Hello. Is there step-by-step guide or detailed documentation available on the subject?
I'm struggling to connect existing user db to a magnolia managed site. so users could log in to a secure page. It will suffice if a single role would be assigned to such a user. What i've found and made 1) wrote a jaas module for the db. I.e. extend info.magnolia.jaas.sp.AbstractLoginModule 2) configured jaas context. For tomcat its easy as editing jaas.config file. Good example is [url=http://documentation.magnolia-cms.com/modules/ldap.html#jaasconfig]on LDAP connector page[/url]. [code] magnolia { info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional; foo.bar.CustomAuthModule requisite skip_on_previous_success=true; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; };[/code] 3) Its [url=http://forum.magnolia-cms.com/forum/thread.html?threadId=07c95ac9-de12-48c6-a353-997047b94e84]been mentioned on forums[/url] that new user manager is required. I've added info.magnolia.cms.security.ExternalUserManager to /server/security/userManagers/external (the external node is a copy of admin one). For now according to logs external authentication checks for password and seems external user manager does some job too (w/o step 3 it used to throw NullPointerException). Though user is not logged in. Problems and questions: 1) CustomAuthModule has couple of roles hardcoded in setACL() including superuser. Still I can't log in to admin console even if authentication succeed 2) What does info.magnolia.cms.security.DummyUser mean? After logging in its mentioned in logs [code]INFO info.magnolia.cms.security.DummyUser : Initializing dummy user - Anonymous INFO info.magnolia.cms.security.DummyUser : This area and/or instance is not secured[/code] 3) Where to read about login and logout html pages, how do I setup it? 4) Is that correct that protected area is configured as "URL" access per role ACL? I've put somthing like a) disallow /site/member-area/* for anonymous role b) allow GET,POST /site/member-area/* for external user role. 5) What is "realm" in terms of magnolia? Its mentioned in jaas.config of the LDAP example. Regards, Lauri. P.s. Environment is windows/jav 1.6/maven based .war/no STK. Autoexport writes bootstrap files to reinit content repositary, though after restart magnolia shows page 404 unless i manually remove config.server*.xml files from bootstrap. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=4ea2d66b-20e4-4468-a6a4-a9a692bd0b7b ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
