Ok. Two alternatives I thought about later:
The first is to put this behind an apache server and let apache authenticate and then it passes back a field(s) in the request. I'm not sure if that is a viable alternative or not but thought I would mention it. The second is instead of ldap, use pam and then people can plug whatever they want into pam. I feel like I need to study a lot more before I can make "real" suggestions. Perry On Oct 23, 2010, at 10:36 PM, Joseph Gentle wrote: > Yeah that'd be good too. > > LDAP should be possible... Currently there's no way to configure other > fields than username and password, but that should be ok for LDAP. > > You'll need to make a JAAS config file for your particular LDAP > configuration, and in the AuthenticationServlet make it able to map a > user's LDAP to their wave ID. That will require a change to > AuthenticationServlet.getLoggedInUser() to also respond to > LdapPrincipal. > > We'll probably also need another change so that if the authentication > module correctly authenticates a user, the account data will be > created automatically. Maybe add a 'boolean createIfNeeded' argument > to SessionManager.setLoggedInUser(session, loggedInAddress). You can > implement that in SessionManagerImpl by calling > accountStore.putAccount(new HumanAccountDataImpl(id)). > > You're more than welcome to have a stab at it. I'm happy to help; and > send code reviews my way if you get something working. > > An admin panel would be good too - What kind of stuff would we want in > that? I guess a change password thing, and we should let users set > their profile pictures and stuff. ... Yeah... that'd be nice too. > > -J > > > On Sun, Oct 24, 2010 at 12:13 PM, James Purser <[email protected]> wrote: >> I think a better idea would be to setup an auth layer that people can then >> write plugins for. >> Also, we're getting to the point where we are going to need an Admin panel >> of some sort. With the user rego, robot auth and so on we're going to need >> to start tying everything together. >> James >> >> On Sun, Oct 24, 2010 at 12:08 PM, Perry Smith <[email protected]> wrote: >>> >>> Is it way too soon to hook up an LDAP authentication? I'd like to take a >>> whack at that if it seems appropriate. I might should do something smaller >>> first though. >>> >>> On Oct 23, 2010, at 7:35 PM, Joseph Gentle wrote: >>> >>>> Thats working as intended :( >>>> >>>> I only made FakePermissiveAccountStore because at the time we didn't >>>> have the registration servlet, so you couldn't actually register >>>> users. I'd like to remove it, but the other developers don't want to >>>> have to register users when they're testing their code changes. I >>>> think they're big wusses, and they should just install mongodb and use >>>> the persistent user store. >>>> >>>> Fedone is configured to work with mongodb's default configuration. You >>>> should just be able to install & run mongodb, and if you tell fedone >>>> to use it, everything will magically work. >>>> >>>> Alternately, we could make the in-memory user store the default user >>>> store. If you want persistent users, you can just switch it across. >>>> (Or I can add a tiny curl script which registers a couple test >>>> users... or....) >>>> >>>> But yeah; sorry about the confusing behaviour. >>>> >>>> -J >>>> >>>> >>>> On Sun, Oct 24, 2010 at 10:35 AM, Vega <[email protected]> wrote: >>>>> It seems like there's bug with FakePermissiveAccountStore at line 45: >>>>> account = new HumanAccountDataImpl(id, new >>>>> PasswordDigest("".toCharArray())); >>>>> It assigns the new value to account, but then in the >>>>> UserRegistrationServlet there's the following test: >>>>> if (accountStore.getAccount(id) != null) { >>>>> return "Account already exists"; >>>>> } >>>>> So, basically, it always returns the error message >>>>> >>>>> On Oct 24, 12:40 am, Joseph Gentle <[email protected]> wrote: >>>>>> With the fake user store, you don't need to register users. You can >>>>>> just login as any user, with a blank password. >>>>>> >>>>>> Also, with both the login page and the registration page, you can just >>>>>> type in the username (without the @domain) and the domain suffix will >>>>>> be added automatically. >>>>>> >>>>>> Sorry those pages are confusing. People on this list are working on >>>>>> making them pretty. >>>>>> >>>>>> -J >>>>>> >>>>>> On Sun, Oct 24, 2010 at 9:22 AM, Lennard de Rijk >>>>>> <[email protected]> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Hi, >>>>>>> The GWT error messages can be safely ignored (as long as in the end >>>>>>> it still >>>>>>> says that compiling permutations succeeded :)). Can you set >>>>>>> the ACCOUNT_STORE_TYPE to memory ? The fake user store doesn't allow >>>>>>> you to >>>>>>> register anything and is currently still a default as we are working >>>>>>> on the >>>>>>> user storage. >>>>>>> Greetings, >>>>>>> Lennard >>>>>> >>>>>>> On Sat, Oct 23, 2010 at 8:07 AM, pedz <[email protected]> wrote: >>>>>> >>>>>>>> I made these changes: >>>>>> >>>>>>>> WAVE_SERVER_DOMAIN_NAME=`hostname | tr 'A-Z' 'a-z'` >>>>>>>> WAVE_SERVER_HOSTNAME=`hostname | tr 'A-Z' 'a-z'` >>>>>>>> WEBSOCKET_SERVER_HOSTNAME=`hostname | tr 'A-Z' 'a-z'` >>>>>> >>>>>>>> Now, when I try to log in it says forbidden and when I try to create >>>>>>>> an account (no matter what name) it says it already exists. So... >>>>>>>> that didn't help any. >>>>>> >>>>>>>> On Oct 23, 9:57 am, pedz <[email protected]> wrote: >>>>>>>>> I'm on Mac OS X 10.6. When I do "java -version" I get back: >>>>>>>>> Java(TM) SE Runtime Environment (build 1.6.0_22-b04-307-10M3261) >>>>>>>>> Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03-307, mixed mode) >>>>>> >>>>>>>>> so I'm running 1.6. During the build process, when I did ant >>>>>>>>> compile_gwt, I got some warnings and a pocket full of errors but >>>>>>>>> the >>>>>>>>> build said it completed successfully. Here are the ERROR messages: >>>>>> >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/ExtraAsserts.java' >>>>>>>>> [java] [ERROR] Line 44: No source code is available >>>>>>>>> for >>>>>>>>> type junit.framework.Assert; did you forget to inherit a required >>>>>>>>> module? >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/GenericGWTTestBase.java' >>>>>>>>> [java] [ERROR] Line 36: No source code is available >>>>>>>>> for >>>>>>>>> type com.google.gwt.junit.client.GWTTestCase; did you forget to >>>>>>>>> inherit a required module? >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/StoreArgumentAction.java' >>>>>>>>> [java] [ERROR] Line 21: The import org.jmock cannot >>>>>>>>> be >>>>>>>>> resolved >>>>>>>>> [java] [ERROR] Line 22: The import org.jmock cannot >>>>>>>>> be >>>>>>>>> resolved >>>>>>>>> [java] [ERROR] Line 37: Action cannot be resolved to >>>>>>>>> a >>>>>>>>> type >>>>>>>>> [java] [ERROR] Line 66: Invocation cannot be resolved >>>>>>>>> to >>>>>>>>> a type >>>>>>>>> [java] [ERROR] Line 71: Action cannot be resolved to >>>>>>>>> a >>>>>>>>> type >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/GenericTestBase.java' >>>>>>>>> [java] [ERROR] Line 29: No source code is available >>>>>>>>> for >>>>>>>>> type junit.framework.TestCase; did you forget to inherit a required >>>>>>>>> module? >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/OpMatchers.java' >>>>>>>>> [java] [ERROR] Line 41: No source code is available >>>>>>>>> for >>>>>>>>> type org.hamcrest.Matcher<T>; did you forget to inherit a required >>>>>>>>> module? >>>>>>>>> [java] [ERROR] Line 42: No source code is available >>>>>>>>> for >>>>>>>>> type org.hamcrest.BaseMatcher<T>; did you forget to inherit a >>>>>>>>> required >>>>>>>>> module? >>>>>>>>> [java] [ERROR] Line 49: No source code is available >>>>>>>>> for >>>>>>>>> type org.hamcrest.Description; did you forget to inherit a required >>>>>>>>> module? >>>>>>>>> [java] [ERROR] Line 57: No source code is available >>>>>>>>> for >>>>>>>>> type org.hamcrest.TypeSafeMatcher<T>; did you forget to inherit a >>>>>>>>> required module? >>>>>>>>> [java] [ERROR] Errors in >>>>>>>>> 'jar:file:/Users/lroot/Source/Wave/ >>>>>>>>> >>>>>>>>> wave-protocol/third_party/runtime/wave-libraries/model-src.jar!/org/ >>>>>>>>> waveprotocol/wave/model/testing/Response.java' >>>>>>>>> [java] [ERROR] Line 89: No source code is available >>>>>>>>> for >>>>>>>>> type org.mockito.stubbing.Answer<T>; did you forget to inherit a >>>>>>>>> required module? >>>>>>>>> [java] [ERROR] Line 97: No source code is available >>>>>>>>> for >>>>>>>>> type org.mockito.invocation.InvocationOnMock; did you forget to >>>>>>>>> inherit a required module? >>>>>> >>>>>>>>> Oh, one small boo boo I found. The instructions say to do: >>>>>> >>>>>>>>> cp run-config-nofed.sh run-config.sh >>>>>> >>>>>>>>> but the sample is actually called run-nofed-config.sh >>>>>> >>>>>>>>> I did not make any changes to the config file. It all look "sane" >>>>>>>>> to >>>>>>>>> me. I started the server and browsed to the local port. I was >>>>>>>>> redirected to: >>>>>> >>>>>>>>> http://localhost:9898/auth/signin?r=/ >>>>>> >>>>>>>>> I hit the register new account link, typed in a name (like "foo" >>>>>>>>> without quotes) and password and hit submit and it says: >>>>>> >>>>>>>>> You can only create users at the Happy.local domain >>>>>> >>>>>>>>> Happy is my local host name. >>>>>> >>>>>>>>> The debug to the last request coming to the console is: >>>>>> >>>>>>>>> 2010-10-23 09:54:42.766:DBUG::REQUEST /auth/register on >>>>>>>>> org.eclipse.jetty.server.nio.selectchannelconnecto...@427ab40c >>>>>>>>> 2010-10-23 >>>>>> >>>>>>>>> >>>>>>>>> 09:54:42.777:DBUG::sessionManager=org.eclipse.jetty.server.session.HashSess >>>>>>>>> ionmana...@3ddcc4cd >>>>>>>>> 2010-10-23 09:54:42.777:DBUG::session=null >>>>>>>>> 2010-10-23 >>>>>> >>>>>>>>> >>>>>>>>> 09:54:42.778:DBUG::servlet=org.waveprotocol.box.server.rpc.UserRegistration >>>>>>>>> Servlet-2043289758 >>>>>>>>> 2010-10-23 09:54:42.778:DBUG::servlet holder= >>>>>>>>> org.waveprotocol.box.server.rpc.UserRegistrationServlet-2043289758 >>>>>>>>> 2010-10-23 09:54:42.778:DBUG::chain= null >>>>>>>>> 2010-10-23 09:54:42.782:DBUG::RESPONSE /auth/register 403 >>>>>> >>>>>>>>> (don't seem particular useful but I thought I'd post it). I'm >>>>>>>>> going >>>>>>>>> to tinker and try to remove the capital from the H of Happy. I'm >>>>>>>>> wondering if maybe thats the glitch. >>>>>> >>>>>>>>> Any other suggestions? >>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups >>>>>>>> "Wave Protocol" group. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> To unsubscribe from this group, send email to >>>>>>>> [email protected]. >>>>>>>> For more options, visit this group at >>>>>>>> http://groups.google.com/group/wave-protocol?hl=en. >>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups >>>>>>> "Wave Protocol" group. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To unsubscribe from this group, send email to >>>>>>> [email protected]. >>>>>>> For more options, visit this group at >>>>>>> http://groups.google.com/group/wave-protocol?hl=en. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Wave Protocol" group. >>>>> To post to this group, send email to [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/wave-protocol?hl=en. >>>>> >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Wave Protocol" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/wave-protocol?hl=en. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Wave Protocol" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/wave-protocol?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Wave Protocol" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/wave-protocol?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Wave Protocol" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/wave-protocol?hl=en. > -- You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en.
