users in my LDAP repository, though only a few thousand > are actively using the system. The entire web application has three > tiers: Portal -> Cocoon -> Slide. For browsing directories all access > goes through the entire structure. Managing security and properties goes > through Cocoon -> Slide, and managing/viewing files goes straight to > Slide. Each layer is running on a separate Tomcat instance and is > configured to use the JNDIRealm for authentication. Both the Portal and > Cocoon capture the users password and pass it to subsequent layers when > making requests. All requests also go through a reverse proxy that > remembers the user's credentials so they are only ever prompted once. > > If you don't want to capture the user's password, you're going to need a > way for your front-end application to authenticate to Slide and pass an > additional username parameter. A custom JAAS login module is probably a > good candidate for this. The module will need to place the passed-in > username in the J2EE Principal so that Slide can evaluate the > appropriate authorizations. > > -James > > On Tue, 2005-01-18 at 14:42 +0200, Serkan Ãzkan wrote: > > Hi, > > > It is very unlikely that you currently have this > > > information stored in a LDAP repository, since the "node" portion of a > > > permission is very unique to Slide. Most likely what you want is a way > > > to retrieve a list of users and group/role memberships from LDAP. > > Yes, this is what I am trying to do. > > I could not find the documentation about JNDIPrincipalStore you > > mentioned, but searched for it and read related documents. But I could > > not find a solution to my problems. > > I think it will be better if I summarize what I am trying to do: > > -Thousands of users and roles/groups are already defined at ldap. > > -There is an application using slide as backend, it accesses slide > > using webdav. Users can't access slide directly. Users are > > authenticated in this application, and we don't want to authenticate > > them again for slide. > > - We want to pass current user info from our application to slide, and > > this user info must be used for acl mechanisms etc. > > > > Thanks for your interest > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
