portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark McCullough" <bustedmag...@gmail.com>
Subject Re: Security Question
Date Tue, 19 Sep 2006 20:03:45 GMT
I modified server.xml to use the other database for authentication. That
works fine except roles are missing. If you look in the catalina log it says
'Username xxxx successfully authenticated', but I get Access For View not
permitted. This is because the role isn't being picked up properly.
To fix this, I added a column in my username/password table to hold the
roles, and manually inserted roles into there for each user but I still get
the error. Is the portal somehow trying to pick up roles from the jetspeed
DB even though I specifically defined in the server.xml where to look?

On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> I would continue to use jetspeed's JAAS realm for authentication, but
> swap out the actual ATN components with your own custom
> implementations to lookup against your own tables.
> Look at jetspeed's WEB-INF/assembly/security-spi-atn.xml.
> You'll need to provide your own custom implementations for the
> org.apache.jetspeed.security.spi.CredentialHandler component (this is
> for password encoding/hashing) and for the
> org.apache.jetspeed.security.spi.UserSecurityHandler component (this
> is for the actual authentication).
> Then, I would suggest enabling SSO in tomcat (I just finished
> describing this on another post, perhaps for the user group).
> HTH,
> aaron
> On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > I'm using Jetspeed 2-m3. Is it possible to point authentication away
> from
> > table security_credential to one of my preexisting tables from another
> web
> > app? SSO doesn't seem to work, and one of the most important portlets
> link
> > to a different web app. I want the username/password to come from the
> same
> > table instead of forcing every user to have a jetspeed username/password
> and
> > web app username/password. Thanks.
> >
> >
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message