Author: bcarothers
Date: 2009-12-19 12:24:18 -0500 (Sat, 19 Dec 2009)
New Revision: 1466
Modified:
trunk/dna-jcr/src/main/java/org/jboss/dna/jcr/JcrRepository.java
trunk/docs/gettingstarted/src/main/docbook/en-US/content/using_dna.xml
trunk/docs/reference/src/main/docbook/en-US/content/jcr/jcr.xml
trunk/docs/reference/src/main/docbook/en-US/custom.dtd
trunk/extensions/dna-connector-filesystem/src/main/resources/org/jboss/dna/connector/filesystem/FileSystemI18n.properties
Log:
DNA-596 Relax security by default to be more accessible to new users
Committed patch that:
1. Makes the default anonymous (guest) user access "admin"
2. Makes the FileSystem error message for attempts to update a source that does not allow
updates more specific:
The source "{0}" does not allow updates. Set the
"updatesAllowed" property to "true" on the repository source
(connector) to enable updates.
3. Modifies the Getting Started Guide to highlight the default settings and provide
examples for how to modify the setting through XML or programmatic or XML configuration.
4. Modifies the Reference Guide to describe the impact of the ANONYMOUS_USER_ROLES setting
and provide a reference to the examples in the Getting Started Guide
Modified: trunk/dna-jcr/src/main/java/org/jboss/dna/jcr/JcrRepository.java
===================================================================
--- trunk/dna-jcr/src/main/java/org/jboss/dna/jcr/JcrRepository.java 2009-12-19 16:23:31
UTC (rev 1465)
+++ trunk/dna-jcr/src/main/java/org/jboss/dna/jcr/JcrRepository.java 2009-12-19 17:24:18
UTC (rev 1466)
@@ -290,9 +290,9 @@
public static final String READ_DEPTH = "1";
/**
- * The default value for the {@link Option#READ_DEPTH} option is {@value} .
+ * The default value for the {@link Option#ANONYMOUS_USER_ROLES} option is
{@value} .
*/
- public static final String ANONYMOUS_USER_ROLES = null;
+ public static final String ANONYMOUS_USER_ROLES = "admin";
/**
* The default value for the {@link Option#PROJECT_NODE_TYPES} option is {@value}
.
Modified: trunk/docs/gettingstarted/src/main/docbook/en-US/content/using_dna.xml
===================================================================
--- trunk/docs/gettingstarted/src/main/docbook/en-US/content/using_dna.xml 2009-12-19
16:23:31 UTC (rev 1465)
+++ trunk/docs/gettingstarted/src/main/docbook/en-US/content/using_dna.xml 2009-12-19
17:24:18 UTC (rev 1466)
@@ -181,6 +181,16 @@
<dna:repository jcr:name="car repository"
dna:source="Cars">
<dna:options jcr:primaryType="dna:options">
<jaasLoginConfigName jcr:primaryType="dna:option"
dna:value="dna-jcr"/>
+ <!--
+ As a convenience, DNA allows guest users full access by default. In a
production system,
+ you would want to limit this access by uncommenting one of the options
below:
+
+ for no access:
+ <anonymousUserRoles jcr:PrimaryType="dna:option"
dna:value="" />
+
+ for read-only acces:
+ <anonymousUserRoles jcr:PrimaryType="dna:option"
dna:value="readonly" />
+ -->
</dna:options>
</dna:repository>
</dna:repositories>
@@ -288,6 +298,14 @@
.setSource("source 1")
.registerNamespace("acme","http://www.example.com/acme")
.setOption(JcrRepository.Option.JAAS_LOGIN_CONFIG_NAME, "dna-jcr");
+
+ /*
+ * As a convenience, DNA allows guest users full access by default. In a
production system,
+ * you would want to limit this access by adding one of the lines below to modify this
option:
+ * .setOption(JcrRepository.Option.ANONYMOUS_USER_ROLES, ""); // No
access
+ * .setOption(JcrRepository.Option.ANONYMOUS_USER_ROLES, "readonly"); //
Read-only access
+ */
+
]]></programlisting>
<para>
This example defines a repository that uses the "source 1" repository
source (which could be a federated source, an in-memory source,
Modified: trunk/docs/reference/src/main/docbook/en-US/content/jcr/jcr.xml
===================================================================
--- trunk/docs/reference/src/main/docbook/en-US/content/jcr/jcr.xml 2009-12-19 16:23:31
UTC (rev 1465)
+++ trunk/docs/reference/src/main/docbook/en-US/content/jcr/jcr.xml 2009-12-19 17:24:18
UTC (rev 1466)
@@ -72,8 +72,9 @@
<title>Using JAAS</title>
<para>The <code>login()</code> method allows the implementation to
choose its own security context to create a session in the default workspace
for the repository. The JBoss DNA JCR implementation uses the security context from
the current JAAS &AccessControlContext;. This implies
- that this method will throw a &LoginException; if it is not executed as a
&PrivilegedAction;. Here is one example of how this might
- work:
+ that this method will throw a &LoginException; if it is not executed as a
&PrivilegedAction; (AND the
+ <code>JcrRepository.Options.ANONYMOUS_USER_ROLES</code> option does not
allow access - <link linkend="jcr-guest-access">see below</link> for
an example of how to configure guest user access).
+ Here is one example of how this might work:
<programlisting>
Subject subject = ...;
&Session; session = Subject.doAsPrivileged(subject, new
PrivilegedExceptionAction<&Session;>() {
@@ -138,7 +139,7 @@
Not all applications can or want to use JAAS for their authentication system, so JBoss
DNA provides a way to integrate your own custom
security provider. The first step is to provide a custom implementation of
&SecurityContext; that integrates with your application security, allowing
JBoss DNA to discover the authenticated user's name, determine whether the
authenticated user has been assigned particular roles
- (see the <ulink linkend="dna_jcr_security">JCR Security
section</ulink>), and to notify your application security system that the
+ (see the <link linkend="dna_jcr_security">JCR Security
section</link>), and to notify your application security system that the
authenticated session (for JCR) has ended.
</para>
<para>
@@ -152,7 +153,7 @@
</para>
<para>
At this time, no roles are required to connect to any workspace, but restrictions on
workspace connections will likely be added to JBoss DNA in the near future.
- Please see the <ulink linkend="dna_jcr_security">JCR Security
section</ulink> for more details on how access is controlled.
+ Please see the <link linkend="dna_jcr_security">JCR Security
section</link> for more details on how access is controlled.
</para>
</sect2>
<sect2 id="jcr-sessions-servlet">
@@ -165,11 +166,30 @@
&SecurityContext; securityContext = new &ServletSecurityContext;(request);
&Session; session = repository.login(new
&SecurityContextCredentials;(securityContext));
</programlisting>
- You'll note that this is just a specialization of the <ulink
linkend="jcr-sessions-custom">custom security context</ulink> approach,
since
+ You'll note that this is just a specialization of the <link
linkend="jcr-sessions-custom">custom security context</link> approach,
since
the &ServletSecurityContext; just implements the &SecurityContext; interface
and delegates to the &HttpServletRequest;. Feel free to use
this class in your servlet-based applications.
</para>
</sect2>
+ <sect2 id="jcr-guest-access">
+ <title>Guest (Anonymous) User Access</title>
+ <para>
+ By default, DNA allows guest users full administrative access. This is done to make it
easier to get started with DNA. Of course,
+ this is clearly not an appropriate security model for a production system.
+ </para>
+ <para>
+ To modify the roles granted to guest users, change
+ the <code>JcrRepository.Options.ANONYMOUS_USER_ROLES</code> option for your
repository to have a different value, like "" (to disable
+ guest access entirely) or "readonly" (to give guests read-only access
to all repositories). The value of this option can
+ be any pattern that matches those described in the <link
linkend="role-formats">table below</link>.
+ <note>
+ <para>
+ The Using DNA chapter of the Getting Started Guide provides examples of modifying
this option through programmatic configuration or
+ in an XML configuration file.
+ </para>
+ </note>
+ </para>
+ </sect2>
</sect1>
<sect1>
<title>JCR Specification Support</title>
@@ -282,7 +302,7 @@
It is also possible to grant access only to one or more repositories on a single DNA
server or to one or more named workspaces within a repository. The format for
role names is defined below:
</para>
- <table frame='all'>
+ <table frame='all' id="role-formats">
<title>Role Formats</title>
<tgroup cols='3' align='left' colsep='1'
rowsep='1'>
<thead>
Modified: trunk/docs/reference/src/main/docbook/en-US/custom.dtd
===================================================================
--- trunk/docs/reference/src/main/docbook/en-US/custom.dtd 2009-12-19 16:23:31 UTC (rev
1465)
+++ trunk/docs/reference/src/main/docbook/en-US/custom.dtd 2009-12-19 17:24:18 UTC (rev
1466)
@@ -85,6 +85,7 @@
<!ENTITY UrlEncoder "<ulink
url='&API;common/text/Jsr283Encoder.html'><classname>UrlEncoder</classname></ulink>">
<!ENTITY XmlNameEncoder "<ulink
url='&API;common/text/Jsr283Encoder.html'><classname>XmlNameEncoder</classname></ulink>">
<!ENTITY XmlValueEncoder "<ulink
url='&API;common/text/XmlValueEncoder.html'><classname>XmlValueEncoder</classname></ulink>">
+<!ENTITY Problem "<ulink
url='&API;common/collection/Problem.html'><interface>Problem</interface></ulink>">
<!ENTITY Problems "<ulink
url='&API;common/collection/Problems.html'><interface>Problems</interface></ulink>">
<!-- Types in dna-graph -->
Modified:
trunk/extensions/dna-connector-filesystem/src/main/resources/org/jboss/dna/connector/filesystem/FileSystemI18n.properties
===================================================================
---
trunk/extensions/dna-connector-filesystem/src/main/resources/org/jboss/dna/connector/filesystem/FileSystemI18n.properties 2009-12-19
16:23:31 UTC (rev 1465)
+++
trunk/extensions/dna-connector-filesystem/src/main/resources/org/jboss/dna/connector/filesystem/FileSystemI18n.properties 2009-12-19
17:24:18 UTC (rev 1466)
@@ -37,7 +37,7 @@
sameNameSiblingsAreNotAllowed = {0} does not allow same name siblings on nodes: {1}
nodeOrderingNotSupported = {0} does not support node ordering
onlyTheDefaultNamespaceIsAllowed = {0} requires node names use the default namespace:
{1}
-sourceIsReadOnly = The source "{0}" does not allow updates
+sourceIsReadOnly = The source "{0}" does not allow updates. Set the
"updatesAllowed" property to "true" on the repository source
(connector) to enable updates.
pathIsReadOnly = The path "{0}" in workspace "{1}" in {2} cannot be
written to. See java.io.File\#canWrite().
errorSerializingCustomPropertiesFactory = Error serializing a {0} instance owned by the
{1} FileSystemSource