portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Evans" <aaronmev...@gmail.com>
Subject Re: Security Question
Date Tue, 19 Sep 2006 20:17:24 GMT
I'm not clear on what you mean by "I modified server.xml to use the
other database for authentication".  You set up a different realm?

If you went this route (and did not use the jetspeed JAAS realm by
creating custom ATN components), as far as jetspeed goes, I think
you'd need to comment out it's JAAS realm from jetspeed.xml so it
wouldn't override your realm for its context.

However, even if you got that to work somehow, I'm really not sure
what else would break in jetspeed...

On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> I modified server.xml to use the other database for authentication. That
> works fine except roles are missing. If you look in the catalina log it says
> 'Username xxxx successfully authenticated', but I get Access For View not
> permitted. This is because the role isn't being picked up properly.
> To fix this, I added a column in my username/password table to hold the
> roles, and manually inserted roles into there for each user but I still get
> the error. Is the portal somehow trying to pick up roles from the jetspeed
> DB even though I specifically defined in the server.xml where to look?
>
> On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> >
> > I would continue to use jetspeed's JAAS realm for authentication, but
> > swap out the actual ATN components with your own custom
> > implementations to lookup against your own tables.
> >
> > Look at jetspeed's WEB-INF/assembly/security-spi-atn.xml.
> >
> > You'll need to provide your own custom implementations for the
> > org.apache.jetspeed.security.spi.CredentialHandler component (this is
> > for password encoding/hashing) and for the
> > org.apache.jetspeed.security.spi.UserSecurityHandler component (this
> > is for the actual authentication).
> >
> > Then, I would suggest enabling SSO in tomcat (I just finished
> > describing this on another post, perhaps for the user group).
> >
> > HTH,
> > aaron
> >
> > On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > > I'm using Jetspeed 2-m3. Is it possible to point authentication away
> > from
> > > table security_credential to one of my preexisting tables from another
> > web
> > > app? SSO doesn't seem to work, and one of the most important portlets
> > link
> > > to a different web app. I want the username/password to come from the
> > same
> > > table instead of forcing every user to have a jetspeed username/password
> > and
> > > web app username/password. Thanks.
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
> >
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message