Do you know also how to implement it on LDAP? or can you give me some
direction (links...)?
Markus Reis wrote:
>
> Hi Ishai,
>
>
> you are welcome - and as I can see there's nothing more I can do for you
> here, since you are already answering your own questions yourself :-)
>
>
> best regards,
> Markus
>
>
> Ishai Borovoy schrieb:
>> OK, I think I understand it, it in the SimpleJBossAccessManager class:
>>
>>
>> public void init(AMContext context)
>> + throws AccessDeniedException, Exception {
>> + Properties rolemaps = new Properties();
>> + File rolemap = new File(context.getHomeDir(),
>> "rolemapping.properties");
>> + log.info("Loading jbossgroup role mappings from {}",
>> rolemap.getPath());
>> + FileInputStream rolefs = new FileInputStream(rolemap);
>> + try {
>> + rolemaps.load(rolefs);
>> + } finally {
>> + rolefs.close();
>> + }
>> +
>> + Iterator iterator =
>> context.getSubject().getPrincipals().iterator();
>> + while (iterator.hasNext()) {
>> + Principal principal = (Principal) iterator.next();
>> + if (principal instanceof Group
>> + && principal.getName().equalsIgnoreCase("Roles")){
>> + Group group = (Group) principal;
>> + Enumeration members = group.members();
>> + while (members.hasMoreElements()) {
>> + Principal member = (Principal)
>> members.nextElement();
>> + String role =
>> rolemaps.getProperty(member.getName());
>> + system = system || "full".equalsIgnoreCase(role);
>> + anonymous = anonymous ||
>> "read".equalsIgnoreCase(role);
>> + }
>> + }
>> + }
>> +
>> + // @todo check permission to access given workspace based on
>> principals
>> + }
>>
>> Ishai Borovoy wrote:
>>
>>> Hi Markus,
>>> First I want to really thanks for your help.
>>> One more question, where is the real matching between the role (full,
>>> read
>>> & write) to jackrabbit?
>>>
>>>
>>> Markus Reis wrote:
>>>
>>>> Hi,
>>>>
>>>>
>>>> currently you use the login-config.xml with the following jackrabbit
>>>> specific "code":
>>>> <application-policy name="Jackrabbit">
>>>> <authentication>
>>>> <login-module
>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>>> flag="required">
>>>> <module-option
>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>> <module-option
>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>> </login-module>
>>>> </authentication>
>>>> </application-policy>
>>>> further you have a jackrabbit-jca-<version>.rar file in the deploy dir
>>>> ...
>>>>
>>>> ... alternatively you could extract this .rar into a folder called
>>>> jackrabbit-jca-<version>.rar (yes this is a folder now) and then do the
>>>> changes according to the last section of
>>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this
>>>> would
>>>> allow you to leave conf/login-config.xml unchanged (I don't use this
>>>> "deployment model" however).
>>>>
>>>>
>>>> kind regards,
>>>> Markus
>>>>
>>>>
>>>> Ishai Borovoy schrieb:
>>>>
>>>>> BTW,
>>>>> what is the last section in
>>>>> http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
>>>>> that talk about creating folder "jackrabbitsecurity.rar"?
>>>>>
>>>>>
>>>>> Markus Reis wrote:
>>>>>
>>>>>
>>>>>> The class should be in jackrabbit-core-<version>.jar and should be
>>>>>> included in jackrabbit-jca-<version>.rar - this however depends on
>>>>>> the
>>>>>> jackrabbit version you are using ...
>>>>>> ... in any case you can put jackrabbit-core-<version>.jar in
>>>>>> server/default/lib (simply download it from
>>>>>> http://jackrabbit.apache.org/downloads.cgi or build it from source) -
>>>>>> and make sure that it contains
>>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
>>>>>>
>>>>>> ... note that the package and the name of this class has changed over
>>>>>> the last jackrabbit versions - so be sure that the entry in
>>>>>> repository.xml equals the class and package name in the included jar!
>>>>>>
>>>>>>
>>>>>> regards,
>>>>>> Markus
>>>>>>
>>>>>>
>>>>>> Ishai Borovoy schrieb:
>>>>>>
>>>>>>
>>>>>>> Hi Markus,
>>>>>>> Another thing...
>>>>>>> By success I meant that I have no exception when Jboss initialize,
>>>>>>> but
>>>>>>> when
>>>>>>> I try to login (remotly) I get:
>>>>>>> "...
>>>>>>> java.lang.ClassNotFoundException: No C
>>>>>>> sLoaders found for:
>>>>>>> org.apache.jackrabbit.core.security.SimpleJBossAccessMana
>>>>>>> ...."
>>>>>>>
>>>>>>> I guess it related to the last section in
>>>>>>> :http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
>>>>>>> I follow this section but I am not sure I did it corectly, can you
>>>>>>> help
>>>>>>> me
>>>>>>> with that?
>>>>>>>
>>>>>>>
>>>>>>> Ishai Borovoy wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> OK success,
>>>>>>>> Thank you very much!!!
>>>>>>>>
>>>>>>>> Ishai
>>>>>>>>
>>>>>>>>
>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> OK thanks,
>>>>>>>>> I will try again.
>>>>>>>>>
>>>>>>>>> Ishai
>>>>>>>>>
>>>>>>>>> Markus Reis wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> (1) you have to create the rolemapping.properties file yourself
>>>>>>>>>> (in
>>>>>>>>>> your
>>>>>>>>>> repository.home: you specified that in jcr-ds.xml) - and it
>>>>>>>>>> should
>>>>>>>>>> contain the following line in your case:
>>>>>>>>>> friend=full
>>>>>>>>>> (2) you did not read the corresponding docs on the wiki (I
>>>>>>>>>> pointed
>>>>>>>>>> you
>>>>>>>>>> to) - You have to modify the repository.xml (security section)
>>>>>>>>>> to:
>>>>>>>>>> <Security appName="Jackrabbit">
>>>>>>>>>> <AccessManager
>>>>>>>>>> class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
>>>>>>>>>> />
>>>>>>>>>> </Security>
>>>>>>>>>>
>>>>>>>>>> Here's also an example jcr-ds.xml (taken from the template in
>>>>>>>>>> SVN):
>>>>>>>>>> <connection-factories>
>>>>>>>>>> <tx-connection-factory>
>>>>>>>>>> <jndi-name>jcr/local</jndi-name>
>>>>>>>>>> <xa-transaction/>
>>>>>>>>>> <rar-name>jackrabbit-jca.rar</rar-name>
>>>>>>>>>>
>>>>>>>>>> <connection-definition>javax.jcr.Repository</connection-definition>
>>>>>>>>>> <config-property name="homeDir"
>>>>>>>>>> type="java.lang.String">/temp/jackrabbit</config-property>
>>>>>>>>>> <config-property name="configFile"
>>>>>>>>>> type="java.lang.String">classpath:repository.xml</config-property>
>>>>>>>>>> <config-property name="bindSessionToTransaction"
>>>>>>>>>> type="java.lang.Boolean">true</config-property>
>>>>>>>>>> </tx-connection-factory>
>>>>>>>>>> </connection-factories>
>>>>>>>>>> change the rar name and homeDir (that's the dir where to put the
>>>>>>>>>> rolemapping.properties)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Markus
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> I sent you the files through Gmail.
>>>>>>>>>>>
>>>>>>>>>>> Ishai Borovoy wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> OK, I will.
>>>>>>>>>>>>
>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> please send me the contents of the following files:
>>>>>>>>>>>>> (1) server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>> (2) server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>> (3) rolemapping.properties (and the location where you put it)
>>>>>>>>>>>>> (4) repository.xml in the jca rar file
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Markus,
>>>>>>>>>>>>>> I did all your instruction below and restart the Jboss, no
>>>>>>>>>>>>>> error...
>>>>>>>>>>>>>> but the problem I can login with no matter what user/password
>>>>>>>>>>>>>> I
>>>>>>>>>>>>>> use.
>>>>>>>>>>>>>> Here is the client code (I call it remotly (use the
>>>>>>>>>>>>>> jackrabbit-jcr-rmi-1.3.1.jar)).
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <code>
>>>>>>>>>>>>>> rr = (RemoteRepository)
>>>>>>>>>>>>>> ctx.lookup("jnp://localhost:1099/jcrServer");
>>>>>>>>>>>>>> Repository repository =
>>>>>>>>>>>>>> adapter.getRepository(rr);
>>>>>>>>>>>>>> // no matter what user name or password I
>>>>>>>>>>>>>> will
>>>>>>>>>>>>>> put
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> code success to run with no exeption
>>>>>>>>>>>>>> Credentials credJBoss = new
>>>>>>>>>>>>>> SimpleCredentials("username","password".toCharArray());
>>>>>>>>>>>>>> Session session = repository.login(credJBoss);
>>>>>>>>>>>>>> Node n = session.getRootNode().getNode("foo");
>>>>>>>>>>>>>> n.setProperty("Ishai", true);
>>>>>>>>>>>>>> session.save();
>>>>>>>>>>>>>> session.logout();
>>>>>>>>>>>>>> </code>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Any suggestion?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>> Ishai
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Markus Reis wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Ishai,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> if you are looking for simple authentication based on a few
>>>>>>>>>>>>>>> configuration files you could follow the approach presented
>>>>>>>>>>>>>>> on:
>>>>>>>>>>>>>>> http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
>>>>>>>>>>>>>>> Further to the description there you will have to:
>>>>>>>>>>>>>>> (1) add the following lines to login-config.xml in
>>>>>>>>>>>>>>> server\default\conf:
>>>>>>>>>>>>>>> <application-policy name="Jackrabbit">
>>>>>>>>>>>>>>> <authentication>
>>>>>>>>>>>>>>> <login-module
>>>>>>>>>>>>>>> code="org.jboss.security.auth.spi.UsersRolesLoginModule"
>>>>>>>>>>>>>>> flag="required">
>>>>>>>>>>>>>>> <module-option
>>>>>>>>>>>>>>> name="usersProperties">props/jackrabbit-users.properties</module-option>
>>>>>>>>>>>>>>> <module-option
>>>>>>>>>>>>>>> name="rolesProperties">props/jackrabbit-roles.properties</module-option>
>>>>>>>>>>>>>>> </login-module>
>>>>>>>>>>>>>>> </authentication>
>>>>>>>>>>>>>>> </application-policy>
>>>>>>>>>>>>>>> (2) create a
>>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-roles.properties
>>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>> listing <username>=<rolename> pairs
>>>>>>>>>>>>>>> (3) create a
>>>>>>>>>>>>>>> server\default\conf\props\jackrabbit-users.properties
>>>>>>>>>>>>>>> file
>>>>>>>>>>>>>>> listing <username>=<passsword> pairs
>>>>>>>>>>>>>>> (4) rename the rolemappings.properties file in
>>>>>>>>>>>>>>> repository.home
>>>>>>>>>>>>>>> (that
>>>>>>>>>>>>>>> lists <rolename>=<permission> pairs) to
>>>>>>>>>>>>>>> rolemapping.properties
>>>>>>>>>>>>>>> (if
>>>>>>>>>>>>>>> you
>>>>>>>>>>>>>>> use jackrabbit 1.3 or higher)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> hope that helps,
>>>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ishai Borovoy schrieb:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>> I succeed to deploy (JCA deployment) rar file on JBosss,
>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>> everything
>>>>>>>>>>>>>>>> is
>>>>>>>>>>>>>>>> work fine. how can I configure the repository/Jboss to
>>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>>> custom
>>>>>>>>>>>>>>>> authentication (for example with user.properties file)?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>>>>
>>>>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>>>>> Research Studios
>>>>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>>>>
>>>>>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>>>>
>>>>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Mag. Markus Reis
>>>>>>>>>>
>>>>>>>>>> Austrian Research Centers GmbH - ARC
>>>>>>>>>> Research Studios
>>>>>>>>>> Studio Digital Memory Engineering
>>>>>>>>>>
>>>>>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>>>>>> Mobile: +43 664 825 1106
>>>>>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>>>>>> Fax: +43-1-585 37 41
>>>>>>>>>>
>>>>>>>>>> <[EMAIL PROTECTED]>
>>>>>>>>>> http://www.arcs.ac.at/
>>>>>>>>>> http://www.researchstudio.at/
>>>>>>>>>> http://dme.researchstudio.at/
>>>>>>>>>>
>>>>>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Mag. Markus Reis
>>>>>>
>>>>>> Austrian Research Centers GmbH - ARC
>>>>>> Research Studios
>>>>>> Studio Digital Memory Engineering
>>>>>>
>>>>>> Thurngasse 8/3/20, A-1090 Wien
>>>>>> Mobile: +43 664 825 1106
>>>>>> Tel.: +43-1-585 05 37 - 16
>>>>>> Fax: +43-1-585 37 41
>>>>>>
>>>>>> <[EMAIL PROTECTED]>
>>>>>> http://www.arcs.ac.at/
>>>>>> http://www.researchstudio.at/
>>>>>> http://dme.researchstudio.at/
>>>>>>
>>>>>> HG Wien – FN 115980i – ATU14703506
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>> --
>>>> Mag. Markus Reis
>>>>
>>>> Austrian Research Centers GmbH - ARC
>>>> Research Studios
>>>> Studio Digital Memory Engineering
>>>>
>>>> Thurngasse 8/3/20, A-1090 Wien
>>>> Mobile: +43 664 825 1106
>>>> Tel.: +43-1-585 05 37 - 16
>>>> Fax: +43-1-585 37 41
>>>>
>>>> <[EMAIL PROTECTED]>
>>>> http://www.arcs.ac.at/
>>>> http://www.researchstudio.at/
>>>> http://dme.researchstudio.at/
>>>>
>>>> HG Wien – FN 115980i – ATU14703506
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>
>
> --
> Mag. Markus Reis
>
> Austrian Research Centers GmbH - ARC
> Research Studios
> Studio Digital Memory Engineering
>
> Thurngasse 8/3/20, A-1090 Wien
> Mobile: +43 664 825 1106
> Tel.: +43-1-585 05 37 - 16
> Fax: +43-1-585 37 41
>
> <[EMAIL PROTECTED]>
> http://www.arcs.ac.at/
> http://www.researchstudio.at/
> http://dme.researchstudio.at/
>
> HG Wien – FN 115980i – ATU14703506
>
>
>
--
View this message in context:
http://www.nabble.com/JCA-on-JBoss-tf4228473.html#a12047703
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
