Although I didn't do that myself yet (I'd love to try it - but had no
time so far :-( ), you'll have to modify the corresponding section in
login-config.xml and use an LdapLoginModule instead of the
UsersRolesLoginModule - further details on this can be found under
http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapLoginModule ...
... I don't know what else is necessary from the jackrabbit side ...
in any case: let me know when you have this up and running ...
Markus
Ishai Borovoy schrieb:
Do you know also how to implement it on LDAP? or can you give me some
direction (links...)?
Markus Reis wrote:
Hi Ishai,
you are welcome - and as I can see there's nothing more I can do for you
here, since you are already answering your own questions yourself :-)
best regards,
Markus
Ishai Borovoy schrieb:
OK, I think I understand it, it in the SimpleJBossAccessManager class:
public void init(AMContext context)
+ throws AccessDeniedException, Exception {
+ Properties rolemaps = new Properties();
+ File rolemap = new File(context.getHomeDir(),
"rolemapping.properties");
+ log.info("Loading jbossgroup role mappings from {}",
rolemap.getPath());
+ FileInputStream rolefs = new FileInputStream(rolemap);
+ try {
+ rolemaps.load(rolefs);
+ } finally {
+ rolefs.close();
+ }
+
+ Iterator iterator =
context.getSubject().getPrincipals().iterator();
+ while (iterator.hasNext()) {
+ Principal principal = (Principal) iterator.next();
+ if (principal instanceof Group
+ && principal.getName().equalsIgnoreCase("Roles")){
+ Group group = (Group) principal;
+ Enumeration members = group.members();
+ while (members.hasMoreElements()) {
+ Principal member = (Principal)
members.nextElement();
+ String role =
rolemaps.getProperty(member.getName());
+ system = system || "full".equalsIgnoreCase(role);
+ anonymous = anonymous ||
"read".equalsIgnoreCase(role);
+ }
+ }
+ }
+
+ // @todo check permission to access given workspace based on
principals
+ }
Ishai Borovoy wrote:
Hi Markus,
First I want to really thanks for your help.
One more question, where is the real matching between the role (full,
read
& write) to jackrabbit?
Markus Reis wrote:
Hi,
currently you use the login-config.xml with the following jackrabbit
specific "code":
<application-policy name="Jackrabbit">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="usersProperties">props/jackrabbit-users.properties</module-option>
<module-option
name="rolesProperties">props/jackrabbit-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
further you have a jackrabbit-jca-<version>.rar file in the deploy dir
...
... alternatively you could extract this .rar into a folder called
jackrabbit-jca-<version>.rar (yes this is a folder now) and then do the
changes according to the last section of
http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity - this
would
allow you to leave conf/login-config.xml unchanged (I don't use this
"deployment model" however).
kind regards,
Markus
Ishai Borovoy schrieb:
BTW,
what is the last section in
http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity
that talk about creating folder "jackrabbitsecurity.rar"?
Markus Reis wrote:
The class should be in jackrabbit-core-<version>.jar and should be
included in jackrabbit-jca-<version>.rar - this however depends on
the
jackrabbit version you are using ...
... in any case you can put jackrabbit-core-<version>.jar in
server/default/lib (simply download it from
http://jackrabbit.apache.org/downloads.cgi or build it from source) -
and make sure that it contains
org.apache.jackrabbit.core.security.SimpleJBossAccessManager ...
... note that the package and the name of this class has changed over
the last jackrabbit versions - so be sure that the entry in
repository.xml equals the class and package name in the included jar!
regards,
Markus
Ishai Borovoy schrieb:
Hi Markus,
Another thing...
By success I meant that I have no exception when Jboss initialize,
but
when
I try to login (remotly) I get:
"...
java.lang.ClassNotFoundException: No C
sLoaders found for:
org.apache.jackrabbit.core.security.SimpleJBossAccessMana
...."
I guess it related to the last section in
:http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity,
I follow this section but I am not sure I did it corectly, can you
help
me
with that?
Ishai Borovoy wrote:
OK success,
Thank you very much!!!
Ishai
Ishai Borovoy wrote:
OK thanks,
I will try again.
Ishai
Markus Reis wrote:
(1) you have to create the rolemapping.properties file yourself
(in
your
repository.home: you specified that in jcr-ds.xml) - and it
should
contain the following line in your case:
friend=full
(2) you did not read the corresponding docs on the wiki (I
pointed
you
to) - You have to modify the repository.xml (security section)
to:
<Security appName="Jackrabbit">
<AccessManager
class="org.apache.jackrabbit.core.security.SimpleJBossAccessManager"
/>
</Security>
Here's also an example jcr-ds.xml (taken from the template in
SVN):
<connection-factories>
<tx-connection-factory>
<jndi-name>jcr/local</jndi-name>
<xa-transaction/>
<rar-name>jackrabbit-jca.rar</rar-name>
<connection-definition>javax.jcr.Repository</connection-definition>
<config-property name="homeDir"
type="java.lang.String">/temp/jackrabbit</config-property>
<config-property name="configFile"
type="java.lang.String">classpath:repository.xml</config-property>
<config-property name="bindSessionToTransaction"
type="java.lang.Boolean">true</config-property>
</tx-connection-factory>
</connection-factories>
change the rar name and homeDir (that's the dir where to put the
rolemapping.properties)
Markus
Ishai Borovoy schrieb:
I sent you the files through Gmail.
Ishai Borovoy wrote:
OK, I will.
Markus Reis wrote:
Hi,
please send me the contents of the following files:
(1) server\default\conf\props\jackrabbit-roles.properties
(2) server\default\conf\props\jackrabbit-users.properties
(3) rolemapping.properties (and the location where you put it)
(4) repository.xml in the jca rar file
Markus
Ishai Borovoy schrieb:
Hi Markus,
I did all your instruction below and restart the Jboss, no
error...
but the problem I can login with no matter what user/password
I
use.
Here is the client code (I call it remotly (use the
jackrabbit-jcr-rmi-1.3.1.jar)).
<code>
rr = (RemoteRepository)
ctx.lookup("jnp://localhost:1099/jcrServer");
Repository repository =
adapter.getRepository(rr);
// no matter what user name or password I
will
put
the
code success to run with no exeption
Credentials credJBoss = new
SimpleCredentials("username","password".toCharArray());
Session session = repository.login(credJBoss);
Node n = session.getRootNode().getNode("foo");
n.setProperty("Ishai", true);
session.save();
session.logout();
</code>
Any suggestion?
Thanks,
Ishai
Markus Reis wrote:
Hi Ishai,
if you are looking for simple authentication based on a few
configuration files you could follow the approach presented
on:
http://wiki.apache.org/jackrabbit/SimpleJbossAccessManager
Further to the description there you will have to:
(1) add the following lines to login-config.xml in
server\default\conf:
<application-policy name="Jackrabbit">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="usersProperties">props/jackrabbit-users.properties</module-option>
<module-option
name="rolesProperties">props/jackrabbit-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
(2) create a
server\default\conf\props\jackrabbit-roles.properties
file
listing <username>=<rolename> pairs
(3) create a
server\default\conf\props\jackrabbit-users.properties
file
listing <username>=<passsword> pairs
(4) rename the rolemappings.properties file in
repository.home
(that
lists <rolename>=<permission> pairs) to
rolemapping.properties
(if
you
use jackrabbit 1.3 or higher)
hope that helps,
Markus
Ishai Borovoy schrieb:
Hi,
I succeed to deploy (JCA deployment) rar file on JBosss,
and
everything
is
work fine. how can I configure the repository/Jboss to
work
with
custom
authentication (for example with user.properties file)?
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
--
Mag. Markus Reis
Austrian Research Centers GmbH - ARC
Research Studios
Studio Digital Memory Engineering
Thurngasse 8/3/20, A-1090 Wien
Mobile: +43 664 825 1106
Tel.: +43-1-585 05 37 - 16
Fax: +43-1-585 37 41
<[EMAIL PROTECTED]>
http://www.arcs.ac.at/
http://www.researchstudio.at/
http://dme.researchstudio.at/
HG Wien – FN 115980i – ATU14703506
