portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Evans" <aaronmev...@gmail.com>
Subject Re: Security Question
Date Tue, 19 Sep 2006 20:18:24 GMT
Oh and BTW, if you do go with jetspeed's JAAS realm, in order to use
roles in a different table, then you need to look at the ATZ
components in WEB-INF/assembly/security-spi-atz.xml.

On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> I'm not clear on what you mean by "I modified server.xml to use the
> other database for authentication".  You set up a different realm?
>
> If you went this route (and did not use the jetspeed JAAS realm by
> creating custom ATN components), as far as jetspeed goes, I think
> you'd need to comment out it's JAAS realm from jetspeed.xml so it
> wouldn't override your realm for its context.
>
> However, even if you got that to work somehow, I'm really not sure
> what else would break in jetspeed...
>
> On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > I modified server.xml to use the other database for authentication. That
> > works fine except roles are missing. If you look in the catalina log it says
> > 'Username xxxx successfully authenticated', but I get Access For View not
> > permitted. This is because the role isn't being picked up properly.
> > To fix this, I added a column in my username/password table to hold the
> > roles, and manually inserted roles into there for each user but I still get
> > the error. Is the portal somehow trying to pick up roles from the jetspeed
> > DB even though I specifically defined in the server.xml where to look?
> >
> > On 9/19/06, Aaron Evans <aaronmevans@gmail.com> wrote:
> > >
> > > I would continue to use jetspeed's JAAS realm for authentication, but
> > > swap out the actual ATN components with your own custom
> > > implementations to lookup against your own tables.
> > >
> > > Look at jetspeed's WEB-INF/assembly/security-spi-atn.xml.
> > >
> > > You'll need to provide your own custom implementations for the
> > > org.apache.jetspeed.security.spi.CredentialHandler component (this is
> > > for password encoding/hashing) and for the
> > > org.apache.jetspeed.security.spi.UserSecurityHandler component (this
> > > is for the actual authentication).
> > >
> > > Then, I would suggest enabling SSO in tomcat (I just finished
> > > describing this on another post, perhaps for the user group).
> > >
> > > HTH,
> > > aaron
> > >
> > > On 9/19/06, Mark McCullough <bustedmagnet@gmail.com> wrote:
> > > > I'm using Jetspeed 2-m3. Is it possible to point authentication away
> > > from
> > > > table security_credential to one of my preexisting tables from another
> > > web
> > > > app? SSO doesn't seem to work, and one of the most important portlets
> > > link
> > > > to a different web app. I want the username/password to come from the
> > > same
> > > > table instead of forcing every user to have a jetspeed username/password
> > > and
> > > > web app username/password. Thanks.
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > >
> > >
> >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message