5:08 p.m.
[ http://jira.jboss.com/jira/browse/JBPORTAL-1646?page=all ]
Sohil Shah resolved JBPORTAL-1646.
----------------------------------
Resolution: Done
The following two aspects of CMS security and now made configurable:
1/ Ability to configure the CMS super user instead of the built-in admin user. This can be
achieved by the configuration inside the portal-cms.sar/META-INF/jboss-service.xml.
<mbean
code="org.jboss.portal.cms.security.AuthorizationProviderImpl"
name="portal:service=AuthorizationProvider,type=cms"
xmbean-dd=""
xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
<xmbean/>
<!--
NOTE: cmsRootUserName denotes a single Portal user that has access to everything in
the CMS. Denote this user
carefully and should be synonymous to the 'root' user in a Unix system. By
default: this value is the built-in
'admin' user account. This can be changed to any other user account
registered in your Portal
-->
<attribute name="CmsRootUserName">admin</attribute>
<depends optional-attribute-name="IdentityServiceController"
proxy-type="attribute">portal:service=Module,type=IdentityServiceController</depends>
</mbean>
2/ The Portal Role that has access to the CMS Security Console for setting up the
permissions on the CMS nodes can now be specified in the following file:
jboss-portal.sar/conf/identity/standardidentity-config.xml
<!--Common options section-->
<option-group>
<group-name>common</group-name>
<option>
<name>userCtxDN</name>
<value>ou=People,dc=example,dc=com</value>
</option>
<option>
<name>uidAttributeID</name>
<value>uid</value>
</option>
<option>
<name>passwordAttributeID</name>
<value>userPassword</value>
</option>
<option>
<name>roleCtxDN</name>
<value>ou=Roles,dc=example,dc=com</value>
</option>
<option>
<name>ridAttributeId</name>
<value>cn</value>
</option>
<option>
<name>roleDisplayNameAttributeID</name>
<value>cn</value>
</option>
<option>
<name>membershipAttributeID</name>
<value>member</value>
</option>
<option>
<name>membershipAttributeIsDN</name>
<value>true</value>
</option>
<!-- NOTE: defaultAdminRole is a required option -->
<option>
<name>defaultAdminRole</name>
<value>Admin</value>
</option>
</option-group>
portal-cms depends on existence of user 'admin'
-----------------------------------------------
Key: JBPORTAL-1646
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1646
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.1 Final
Reporter: Tobias Roth
Assigned To: Sohil Shah
Fix For: 2.6.3 Final
cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java has the user 'admin'
hardcoded:
/** Loads content from sar and adds it to the repo. */
public void createContent() throws Exception
{
log.info("Creating default CMS content.");
// Get the content
URL root =
Thread.currentThread().getContextClassLoader().getResource(defaultContentLocation);
//make the user executing these to create the default content, an 'Admin'
user
//without this, the fine grained security won't allow the creation
UserModule userModule = getUserModule();
if(userModule != null)
{
org.hibernate.Session session =
org.jboss.portal.cms.hibernate.state.Tools.getOpenSession();
org.hibernate.Transaction tx = session.beginTransaction();
User user = userModule.findUserByUserName("admin"); // HERE
if(user!=null)
{
JCRCMS.getUserInfo().set(user);
}
tx.rollback();
org.jboss.portal.cms.hibernate.state.Tools.closeSession(session);
}
If it doesn't exist (for example because LDAP is being used), portal-cms cannopt be
deployed, and several database tables are not created. If 'admin' is changed to an
existing user, everything works fine.
There is another reference to 'admin' in
cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java, but leaving this as
it is doesn't seem to have any negative effect.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira