portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark McCullough" <bustedmag...@gmail.com>
Subject Re: Security Question
Date Tue, 19 Sep 2006 21:18:46 GMT
I did create a different realm that points to my other DB. I commented out
jetspeed's JAAS realm in jetspeed.xml, so authentication works perfectly.
The problem is authorization. Even though you define where to pick up roles
in server.xml, it is not using them, which is the problem. Instead, I'm
getting authenticated but then roadblocked upon authorization.

On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
>
> Oh and BTW, if you do go with jetspeed's JAAS realm, in order to use
> roles in a different table, then you need to look at the ATZ
> components in WEB-INF/assembly/security-spi-atz.xml.
>
> On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> > I'm not clear on what you mean by "I modified server.xml to use the
> > other database for authentication".  You set up a different realm?
> >
> > If you went this route (and did not use the jetspeed JAAS realm by
> > creating custom ATN components), as far as jetspeed goes, I think
> > you'd need to comment out it's JAAS realm from jetspeed.xml so it
> > wouldn't override your realm for its context.
> >
> > However, even if you got that to work somehow, I'm really not sure
> > what else would break in jetspeed...
> >
> > On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > > I modified server.xml to use the other database for authentication.
> That
> > > works fine except roles are missing. If you look in the catalina log
> it says
> > > 'Username xxxx successfully authenticated', but I get Access For View
> not
> > > permitted. This is because the role isn't being picked up properly.
> > > To fix this, I added a column in my username/password table to hold
> the
> > > roles, and manually inserted roles into there for each user but I
> still get
> > > the error. Is the portal somehow trying to pick up roles from the
> jetspeed
> > > DB even though I specifically defined in the server.xml where to look?
> > >
> > > On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> > > >
> > > > I would continue to use jetspeed's JAAS realm for authentication,
> but
> > > > swap out the actual ATN components with your own custom
> > > > implementations to lookup against your own tables.
> > > >
> > > > Look at jetspeed's WEB-INF/assembly/security-spi-atn.xml.
> > > >
> > > > You'll need to provide your own custom implementations for the
> > > > org.apache.jetspeed.security.spi.CredentialHandler component (this
> is
> > > > for password encoding/hashing) and for the
> > > > org.apache.jetspeed.security.spi.UserSecurityHandler component (this
> > > > is for the actual authentication).
> > > >
> > > > Then, I would suggest enabling SSO in tomcat (I just finished
> > > > describing this on another post, perhaps for the user group).
> > > >
> > > > HTH,
> > > > aaron
> > > >
> > > > On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > > > > I'm using Jetspeed 2-m3. Is it possible to point authentication
> away
> > > > from
> > > > > table security_credential to one of my preexisting tables from
> another
> > > > web
> > > > > app? SSO doesn't seem to work, and one of the most important
> portlets
> > > > link
> > > > > to a different web app. I want the username/password to come from
> the
> > > > same
> > > > > table instead of forcing every user to have a jetspeed
> username/password
> > > > and
> > > > > web app username/password. Thanks.
> > > > >
> > > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > > For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
> > > >
> > > >
> > >
> > >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message