OK, I think I understand it, it in the SimpleJBossAccessManager class:
public void init(AMContext context)
+ throws AccessDeniedException, Exception {
+ Properties rolemaps = new Properties();
+ File rolemap = new File(context.getHomeDir(),
"rolemapping.properties");
+ log.info("Loading jbossgroup role mappings from {}",
rolemap.getPath());
+ FileInputStream rolefs = new FileInputStream(rolemap);
+ try {
+ rolemaps.load(rolefs);
+ } finally {
+ rolefs.close();
+ }
+
+ Iterator iterator =
context.getSubject().getPrincipals().iterator();
+ while (iterator.hasNext()) {
+ Principal principal = (Principal) iterator.next();
+ if (principal instanceof Group
+ && principal.getName().equalsIgnoreCase("Roles")){
+ Group group = (Group) principal;
+ Enumeration members = group.members();
+ while (members.hasMoreElements()) {
+ Principal member = (Principal) members.nextElement();
+ String role = rolemaps.getProperty(member.getName());
+ system = system || "full".equalsIgnoreCase(role);
+ anonymous = anonymous || "read".equalsIgnoreCase(role);
+ }
+ }
+ }
+
+ // @todo check permission to access given workspace based on
principals
+ }
Ishai Borovoy wrote:
>
> Hi Markus,
> First I want to really thanks for your help.
> One more question, where is the real matching between the role (full, read
> & write) to jackrabbit?
>
>
> Markus Reis wrote:
>>
>> Hi,
>>
>>
>> currently you use the login-config.xml with the following jackrabbit
>> specific "code":
>> <application-policy name="Jackrabbit">
>> <authentication>
>> <login-module
>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>> flag="required">
>> <module-option
>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>> <module-option
>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>> </login-module>
>> </authentication>
>> </application-policy>
>> further you have a jackrabbit-jca-<version>.rar file in the deploy dir
>> ...
>>
>> ... alternatively you could extract this .rar into a folder called
>> jackrabbit-jca-<version>.rar (yes this is a folder now) and then do the
>> changes according to the last section of
>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this would
>> allow you to leave conf/login-config.xml unchanged (I don't use this
>> "deployment model" however).
>>
>>
>> kind regards,
>> Markus
>>
>>
>> Ishai Borovoy schrieb:
>>> BTW,
>>> what is the last section in
>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
>>> that talk about creating folder "jackrabbitsecurity.rar"?
>>>
>>>
>>> Markus Reis wrote:
>>>
>>>> The class should be in jackrabbit-core-<version>.jar and should be
>>>> included in jackrabbit-jca-<version>.rar - this however depends on the
>>>> jackrabbit version you are using ...
>>>> ... in any case you can put jackrabbit-core-<version>.jar in
>>>> server/default/lib (simply download it from
>>>> http://jackrabbit.apache.org/downloads.cgi or build it from source) -
>>>> and make sure that it contains
>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
>>>>
>>>> ... note that the package and the name of this class has changed over
>>>> the last jackrabbit versions - so be sure that the entry in
>>>> repository.xml equals the class and package name in the included jar!
>>>>
>>>>
>>>> regards,
>>>> Markus
>>>>
>>>>
>>>> Ishai Borovoy schrieb:
>>>>
>>>>> Hi Markus,
>>>>> Another thing...
>>>>> By success I meant that I have no exception when Jboss initialize, but
>>>>> when
>>>>> I try to login (remotly) I get:
>>>>> "...
>>>>> java.lang.ClassNotFoundException: No C
>>>>> sLoaders found for:
>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessMana
>>>>> ...."
>>>>>
>>>>> I guess it related to the last section in
>>>>> :http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
>>>>> I follow this section but I am not sure I did it corectly, can you
>>>>> help
>>>>> me
>>>>> with that?
>>>>>
>>>>>
>>>>> Ishai Borovoy wrote:
>>>>>
>>>>>
>>>>>> OK success,
>>>>>> Thank you very much!!!
>>>>>>
>>>>>> Ishai
>>>>>>
>>>>>>
>>>>>> Ishai Borovoy wrote:
>>>>>>
>>>>>>
>>>>>>> OK thanks,
>>>>>>> I will try again.
>>>>>>>
>>>>>>> Ishai
>>>>>>>
>>>>>>> Markus Reis wrote:
>>>>>>>
>>>>>>>
>>>>>>>> (1) you have to create the rolemapping.properties file yourself (in
>>>>>>>> your
>>>>>>>> repository.home: you specified that in jcr-ds.xml) - and it should
>>>>>>>> contain the following line in your case:
>>>>>>>> friend=full
>>>>>>>> (2) you did not read the corresponding docs on the wiki (I pointed
>>>>>>>> you
>>>>>>>> to) - You have to modify the repository.xml (security section) to:
>>>>>>>> <Security appName="Jackrabbit">
>>>>>>>> <AccessManager
>>>>>>>> class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
>>>>>>>> />
>>>>>>>> </Security>
>>>>>>>>
>>>>>>>> Here's also an example jcr-ds.xml (taken from the template in SVN):
>>>>>>>> <connection-factories>
>>>>>>>> <tx-connection-factory>
>>>>>>>> <jndi-name>jcr/local</jndi-name>
>>>>>>>> <xa-transaction/>
>>>>>>>> <rar-name>jackrabbit-jca.rar</rar-name>
>>>>>>>>
>>>>>>>> <connection-definition>javax.jcr.Repository</connection-definition>
>>>>>>>> <config-property name="homeDir"
>>>>>>>> type="java.lang.String">/temp/jackrabbit</config-property>
>>>>>>>> <config-property name="configFile"
>>>>>>>> type="java.lang.String">classpath:repository.xml</config-property>
>>>>>>>> <config-property name="bindSessionToTransaction"
>>>>>>>> type="java.lang.Boolean">true</config-property>
>>>>>>>> </tx-connection-factory>
>>>>>>>> </connection-factories>
>>>>>>>> change the rar name and homeDir (that's the dir where to put the
>>>>>>>> rolemapping.properties)
>>>>>>>>
>>>>>>>>
>>>>>>>> Markus
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>
>>>>>>>>
>>>>>>>>> I sent you the files through Gmail.
>>>>>>>>>
>>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> OK, I will.
>>>>>>>>>>
>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> please send me the contents of the following files:
>>>>>>>>>>> (1) server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>> (2) server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>> (3) rolemapping.properties (and the location where you put it)
>>>>>>>>>>> (4) repository.xml in the jca rar file
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Markus
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Hi Markus,
>>>>>>>>>>>> I did all your instruction below and restart the Jboss, no
>>>>>>>>>>>> error...
>>>>>>>>>>>> but the problem I can login with no matter what user/password I
>>>>>>>>>>>> use.
>>>>>>>>>>>> Here is the client code (I call it remotly (use the
>>>>>>>>>>>> jackrabbit-jcr-rmi-1.3.1.jar)).
>>>>>>>>>>>>
>>>>>>>>>>>> <code>
>>>>>>>>>>>> rr = (RemoteRepository)
>>>>>>>>>>>> ctx.lookup("jnp://localhost:1099/jcrServer");
>>>>>>>>>>>> Repository repository = adapter.getRepository(rr);
>>>>>>>>>>>> // no matter what user name or password I
>>>>>>>>>>>> will
>>>>>>>>>>>> put
>>>>>>>>>>>> the
>>>>>>>>>>>> code success to run with no exeption
>>>>>>>>>>>> Credentials credJBoss = new
>>>>>>>>>>>> SimpleCredentials("username","password".toCharArray());
>>>>>>>>>>>> Session session = repository.login(credJBoss);
>>>>>>>>>>>> Node n = session.getRootNode().getNode("foo");
>>>>>>>>>>>> n.setProperty("Ishai", true);
>>>>>>>>>>>> session.save();
>>>>>>>>>>>> session.logout();
>>>>>>>>>>>> </code>
>>>>>>>>>>>>
>>>>>>>>>>>> Any suggestion?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Ishai
>>>>>>>>>>>>
>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Ishai,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> if you are looking for simple authentication based on a few
>>>>>>>>>>>>> configuration files you could follow the approach presented
>>>>>>>>>>>>> on:
>>>>>>>>>>>>> http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
>>>>>>>>>>>>> Further to the description there you will have to:
>>>>>>>>>>>>> (1) add the following lines to login-config.xml in
>>>>>>>>>>>>> server\default\conf:
>>>>>>>>>>>>> <application-policy name="Jackrabbit">
>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>>>>>>>>>>>> flag="required">
>>>>>>>>>>>>> <module-option
>>>>>>>>>>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>>>>>>>>>> <module-option
>>>>>>>>>>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>>>>>>>>>> </login-module>
>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>> </application-policy>
>>>>>>>>>>>>> (2) create a
>>>>>>>>>>>>> server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>> file
>>>>>>>>>>>>> listing <username>=<rolename> pairs
>>>>>>>>>>>>> (3) create a
>>>>>>>>>>>>> server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>> file
>>>>>>>>>>>>> listing <username>=<passsword> pairs
>>>>>>>>>>>>> (4) rename the rolemappings.properties file in repository.home
>>>>>>>>>>>>> (that
>>>>>>>>>>>>> lists <rolename>=<permission> pairs) to rolemapping.properties
>>>>>>>>>>>>> (if
>>>>>>>>>>>>> you
>>>>>>>>>>>>> use jackrabbit 1.3 or higher)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> hope that helps,
>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>> I succeed to deploy (JCA deployment) rar file on JBosss, and
>>>>>>>>>>>>>> everything
>>>>>>>>>>>>>> is
>>>>>>>>>>>>>> work fine. how can I configure the repository/Jboss to work
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>> custom
>>>>>>>>>>>>>> authentication (for example with user.properties file)?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>
>>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>
>>>>>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>
>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>
>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>> Research Studios
>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>
>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>
>>>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>
>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Mag. Markus Reis
>>>>>>>>
>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>> Research Studios
>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>
>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>
>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>> http://www.arcs.ac.at/
>>>>>>>> http://www.researchstudio.at/
>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>
>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>> --
>>>> Mag. Markus Reis
>>>>
>>>> Austrian Research Centers GmbH - ARC
>>>> Research Studios
>>>> Studio Digital Memory Engineering
>>>>
>>>> Thurngasse 8/3/20, A-1090 Wien
>>>> Mobile: +43 664 825 1106
>>>> Tel.: +43-1-585 05 37 - 16
>>>> Fax: +43-1-585 37 41
>>>>
>>>> <[EMAIL PROTECTED]>
>>>> http://www.arcs.ac.at/
>>>> http://www.researchstudio.at/
>>>> http://dme.researchstudio.at/
>>>>
>>>> HG Wien – FN 115980i – ATU14703506
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>> --
>> Mag. Markus Reis
>>
>> Austrian Research Centers GmbH - ARC
>> Research Studios
>> Studio Digital Memory Engineering
>>
>> Thurngasse 8/3/20, A-1090 Wien
>> Mobile: +43 664 825 1106
>> Tel.: +43-1-585 05 37 - 16
>> Fax: +43-1-585 37 41
>>
>> <[EMAIL PROTECTED]>
>> http://www.arcs.ac.at/
>> http://www.researchstudio.at/
>> http://dme.researchstudio.at/
>>
>> HG Wien – FN 115980i – ATU14703506
>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/JCA-on-JBoss-tf4228473.html#a12047627
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
