[exo-jcr-commits] exo-jcr SVN: r4263 - in jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules: core and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Wed Apr 20 09:37:34 EDT 2011
Author: dkuleshov
Date: 2011-04-20 09:37:34 -0400 (Wed, 20 Apr 2011)
New Revision: 4263
Added:
jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core/digest-auth.xml
Modified:
jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core.xml
Log:
EXOJCR-1019: added digest auth chapter
Added: jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core/digest-auth.xml
===================================================================
--- jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core/digest-auth.xml (rev 0)
+++ jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core/digest-auth.xml 2011-04-20 13:37:34 UTC (rev 4263)
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<chapter>
+ <title>Digest Authentication</title>
+
+ <section>
+ <title>Overview</title>
+
+ <para>Digest access authentication is one of the agreed methods a web
+ server can use to negotiate credentials with a web user's browser. It uses
+ encryption to send the password over the network which is safer than the
+ Basic access authentication that sends plaintext.</para>
+
+ <para>Technically digest authentication is an application of MD5
+ cryptographic hashing with usage of nonce values to discourage
+ cryptanalysis. It uses the HTTP protocol.</para>
+ </section>
+
+ <section>
+ <title>Server configuration</title>
+
+ <para>To configure you server to use DIGEST authentication we need to edit
+ serverside JAAS module implementation configuration file.</para>
+
+ <section>
+ <title>Tomcat Server configuration</title>
+
+ <para>Edit config file located here:
+ exo-tomcat/webapps/rest.war/WEB-INF/web.xml</para>
+
+ <para>Replace</para>
+
+ <para><programlisting><login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-config></programlisting>for</para>
+
+ <para><programlisting><login-config>
+ <auth-method>DIGEST</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-config></programlisting>More information about tomcat
+ configuration can be found at <ulink
+ url="http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html">Apache
+ Tomcat Configuration Reference</ulink>.</para>
+ </section>
+
+ <section>
+ <title>Jetty server configuration</title>
+
+ <para>Edit config file located here:
+ exo-jetty/webapps/rest.war/WEB-INF/web.xml</para>
+
+ <para>Replace</para>
+
+ <para><programlisting><login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-config></programlisting>for</para>
+
+ <para><programlisting><login-config>
+ <auth-method>DIGEST</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-config></programlisting></para>
+ </section>
+
+ <section>
+ <title>JBoss server configuration</title>
+
+ <para>Edit config file located here:
+ exo-jboss/server/default/deploy/exo.jcr.ear.ear/rest.war/WEB-INF/web.xml</para>
+
+ <para>Replace</para>
+
+ <para><programlisting><login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-config></programlisting>for</para>
+
+ <para><programlisting><login-config>
+ <auth-method>DIGEST</auth-method>
+ <realm-name>eXo REST services</realm-name>
+</login-confi</programlisting></para>
+
+ <para>You also need to edit login configuration file located here:
+ exo-jboss/server/default/conf/login-config.xml</para>
+
+ <para><programlisting><application-policy name="exo-domain">
+ <authentication>
+ <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ <module-option name="hashAlgorithm">MD5</module-option>
+ <module-option name="hashEncoding">rfc2617</module-option>
+ <module-option name="hashUserPassword">false</module-option>
+ <module-option name="hashStorePassword">true</module-option>
+ <module-option name="passwordIsA1Hash">true</module-option>
+ <module-option name="storeDigestCallback">
+ org.jboss.security.auth.spi.RFC2617Digest
+ </module-option>
+ </login-module>
+ </authentication>
+</application-policy></programlisting>You probably should define
+ users.properties and role.properties according to your own needs.</para>
+
+ <para>More information about jboss server Digest authentication
+ configuration can be found at <ulink
+ url="http://docs.jboss.org/jbossas/guides/webguide/r2/en/html/ch05.html">JBoss
+ quide chapter</ulink>.</para>
+ </section>
+ </section>
+
+ <section>
+ <title>OrganizationService implementation requirements</title>
+
+ <para>To make your own
+ <literal>org.exoplatform.services.organization.OrganizationService</literal>
+ implementation able to use DIGEST authentication you need to make your
+ UserHandler implementation also implement
+ <literal>org.exoplatform.services.organization.DigestAuthenticator</literal>
+ interface which provide more flexible authenticate method. As it is called
+ from
+ <literal>org.exoplatform.services.organization.auth.OrganizationAuthenticatorImpl</literal>
+ it receive a
+ <literal>org.exoplatform.services.security.Credential</literal> instances,
+ you can get more information from
+ <literal>org.exoplatform.services.security.PasswordCredential.getPasswordContext()</literal>.
+ It can be used to calculate md5 digest of original password to compare it
+ with recieved from clientside.</para>
+ </section>
+</chapter>
Modified: jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core.xml
===================================================================
--- jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core.xml 2011-04-20 13:28:47 UTC (rev 4262)
+++ jcr/trunk/exo.jcr.docs/exo.jcr.docs.developer/en/src/main/docbook/en-US/modules/core.xml 2011-04-20 13:37:34 UTC (rev 4263)
@@ -1,44 +1,46 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
-"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
-<part>
- <?dbhtml filename="part-core.html"?>
-
- <title>eXoCore</title>
-
- <xi:include href="core/core.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/db-creator-service.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/security-service.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/spring-security-integration.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/organization-service.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/organization-service-initalizer.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/organization-service-listener.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/conversationstate-when-membership-changed.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/db-schema-creator-service.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/db-configuration-hibernate.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/ldap-configuration.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-
- <xi:include href="core/tika-document-reader-service.xml"
- xmlns:xi="http://www.w3.org/2001/XInclude" />
-</part>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
+<part>
+ <?dbhtml filename="part-core.html"?>
+
+ <title>eXoCore</title>
+
+ <xi:include href="core/core.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/db-creator-service.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/security-service.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/spring-security-integration.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/organization-service.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/organization-service-initalizer.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/organization-service-listener.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/conversationstate-when-membership-changed.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/db-schema-creator-service.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/db-configuration-hibernate.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/ldap-configuration.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/tika-document-reader-service.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="core/digest-auth.xml"
+ xmlns:xi="http://www.w3.org/2001/XInclude" />
+</part>
More information about the exo-jcr-commits
mailing list