Author: aakanksha_writer
Date: 2013-01-28 17:04:59 -0500 (Mon, 28 Jan 2013)
New Revision: 9092
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
epp/docs/branches/6.0/Reference_Guide/en-US/modules/ServerIntegration.xml
Log:
Cleanup
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml
===================================================================
---
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2013-01-28
21:33:22 UTC (rev 9091)
+++
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/AuthenticationAuthorizationOverview.xml 2013-01-28
22:04:59 UTC (rev 9092)
@@ -115,7 +115,7 @@
<para>
Below is the default login modules stack:
</para>
- <remark> QUESTION: Does the reference below
"JBossAS7LoginModule" need to be changed? </remark>
+ <remark> QUESTION: Does the reference below
"JBossEAP6LoginModule" need to be changed? </remark>
<programlisting language="XML" role="XML"><![CDATA[
<security-domain name="gatein-domain" cache-type="default">
<authentication>
@@ -126,7 +126,7 @@
<module-option name="realmName" value="gatein-domain" />
<module-option name="password-stacking" value="useFirstPass"
/>
</login-module>
- <login-module
code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule"
flag="required">
+ <login-module
code="org.exoplatform.services.security.j2ee.JBossEAP6LoginModule"
flag="required">
<module-option name="portalContainerName"
value="portal"/>
<module-option name="realmName" value="gatein-domain"/>
</login-module>
@@ -152,15 +152,15 @@
<listitem>
<remark>FIXME: Fix the link to the relevant CAS section</remark>
<para>
- It's useful only if SSO authentication is enabled (disabled by
default. It can be enabled through properties in configuration.properties file and in this
case it delegates the work to another real login module for SSO integration. If SSO is
disabled, SSODelegateLoginModule is simply ignored. See ** xref linkend="Central
Authentication Service (CAS)#Configuration"/ properties details for more details.
If SSO is used and SSO authentication succeed, the special Identity object will be created
and saved into shared state map (Map, which is shared between all login modules), so that
this Identity object can be used by JBossAS7LoginModule or other login modules in the JAAS
chain.
+ It's useful only if SSO authentication is enabled (disabled by
default. It can be enabled through properties in configuration.properties file and in this
case it delegates the work to another real login module for SSO integration. If SSO is
disabled, SSODelegateLoginModule is simply ignored. See ** xref linkend="Central
Authentication Service (CAS)#Configuration"/ properties details for more details.
If SSO is used and SSO authentication succeed, the special Identity object will be created
and saved into shared state map (Map, which is shared between all login modules), so that
this Identity object can be used by JBoss Enterprise Application Platform 6 LoginModule or
other login modules in the JAAS chain.
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>JBossAS7LoginModule</term>
+ <term>JBoss Enterprise Application Platform 6 LoginModule</term>
<listitem>
<para>
- Most important login module, which is normally used to perform whole
authentication by itself. First it checks if Identity object has been already created and
saved into sharedState map by previous login modules (like SSODelegateLoginModule,
CustomMembershipLoginModule or SharedStateLoginModule). If not, it triggers real
authentication of user with usage of Authenticator interface and it will use
Authentication.validateUser(Credential[] credentials) which performs real authentication
of username and password against OrganizationService and portal identity database. See
<xref
linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor"/>
for details about Authenticator and about Identity objects. In the
JbossAS7LoginModule.commit method, the Identity object is registered to IdentityRegistry,
which will be used later for authorization. Also some JAAS principals (UserPrincipal and
RolesPrincipal) and assigned to our authenticated Subject. Thi!
s is needed for JBoss Enterprise Application server, so that it can properly recognize
the name of the logged user and its roles on an JBoss Enterprise Application level.
+ Most important login module, which is normally used to perform whole
authentication by itself. First it checks if Identity object has been already created and
saved into sharedState map by previous login modules (like SSODelegateLoginModule,
CustomMembershipLoginModule or SharedStateLoginModule). If not, it triggers real
authentication of user with usage of Authenticator interface and it will use
Authentication.validateUser(Credential[] credentials) which performs real authentication
of username and password against OrganizationService and portal identity database. See
<xref
linkend="sect-Authentication_Authorization_Intro-authenticatorAndRolesExtractor"/>
for details about Authenticator and about Identity objects. In the Jboss Enterprise
Application Platform 6LoginModule.commit method, the Identity object is registered to
IdentityRegistry, which will be used later for authorization. Also some JAAS principals
(UserPrincipal and RolesPrincipal) and assigned to!
our authenticated Subject. This is needed for JBoss Enterprise Application server, so
that it can properly recognize the name of the logged user and its roles on an JBoss
Enterprise Application level.
</para>
</listitem>
</varlistentry>
@@ -176,7 +176,7 @@
Special login module, which can be used to add a user to existing groups
during a successful login of this user. The group name is configurable and by default is
/platform/users group. This login module is not used because in normal environment, users
are already in the /platform/users group. It is useful only for some special setups like
read-only LDAP, where groups of an LDAP user are taken from the LDAP tree so that users
may not be in the /platform/users group, which is needed for successful authorization.
</para>
<para>
- Note that the CustomMembershipLoginModule can't be the first
login module in the LoginModule chain because it assumes that the Identity object is
already available in shared state. So there are two possible cases. For an non-SSO case,
you may need to chain this LM with other login modules, which can be used to establish
Identity and add it into shared state. Those LM can be InitSharedStateLoginModule and
SharedStateLoginModule. For an SSO case, you can add CustomMembershipLoginModule between
SSODelegateLoginModule and JBossAS7LoginModule.
+ Note that the CustomMembershipLoginModule can't be the first
login module in the LoginModule chain because it assumes that the Identity object is
already available in shared state. So there are two possible cases. For an non-SSO case,
you may need to chain this LM with other login modules, which can be used to establish
Identity and add it into shared state. Those LM can be InitSharedStateLoginModule and
SharedStateLoginModule. For an SSO case, you can add CustomMembershipLoginModule between
SSODelegateLoginModule and JBoss Enterprise Application Platform 6 LoginModule.
</para>
</listitem>
</varlistentry>
@@ -215,7 +215,7 @@
<module-option name="membershipType" value="member"
/>
<module-option name="groupId" value="/platform/users"
/>
</login-module>
- <login-module
code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule"
flag="required">
+ <login-module
code="org.exoplatform.services.security.j2ee.JBossEAP6LoginModule"
flag="required">
<module-option name="portalContainerName"
value="portal"/>
<module-option name="realmName"
value="gatein-domain"/>
</login-module>]]>
@@ -237,7 +237,7 @@
<module-option name="membershipType" value="member" />
<module-option name="groupId" value="/platform/users"
/>
</login-module>
- <login-module
code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule"
flag="required">
+ <login-module
code="org.exoplatform.services.security.j2ee.JBossEAP6LoginModule"
flag="required">
<module-option name="portalContainerName"
value="portal"/>
<module-option name="realmName"
value="gatein-domain"/>
</login-module>]]>
Modified:
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml
===================================================================
---
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-28
21:33:22 UTC (rev 9091)
+++
epp/docs/branches/6.0/Reference_Guide/en-US/modules/AuthenticationAndIdentity/SSO.xml 2013-01-28
22:04:59 UTC (rev 9092)
@@ -114,7 +114,7 @@
</listitem>
<listitem>
<para>
- The <emphasis
role="strong">JBossAS7LoginModule</emphasis> completes the
authentication request by establishing the JAAS <emphasis
role="italics">Subject</emphasis>, and saves the <emphasis
role="italics">Identity</emphasis> object to the <emphasis
role="italics">IdentityRegistry</emphasis>. For more information about
login modules, refer to <xref
linkend="sect-Authentication_Authorization_Intro-Login_Modules"/>.
+ The <emphasis role="strong">JBoss Enterprise
Application Platform 6 LoginModule</emphasis> completes the authentication request
by establishing the JAAS <emphasis
role="italics">Subject</emphasis>, and saves the <emphasis
role="italics">Identity</emphasis> object to the <emphasis
role="italics">IdentityRegistry</emphasis>. For more information about
login modules, refer to <xref
linkend="sect-Authentication_Authorization_Intro-Login_Modules"/>.
</para>
</listitem>
<listitem>
Modified: epp/docs/branches/6.0/Reference_Guide/en-US/modules/ServerIntegration.xml
===================================================================
(Binary files differ)