September 2007 - portal-commits - Jboss List Archives

JBoss Portal SVN: r8154 - in trunk: cms/src/main/org/jboss/portal/cms/impl/jcr/command and 3 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2007-09-04 15:20:16 -0400 (Tue, 04 Sep 2007) New Revision: 8154 Modified: trunk/cms/build.xml trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java trunk/core-wsrp/ trunk/thirdparty/ Log: JBPORTAL-1668 - A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no errors on all cms security scenarios. Modified: trunk/cms/build.xml =================================================================== --- trunk/cms/build.xml 2007-09-04 19:09:45 UTC (rev 8153) +++ trunk/cms/build.xml 2007-09-04 19:20:16 UTC (rev 8154) @@ -415,7 +415,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRegEx"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryUtil"/> -  <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreate"/> @@ -427,8 +426,7 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCopy"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileDelete"/> - <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/> - + <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/>  <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderCopy"/> @@ -436,7 +434,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderDelete"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderGet"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/> -  <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/> @@ -444,7 +441,7 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/> -  +  <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/> </x-test> @@ -508,5 +505,16 @@ </fileset> <report format="frames" todir="${build.reports}/html"/> </junitreport> - </target> + </target> + <target name="reports-noframes" depends="init"> + <mkdir dir="${build.reports}"/> + <mkdir dir="${build.reports}/html"/> + <property name="test.reports" value="${module.output}/tests"/> + <junitreport todir="${build.reports}"> + <fileset dir="${test.reports}"> + <include name="TEST-*.xml"/> + </fileset> + <report format="noframes" todir="${build.reports}/html"/> + </junitreport> + </target> </project> Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 19:09:45 UTC (rev 8153) +++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 19:20:16 UTC (rev 8154) @@ -371,11 +371,26 @@ while(st.hasMoreTokens()) { String token = st.nextToken(); - list.add(new String(buffer.append("/").append(token))); + + buffer.append(token); + list.add(buffer.toString()); + + //Make sure only path leading up to the resource is checked against. + //Not on the full path to the resource... + //Because if that was the case, the specificPermissions would have been applied + //in earlier checks...This is to check the recursive application of permissions + //to the resource in question + if(st.hasMoreTokens()) + { + buffer.append("/"); + } + else + { + continue; + } } boolean explicitPermissionsFound = false; - Iterator it = list.iterator(); while (it.hasNext()) { @@ -399,8 +414,8 @@ for(Iterator itr2=userPermissions.iterator();itr2.hasNext();) { Permission userPermission = (Permission)itr2.next(); - if( userPermission.getService().equals("cms") && - this.isActionImplied(userPermission.getAction(),action) + if( userPermission.getService().equals("cms") && + this.isActionImplied(userPermission.getAction(),action) ) { String pathCriteria = userPermission.findCriteriaValue("path"); Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 19:09:45 UTC (rev 8153) +++ trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 19:20:16 UTC (rev 8154) @@ -146,12 +146,25 @@ // user.getRoles().add(userRole); userRole.getUsers().add(user); + + //Another admin user besides the core admin user + HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin"); + sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin")); + sysAdmin.setRealEmail("sysadmin(a)portal.com"); + sysAdmin.setViewRealEmail(true); + sysAdmin.setEnabled(true); // + // + sysAdmin.getRoles().add(adminRole); + adminRole.getUsers().add(sysAdmin); + + // session.save(adminRole); session.save(userRole); session.save(admin); session.save(user); + session.save(sysAdmin); success = true; } Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 19:09:45 UTC (rev 8153) +++ trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 19:20:16 UTC (rev 8154) @@ -45,6 +45,7 @@ { String rejectPath = "/default/private"; String allowedPath = "/default/images"; + String rootFolderPath = "/"; /** * @@ -101,6 +102,24 @@ /** * + * @return + */ + private Folder getNewRootFolder() + { + //create folder object + Folder folder = new FolderImpl(); + folder.setCreationDate(new Date()); + folder.setDescription("Folder Description"); + folder.setTitle("Folder Title"); + folder.setLastModified(new Date()); + folder.setName("Unit Test"); + folder.setBasePath(this.rootFolderPath+folder.getName()); + + return folder; + } + + /** + * * @param folder * @return */ @@ -293,5 +312,66 @@ String cmeMessage = cme.toString(); assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); } + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } } + + /** + * + * @throws Exception + */ + public void testSysAdmin() throws Exception + { + this.runAs("sysadmin"); + + // first run against non-access scenario + try + { + this.runWriteScenario(this.getNewProtectedFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was not granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + // now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewPublicFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + } } Property changes on: trunk/core-wsrp ___________________________________________________________________ Name: svn:ignore + output Property changes on: trunk/thirdparty ___________________________________________________________________ Name: svn:ignore - antlr *.ent + antlr *.ent *

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8153 - docs/trunk/referenceGuide/en/modules.

by portal-commits＠lists.jboss.org

Author: bdaw Date: 2007-09-04 15:09:45 -0400 (Tue, 04 Sep 2007) New Revision: 8153 Modified: docs/trunk/referenceGuide/en/modules/sso.xml Log: merge CAS integration docs Modified: docs/trunk/referenceGuide/en/modules/sso.xml =================================================================== --- docs/trunk/referenceGuide/en/modules/sso.xml 2007-09-04 17:45:33 UTC (rev 8152) +++ docs/trunk/referenceGuide/en/modules/sso.xml 2007-09-04 19:09:45 UTC (rev 8153) @@ -5,6 +5,11 @@ <surname>Dawidowicz</surname> <email>boleslaw dot dawidowicz at redhat dot com</email> </author> + <author> + <firstname>Sohil</firstname> + <surname>Shah</surname> + <email>sshah(a)redhat.com</email> + </author> </chapterinfo> <title>Single Sign ON</title> <para>This chapter describes how to setup SSO in JBoss Portal</para> @@ -143,9 +148,131 @@ authentication cache you may need to restart browser.</note> </sect2> </sect1> -  + <sect1> + <title>CAS - Central Authentication Service</title> + <para>This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework. + Details about CAS can be found <ulink url="http://www.ja-sig.org/products/cas/">here</ulink></para> + <sect2> + <title>Integration steps</title> + <note>The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance. + CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be + sligtly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against + same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.</note> + <note>Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).</note> + <para> + <orderedlist> + <listitem> + Install CAS server (v 3.0.7). This should be as simple as deploying single <emphasis>cas.war</emphasis> file. + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml</emphasis> file and enable proper tomcat valve + by uncommenting following lines: + <programlisting> + <![CDATA[ +<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve" + casLogin="https://localhost/cas/login" + casValidate="https://localhost/cas/serviceValidate" + casServerName="localhost" + authType="FORM" +/> + ]]> + </programlisting> + Update valve options as follow: + <itemizedlist> + <listitem> + <emphasis>casLogin: </emphasis> URL of your CAS Authentication Server + </listitem> + <listitem> + <emphasis>casValidate: </emphasis> URL of your CAS Authentication Server validation service + </listitem> + <listitem> + <emphasis>casServerName:</emphasis> the hostname:port combination of your CAS Authentication Server + </listitem> + </itemizedlist> + <note>CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here</note> + </listitem> + <listitem> + Copy <emphasis>casclient.jar</emphasis> into <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis>. + You can download this file from CAS homepage or from JBoss repository under <emphasis>http://repository.jboss.com/cas/3.0.7/lib/</emphasis> + <note>The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production + level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue, + you can use <emphasis>casclient-lenient.jar</emphasis> instead.</note> + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml</emphasis> file and uncomment following lines: + <programlisting> + <![CDATA[ +<mbean + code="org.jboss.portal.identity.sso.cas.CASAuthenticationService" + name="portal:service=Module,type=CASAuthenticationService" + xmbean-dd="" + xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean"> + <xmbean/> + <depends>portal:service=Module,type=IdentityServiceController</depends> + <attribute name="HavingRole"></attribute> +</mbean> + ]]> + </programlisting> + This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same + application server instance. This AuthenticationHandler will be enabled in next 2 steps. + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml</emphasis> and add following line in the + <emphasis>authenticationHandlers</emphasis> section: + <programlisting> + <![CDATA[ +<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" /> + ]]> + </programlisting> + This can replace default <emphasis>SimpleTestUsernamePasswordAuthenticationHandler</emphasis> so whole part of this config file can look + as follows: + <programlisting> + <![CDATA[ +<property name="authenticationHandlers"> + <list> +  + <bean + class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> + <property + name="httpClient" + ref="httpClient" /> + </bean> + +  + <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" /> + </list> +</property> + ]]> + </programlisting> + </listitem> + <listitem> + Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from + <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis> to + <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib</emphasis>. + </listitem> + </orderedlist> + </para> + <para> + To test the integration: + <itemizedlist> + <listitem>Go to your portal. Typically, http://localhost:8080/portal</listitem> + <listitem>Click on the "Login" link on the main portal page</listitem> + <listitem>This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen</listitem> + <listitem>Input your portal username and password. For built-in portal login try user:user or admin:admin</listitem> + <listitem>If login is successfull, you should be redirected back to the portal with the appropriate user logged in</listitem> + </itemizedlist> + </para> + </sect2> + </sect1> + </chapter>

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8152 - in branches/JBoss_Portal_Branch_2_6: cms and 3 other directories.

by portal-commits＠lists.jboss.org

Author: sohil.shah(a)jboss.com Date: 2007-09-04 13:45:33 -0400 (Tue, 04 Sep 2007) New Revision: 8152 Modified: branches/JBoss_Portal_Branch_2_6/ branches/JBoss_Portal_Branch_2_6/cms/build.xml branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java branches/JBoss_Portal_Branch_2_6/thirdparty/ Log: JBPORTAL-1668 - A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no errors on all cms security scenarios. Property changes on: branches/JBoss_Portal_Branch_2_6 ___________________________________________________________________ Name: svn:ignore - .project .classpath thirdparty eclipseBin myworkspace bin *.settings miscellaneous local-tests + .project .classpath thirdparty eclipseBin myworkspace bin *.settings miscellaneous local-tests localbin Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:45:33 UTC (rev 8152) @@ -405,11 +405,11 @@ </target> <target name="tests" depends="init"> <execute-tests> - <x-sysproperty> + <x-sysproperty>  + --> </x-sysproperty> <x-test>  @@ -417,7 +417,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRegEx"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryUtil"/> -  <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreate"/> @@ -430,7 +429,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileDelete"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/> -  <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderCopy"/> @@ -438,7 +436,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderDelete"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderGet"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/> -  <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/> @@ -446,7 +443,7 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/> -  +  <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/> </x-test> @@ -512,5 +509,16 @@ </fileset> <report format="frames" todir="${build.reports}/html"/> </junitreport> - </target> + </target> + <target name="reports-noframes" depends="init"> + <mkdir dir="${build.reports}"/> + <mkdir dir="${build.reports}/html"/> + <property name="test.reports" value="${module.output}/tests"/> + <junitreport todir="${build.reports}"> + <fileset dir="${test.reports}"> + <include name="TEST-*.xml"/> + </fileset> + <report format="noframes" todir="${build.reports}/html"/> + </junitreport> + </target> </project> Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -371,11 +371,26 @@ while(st.hasMoreTokens()) { String token = st.nextToken(); - list.add(new String(buffer.append("/").append(token))); + + buffer.append(token); + list.add(buffer.toString()); + + //Make sure only path leading up to the resource is checked against. + //Not on the full path to the resource... + //Because if that was the case, the specificPermissions would have been applied + //in earlier checks...This is to check the recursive application of permissions + //to the resource in question + if(st.hasMoreTokens()) + { + buffer.append("/"); + } + else + { + continue; + } } boolean explicitPermissionsFound = false; - Iterator it = list.iterator(); while (it.hasNext()) { Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -146,12 +146,25 @@ // user.getRoles().add(userRole); userRole.getUsers().add(user); + + //Another admin user besides the core admin user + HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin"); + sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin")); + sysAdmin.setRealEmail("sysadmin(a)portal.com"); + sysAdmin.setViewRealEmail(true); + sysAdmin.setEnabled(true); // + // + sysAdmin.getRoles().add(adminRole); + adminRole.getUsers().add(sysAdmin); + + // session.save(adminRole); session.save(userRole); session.save(admin); session.save(user); + session.save(sysAdmin); success = true; } Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -45,6 +45,7 @@ { String rejectPath = "/default/private"; String allowedPath = "/default/images"; + String rootFolderPath = "/"; /** * @@ -101,6 +102,24 @@ /** * + * @return + */ + private Folder getNewRootFolder() + { + //create folder object + Folder folder = new FolderImpl(); + folder.setCreationDate(new Date()); + folder.setDescription("Folder Description"); + folder.setTitle("Folder Title"); + folder.setLastModified(new Date()); + folder.setName("Unit Test"); + folder.setBasePath(this.rootFolderPath+folder.getName()); + + return folder; + } + + /** + * * @param folder * @return */ @@ -293,5 +312,66 @@ String cmeMessage = cme.toString(); assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); } + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } } + + /** + * + * @throws Exception + */ + public void testSysAdmin() throws Exception + { + this.runAs("sysadmin"); + + // first run against non-access scenario + try + { + this.runWriteScenario(this.getNewProtectedFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was not granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + // now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewPublicFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + } } Property changes on: branches/JBoss_Portal_Branch_2_6/thirdparty ___________________________________________________________________ Name: svn:ignore + *

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8151 - in modules/identity/trunk/sso/src/etc: josso and 1 other directory.

by portal-commits＠lists.jboss.org

Author: bdaw Date: 2007-09-04 13:27:52 -0400 (Tue, 04 Sep 2007) New Revision: 8151 Added: modules/identity/trunk/sso/src/etc/cas/context.xml modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml modules/identity/trunk/sso/src/etc/josso/context.xml modules/identity/trunk/sso/src/etc/josso/error.jsp modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml modules/identity/trunk/sso/src/etc/josso/josso-config.xml modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml modules/identity/trunk/sso/src/etc/josso/login-config.xml modules/identity/trunk/sso/src/etc/josso/server.xml Removed: modules/identity/trunk/sso/src/etc/cas/cas_context.xml modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml modules/identity/trunk/sso/src/etc/josso/josso_context.xml modules/identity/trunk/sso/src/etc/josso/josso_error.jsp modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml modules/identity/trunk/sso/src/etc/josso/josso_server.xml Log: change names Deleted: modules/identity/trunk/sso/src/etc/cas/cas_context.xml =================================================================== --- modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,9 +0,0 @@ -<?xml version="1.0"?> -<Context> - <Valve className="org.jboss.portal.identity.auth.CASAuthenticationValve" - casLogin="https://localhost:8080/cas/login" - casValidate="https://localhost:8080/cas/serviceValidate" - casServerName="localhost" - authType="FORM" - /> -</Context> Deleted: modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml =================================================================== --- modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,98 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> - -<beans> -  - <bean id="authenticationManager" - class="org.jasig.cas.authentication.AuthenticationManagerImpl"> -  - <property name="credentialsToPrincipalResolvers"> - <list> -  - <bean - class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> -  - <bean - class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> - </list> - </property> - -  - <property name="authenticationHandlers"> - <list> -  - <bean - class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> - <property - name="httpClient" - ref="httpClient" /> - </bean> - -  - <bean - class="org.jboss.portal.identity.auth.CASAuthenticationHandler" /> - </list> - </property> - </bean> -</beans> Copied: modules/identity/trunk/sso/src/etc/cas/context.xml (from rev 8140, modules/identity/trunk/sso/src/etc/cas/cas_context.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/cas/context.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/cas/context.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,9 @@ +<?xml version="1.0"?> +<Context> + <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve" + casLogin="https://localhost/cas/login" + casValidate="https://localhost/cas/serviceValidate" + casServerName="localhost" + authType="FORM" + /> +</Context> Copied: modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml (from rev 8140, modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> + +<beans> +  + <bean id="authenticationManager" + class="org.jasig.cas.authentication.AuthenticationManagerImpl"> +  + <property name="credentialsToPrincipalResolvers"> + <list> +  + <bean + class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> +  + <bean + class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> + </list> + </property> + +  + <property name="authenticationHandlers"> + <list> +  + <bean + class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> + <property + name="httpClient" + ref="httpClient" /> + </bean> + +  + <bean + class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" /> + </list> + </property> + </bean> +</beans> Copied: modules/identity/trunk/sso/src/etc/josso/context.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_context.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/context.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/context.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,4 @@ +<?xml version="1.0"?> +<Context> + <Valve className="org.jboss.portal.identity.sso.cas.JOSSOLogoutValve"/> +</Context> Copied: modules/identity/trunk/sso/src/etc/josso/error.jsp (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_error.jsp) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/error.jsp (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/error.jsp 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,41 @@ +<%-- + ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team + ~ All rights reserved. + ~ Redistribution and use in source and binary forms, with or + ~ without modification, are permitted provided that the following + ~ conditions are met: + ~ + ~ * Redistributions of source code must retain the above copyright + ~ notice, this list of conditions and the following disclaimer. + ~ + ~ * Redistributions in binary form must reproduce the above copyright + ~ notice, this list of conditions and the following disclaimer in + ~ the documentation and/or other materials provided with the + ~ distribution. + ~ + ~ * Neither the name of the JOSSO team nor the names of its + ~ contributors may be used to endorse or promote products derived + ~ from this software without specific prior written permission. + ~ + ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS + ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + ~ POSSIBILITY OF SUCH DAMAGE. + --%> + +<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %> + +<% + response.sendRedirect(request.getContextPath() + "/josso_login/"); +%> Copied: modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<agent> + <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class> + <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl> + <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl> + <service-locator> + <class>org.josso.gateway.WebserviceGatewayServiceLocator</class> + <endpoint>localhost:8080</endpoint> + </service-locator> + <partner-apps> + <partner-app> + <context>/portal</context> + </partner-app> +  + <partner-app> + <context>/portal2</context> + </partner-app> + </partner-apps> +</agent> Copied: modules/identity/trunk/sso/src/etc/josso/josso-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso-config.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/josso-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,4 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<configuration> + <hierarchicalXml fileName="josso-agent-config.xml"/> +</configuration> Copied: modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,569 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> + + +<domain> + <name>JOSSO</name> + <type>web</type> + +  + +  + +  + +  +  + +  + + +  + +  + + <authenticator> + <class>org.josso.auth.AuthenticatorImpl</class> + <authentication-schemes> +  + <authentication-scheme> + <name>basic-authentication</name> + <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class> + +  +  + +  +  + +  + +  +  +  +  +  +  +  +  + +  +  +  +  +  +  +  + +  +  +  +  + +  +  +  + <credential-store> + <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class> + </credential-store> + + + +  +  +  + <credential-store-key-adapter> + <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> + </credential-store-key-adapter> + + </authentication-scheme> + +  + <authentication-scheme> + <name>strong-authentication</name> + <class>org.josso.auth.scheme.X509CertificateAuthScheme</class> + +  +  +  +  +  +  +  + +  +  +  +  +  +  +  + +  +  +  + <credential-store> + <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class> + <credentialsFileName>josso-credentials.xml</credentialsFileName> + </credential-store> + +  +  +  + <credential-store-key-adapter> + <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> + </credential-store-key-adapter> + + </authentication-scheme> + </authentication-schemes> + </authenticator> + + <sso-identity-manager> + + <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class> + +  +  +  +  +  +  +  +  +  +  +  +  +  + +  + +  +  +  +  +  +  +  + +  +  +  +  + +  +  +  + <sso-identity-store> + <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class> + </sso-identity-store> + +  +  +  + <sso-identity-store-key-adapter> + <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> + </sso-identity-store-key-adapter> + + </sso-identity-manager> + + <sso-session-manager> + + <class>org.josso.gateway.session.service.SSOSessionManagerImpl</class> + +  + <maxInactiveInterval>30</maxInactiveInterval> + +  + <maxSessionsPerUser>-1</maxSessionsPerUser> +  + <invalidateExceedingSessions>false</invalidateExceedingSessions> + + +  + <sessionMonitorInterval>10000</sessionMonitorInterval> + +  +  +  +  +  +  +  +  + + +  +  +  +  +  +  +  +  +  +  +  +  +  +  + +  +  +  +  +  +  +  +  +  +  +  +  +  + + +  +  +  + <sso-session-store> + <class>org.josso.gateway.session.service.store.MemorySessionStore</class> + </sso-session-store> + + <sso-session-id-generator> + + <class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class> +  + <algorithm>MD5</algorithm> + + </sso-session-id-generator> + + </sso-session-manager> + +  + <sso-audit-manager> + <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class> + +  + <handlers> + +  + <handler> + <class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class> + <name>LoggerAuditTrailHandler</name> + <category>org.josso.gateway.audit.SSO_AUDIT</category> + </handler> + +  + + </handlers> + </sso-audit-manager> + +  + <sso-event-manager> + <class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class> +  + <oname>josso:type=SSOEventManager</oname> +  +  + +  + + </sso-event-manager> + +</domain> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_context.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,4 +0,0 @@ -<?xml version="1.0"?> -<Context> - <Valve className="org.jboss.portal.identity.auth.JOSSOLogoutValve"/> -</Context> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_error.jsp =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,41 +0,0 @@ -<%-- - ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team - ~ All rights reserved. - ~ Redistribution and use in source and binary forms, with or - ~ without modification, are permitted provided that the following - ~ conditions are met: - ~ - ~ * Redistributions of source code must retain the above copyright - ~ notice, this list of conditions and the following disclaimer. - ~ - ~ * Redistributions in binary form must reproduce the above copyright - ~ notice, this list of conditions and the following disclaimer in - ~ the documentation and/or other materials provided with the - ~ distribution. - ~ - ~ * Neither the name of the JOSSO team nor the names of its - ~ contributors may be used to endorse or promote products derived - ~ from this software without specific prior written permission. - ~ - ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - ~ POSSIBILITY OF SUCH DAMAGE. - --%> - -<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %> - -<% - response.sendRedirect(request.getContextPath() + "/josso_login/"); -%> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,19 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1" ?> -<agent> - <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class> - <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl> - <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl> - <service-locator> - <class>org.josso.gateway.WebserviceGatewayServiceLocator</class> - <endpoint>localhost:8080</endpoint> - </service-locator> - <partner-apps> - <partner-app> - <context>/portal</context> - </partner-app> -  - <partner-app> - <context>/portal2</context> - </partner-app> - </partner-apps> -</agent> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,4 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1" ?> -<configuration> - <hierarchicalXml fileName="josso-agent-config.xml"/> -</configuration> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,569 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1" ?> - - -<domain> - <name>JOSSO</name> - <type>web</type> - -  - -  - -  - -  -  - -  - - -  - -  - - <authenticator> - <class>org.josso.auth.AuthenticatorImpl</class> - <authentication-schemes> -  - <authentication-scheme> - <name>basic-authentication</name> - <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class> - -  -  - -  -  - -  - -  -  -  -  -  -  -  -  - -  -  -  -  -  -  -  - -  -  -  -  - -  -  -  - <credential-store> - <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class> - </credential-store> - - - -  -  -  - <credential-store-key-adapter> - <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> - </credential-store-key-adapter> - - </authentication-scheme> - -  - <authentication-scheme> - <name>strong-authentication</name> - <class>org.josso.auth.scheme.X509CertificateAuthScheme</class> - -  -  -  -  -  -  -  - -  -  -  -  -  -  -  - -  -  -  - <credential-store> - <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class> - <credentialsFileName>josso-credentials.xml</credentialsFileName> - </credential-store> - -  -  -  - <credential-store-key-adapter> - <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> - </credential-store-key-adapter> - - </authentication-scheme> - </authentication-schemes> - </authenticator> - - <sso-identity-manager> - - <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class> - -  -  -  -  -  -  -  -  -  -  -  -  -  - -  - -  -  -  -  -  -  -  - -  -  -  -  - -  -  -  - <sso-identity-store> - <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class> - </sso-identity-store> - -  -  -  - <sso-identity-store-key-adapter> - <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class> - </sso-identity-store-key-adapter> - - </sso-identity-manager> - - <sso-session-manager> - - <class>org.josso.gateway.session.service.SSOSessionManagerImpl</class> - -  - <maxInactiveInterval>30</maxInactiveInterval> - -  - <maxSessionsPerUser>-1</maxSessionsPerUser> -  - <invalidateExceedingSessions>false</invalidateExceedingSessions> - - -  - <sessionMonitorInterval>10000</sessionMonitorInterval> - -  -  -  -  -  -  -  -  - - -  -  -  -  -  -  -  -  -  -  -  -  -  -  - -  -  -  -  -  -  -  -  -  -  -  -  -  - - -  -  -  - <sso-session-store> - <class>org.josso.gateway.session.service.store.MemorySessionStore</class> - </sso-session-store> - - <sso-session-id-generator> - - <class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class> -  - <algorithm>MD5</algorithm> - - </sso-session-id-generator> - - </sso-session-manager> - -  - <sso-audit-manager> - <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class> - -  - <handlers> - -  - <handler> - <class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class> - <name>LoggerAuditTrailHandler</name> - <category>org.josso.gateway.audit.SSO_AUDIT</category> - </handler> - -  - - </handlers> - </sso-audit-manager> - -  - <sso-event-manager> - <class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class> -  - <oname>josso:type=SSOEventManager</oname> -  -  - -  - - </sso-event-manager> - -</domain> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,165 +0,0 @@ -<?xml version='1.0'?> -<!DOCTYPE policy PUBLIC - "-//JBoss//DTD JBOSS Security Config 3.0//EN" - "http://www.jboss.org/j2ee/dtd/security_config.dtd"> - - - -<policy> -  - <application-policy name = "client-login"> - <authentication> - <login-module code = "org.jboss.security.ClientLoginModule" - flag = "required"> -  - <module-option name="restore-login-identity">true</module-option> - </login-module> - </authentication> - </application-policy> - -  - <application-policy name = "jbossmq"> - <authentication> - <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" - flag = "required"> - <module-option name = "unauthenticatedIdentity">guest</module-option> - <module-option name = "dsJndiName">java:/DefaultDS</module-option> - <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> - <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> - </login-module> - </authentication> - </application-policy> - -  - -  - <application-policy name = "HsqlDbRealm"> - <authentication> - <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" - flag = "required"> - <module-option name = "principal">sa</module-option> - <module-option name = "userName">sa</module-option> - <module-option name = "password"></module-option> - <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> - </login-module> - </authentication> - </application-policy> - - <application-policy name = "JmsXARealm"> - <authentication> - <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" - flag = "required"> - <module-option name = "principal">guest</module-option> - <module-option name = "userName">guest</module-option> - <module-option name = "password">guest</module-option> - <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option> - </login-module> - </authentication> - </application-policy> - -  - <application-policy name = "jmx-console"> - <authentication> - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" - flag = "required"> - <module-option name="usersProperties">props/jmx-console-users.properties</module-option> - <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option> - </login-module> - </authentication> - </application-policy> - -  - <application-policy name = "$webConsoleDomain"> - <authentication> - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" - flag = "required"> - <module-option name="usersProperties">web-console-users.properties</module-option> - <module-option name="rolesProperties">web-console-roles.properties</module-option> - </login-module> - </authentication> - </application-policy> - -  - <application-policy name="JBossWS"> - <authentication> - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" - flag="required"> - <module-option name="usersProperties">props/jbossws-users.properties</module-option> - <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> - <module-option name="unauthenticatedIdentity">anonymous</module-option> - </login-module> - </authentication> - </application-policy> - -  - <application-policy name = "other"> -  - <authentication> - <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" - flag = "required" /> - </authentication> - </application-policy> - -  - <application-policy name = "josso"> - <authentication> - <login-module code = "org.jboss.portal.identity.auth.JOSSOLoginModule" - flag = "required"> - <module-option name="debug">true</module-option> - </login-module> - </authentication> - </application-policy> -</policy> Deleted: modules/identity/trunk/sso/src/etc/josso/josso_server.xml =================================================================== --- modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:21:09 UTC (rev 8150) +++ modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -1,178 +0,0 @@ -<Server> - -  - <Service name="jboss.web" - className="org.jboss.web.tomcat.tc5.StandardService"> - -  - <Connector port="8080" address="${jboss.bind.address}" - maxThreads="250" strategy="ms" maxHttpHeaderSize="8192" - emptySessionPath="true" - enableLookups="false" redirectPort="8443" acceptCount="100" - connectionTimeout="20000" disableUploadTimeout="true"/> - -  - -  - <Connector port="8009" address="${jboss.bind.address}" - emptySessionPath="true" enableLookups="false" redirectPort="8443" - protocol="AJP/1.3"/> - -  - - <Engine name="jboss.web" defaultHost="localhost"> - -  -  - -  - -  - <Realm className="org.josso.jb4.agent.JBossCatalinaRealm" - appName="josso" - userClassNames="org.josso.gateway.identity.service.BaseUserImpl" - roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl" - debug="1" /> - - <Host name="localhost" - autoDeploy="false" deployOnStartup="false" deployXML="false"> - -  - - -  -  - -  -  - -  -  - -  -  - - -  - -  - <Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/> - </Host> - </Engine> - - </Service> - -</Server> Copied: modules/identity/trunk/sso/src/etc/josso/login-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/login-config.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/login-config.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,165 @@ +<?xml version='1.0'?> +<!DOCTYPE policy PUBLIC + "-//JBoss//DTD JBOSS Security Config 3.0//EN" + "http://www.jboss.org/j2ee/dtd/security_config.dtd"> + + + +<policy> +  + <application-policy name = "client-login"> + <authentication> + <login-module code = "org.jboss.security.ClientLoginModule" + flag = "required"> +  + <module-option name="restore-login-identity">true</module-option> + </login-module> + </authentication> + </application-policy> + +  + <application-policy name = "jbossmq"> + <authentication> + <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" + flag = "required"> + <module-option name = "unauthenticatedIdentity">guest</module-option> + <module-option name = "dsJndiName">java:/DefaultDS</module-option> + <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> + <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> + </login-module> + </authentication> + </application-policy> + +  + +  + <application-policy name = "HsqlDbRealm"> + <authentication> + <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" + flag = "required"> + <module-option name = "principal">sa</module-option> + <module-option name = "userName">sa</module-option> + <module-option name = "password"></module-option> + <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> + </login-module> + </authentication> + </application-policy> + + <application-policy name = "JmsXARealm"> + <authentication> + <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" + flag = "required"> + <module-option name = "principal">guest</module-option> + <module-option name = "userName">guest</module-option> + <module-option name = "password">guest</module-option> + <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option> + </login-module> + </authentication> + </application-policy> + +  + <application-policy name = "jmx-console"> + <authentication> + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" + flag = "required"> + <module-option name="usersProperties">props/jmx-console-users.properties</module-option> + <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +  + <application-policy name = "$webConsoleDomain"> + <authentication> + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" + flag = "required"> + <module-option name="usersProperties">web-console-users.properties</module-option> + <module-option name="rolesProperties">web-console-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +  + <application-policy name="JBossWS"> + <authentication> + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" + flag="required"> + <module-option name="usersProperties">props/jbossws-users.properties</module-option> + <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> + <module-option name="unauthenticatedIdentity">anonymous</module-option> + </login-module> + </authentication> + </application-policy> + +  + <application-policy name = "other"> +  + <authentication> + <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" + flag = "required" /> + </authentication> + </application-policy> + +  + <application-policy name = "josso"> + <authentication> + <login-module code = "org.jboss.portal.identity.auth.JOSSOLoginModule" + flag = "required"> + <module-option name="debug">true</module-option> + </login-module> + </authentication> + </application-policy> +</policy> Copied: modules/identity/trunk/sso/src/etc/josso/server.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_server.xml) =================================================================== --- modules/identity/trunk/sso/src/etc/josso/server.xml (rev 0) +++ modules/identity/trunk/sso/src/etc/josso/server.xml 2007-09-04 17:27:52 UTC (rev 8151) @@ -0,0 +1,178 @@ +<Server> + +  + <Service name="jboss.web" + className="org.jboss.web.tomcat.tc5.StandardService"> + +  + <Connector port="8080" address="${jboss.bind.address}" + maxThreads="250" strategy="ms" maxHttpHeaderSize="8192" + emptySessionPath="true" + enableLookups="false" redirectPort="8443" acceptCount="100" + connectionTimeout="20000" disableUploadTimeout="true"/> + +  + +  + <Connector port="8009" address="${jboss.bind.address}" + emptySessionPath="true" enableLookups="false" redirectPort="8443" + protocol="AJP/1.3"/> + +  + + <Engine name="jboss.web" defaultHost="localhost"> + +  +  + +  + +  + <Realm className="org.josso.jb4.agent.JBossCatalinaRealm" + appName="josso" + userClassNames="org.josso.gateway.identity.service.BaseUserImpl" + roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl" + debug="1" /> + + <Host name="localhost" + autoDeploy="false" deployOnStartup="false" deployXML="false"> + +  + + +  +  + +  +  + +  +  + +  +  + + +  + +  + <Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/> + </Host> + </Engine> + + </Service> + +</Server>

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8150 - in branches/JBoss_Portal_Branch_2_6: cms and 4 other directories.

by portal-commits＠lists.jboss.org

Author: bdaw Date: 2007-09-04 13:21:09 -0400 (Tue, 04 Sep 2007) New Revision: 8150 Added: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml Modified: branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml branches/JBoss_Portal_Branch_2_6/cms/build.xml branches/JBoss_Portal_Branch_2_6/core/build.xml branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp Log: files for SSO integration Modified: branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml 2007-09-04 17:21:09 UTC (rev 8150) @@ -59,7 +59,6 @@ <componentref name="apache-codec" version="1.3.0"/> <componentref name="apache-collections" version="3.1"/> <componentref name="apache-digester" version="1.6"/> -  <componentref name="apache-fileupload" version="1.1.1"/> <componentref name="apache-httpclient" version="3.0.1"/> <componentref name="apache-lang" version="2.1"/> @@ -117,7 +116,7 @@ <componentref name="jbpm/jaronly" version="3.1.2"/> <componentref name="freemarker" version="2.3.9"/> <componentref name="wutka-dtdparser" version="1.2.1"/> - <componentref name="portals-bridges" version="1.0.3"/> + <componentref name="portals-bridges" version="1.0.3"/> </build> <synchronizeinfo/> Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:21:09 UTC (rev 8150) @@ -252,7 +252,8 @@ --> <fileset dir="${jboss.portal-core-cms.lib}" includes="portal-core-cms-lib.jar"/> <fileset dir="${jboss.portal/modules/identity.lib}" includes="portal-identity-lib.jar"/> - <fileset dir="${jboss.portal-workflow.lib}" includes="portal-workflow-lib.jar"/> + <fileset dir="${jboss.portal/modules/identity.lib}" includes="portal-identity-sso-lib.jar"/> + <fileset dir="${jboss.portal-workflow.lib}" includes="portal-workflow-lib.jar"/> <fileset dir="${jboss.portal-portlet.lib}" includes="portal-portlet-testframework-lib.jar"/> </jar> <jar jarfile="${build.lib}/test-cms-cluster.war"> Modified: branches/JBoss_Portal_Branch_2_6/core/build.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-09-04 17:21:09 UTC (rev 8150) @@ -336,6 +336,7 @@ <fileset dir="${jboss.portal-security.root}/lib" includes="portal-security-lib.jar"/> <fileset dir="${jboss.portal-search.root}/lib" includes="portal-search-lib.jar"/> <fileset dir="${jboss.portal/modules/identity.root}/lib" includes="portal-identity-lib.jar"/> + <fileset dir="${jboss.portal/modules/identity.root}/lib" includes="portal-identity-sso-lib.jar"/> <fileset dir="${jboss.portal-registration.root}/lib" includes="portal-registration-lib.jar"/> <fileset dir="${ehcache.ehcache.lib}" includes="ehcache.jar"/> <fileset dir="${apache.collections.lib}" includes="commons-collections.jar"/> Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-09-04 17:21:09 UTC (rev 8150) @@ -599,7 +599,40 @@ @portal.single.xml.open@ --> +  +  + +  +  +  <mbean code="org.jboss.portal.portlet.impl.container.PortletApplicationRegistryImpl" Added: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml (rev 0) +++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml 2007-09-04 17:21:09 UTC (rev 8150) @@ -0,0 +1,27 @@ +<?xml version="1.0"?> +<Context> + + + +  + +  + +  + +  + +</Context> \ No newline at end of file Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp =================================================================== --- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp 2007-09-04 17:21:09 UTC (rev 8150) @@ -24,6 +24,15 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<% + /* response.sendRedirect(request.getContextPath() + "/josso_login/"); */ +%> + <html> <head> <style> Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp =================================================================== --- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp 2007-09-04 16:57:58 UTC (rev 8149) +++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp 2007-09-04 17:21:09 UTC (rev 8150) @@ -24,6 +24,16 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<% + /* response.sendRedirect(request.getContextPath() + "/josso_login/"); */ +%> + + <html> <head> <style>

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8149 - docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules.

by portal-commits＠lists.jboss.org

Author: bdaw Date: 2007-09-04 12:57:58 -0400 (Tue, 04 Sep 2007) New Revision: 8149 Modified: docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml Log: initial doc for CAS integration Modified: docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml =================================================================== --- docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-09-04 13:37:27 UTC (rev 8148) +++ docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-09-04 16:57:58 UTC (rev 8149) @@ -5,6 +5,11 @@ <surname>Dawidowicz</surname> <email>boleslaw dot dawidowicz at redhat dot com</email> </author> + <author> + <firstname>Sohil</firstname> + <surname>Shah</surname> + <email>sshah(a)redhat.com</email> + </author> </chapterinfo> <title>Single Sign ON</title> <para>This chapter describes how to setup SSO in JBoss Portal</para> @@ -143,9 +148,131 @@ authentication cache you may need to restart browser.</note> </sect2> </sect1> -  + <sect1> + <title>CAS - Central Authentication Service</title> + <para>This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework. + Details about CAS can be found <ulink url="http://www.ja-sig.org/products/cas/">here</ulink></para> + <sect2> + <title>Integration steps</title> + <note>The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance. + CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be + sligtly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against + same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.</note> + <note>Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).</note> + <para> + <orderedlist> + <listitem> + Install CAS server (v 3.0.7). This should be as simple as deploying single <emphasis>cas.war</emphasis> file. + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml</emphasis> file and enable proper tomcat valve + by uncommenting following lines: + <programlisting> + <![CDATA[ +<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve" + casLogin="https://localhost/cas/login" + casValidate="https://localhost/cas/serviceValidate" + casServerName="localhost" + authType="FORM" +/> + ]]> + </programlisting> + Update valve options as follow: + <itemizedlist> + <listitem> + <emphasis>casLogin: </emphasis> URL of your CAS Authentication Server + </listitem> + <listitem> + <emphasis>casValidate: </emphasis> URL of your CAS Authentication Server validation service + </listitem> + <listitem> + <emphasis>casServerName:</emphasis> the hostname:port combination of your CAS Authentication Server + </listitem> + </itemizedlist> + <note>CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here</note> + </listitem> + <listitem> + Copy <emphasis>casclient.jar</emphasis> into <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis>. + You can download this file from CAS homepage or from JBoss repository under <emphasis>http://repository.jboss.com/cas/3.0.7/lib/</emphasis> + <note>The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production + level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue, + you can use <emphasis>casclient-lenient.jar</emphasis> instead.</note> + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml</emphasis> file and uncomment following lines: + <programlisting> + <![CDATA[ +<mbean + code="org.jboss.portal.identity.sso.cas.CASAuthenticationService" + name="portal:service=Module,type=CASAuthenticationService" + xmbean-dd="" + xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean"> + <xmbean/> + <depends>portal:service=Module,type=IdentityServiceController</depends> + <attribute name="HavingRole"></attribute> +</mbean> + ]]> + </programlisting> + This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same + application server instance. This AuthenticationHandler will be enabled in next 2 steps. + </listitem> + <listitem> + Edit <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml</emphasis> and add following line in the + <emphasis>authenticationHandlers</emphasis> section: + <programlisting> + <![CDATA[ +<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" /> + ]]> + </programlisting> + This can replace default <emphasis>SimpleTestUsernamePasswordAuthenticationHandler</emphasis> so whole part of this config file can look + as follows: + <programlisting> + <![CDATA[ +<property name="authenticationHandlers"> + <list> +  + <bean + class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"> + <property + name="httpClient" + ref="httpClient" /> + </bean> + +  + <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" /> + </list> +</property> + ]]> + </programlisting> + </listitem> + <listitem> + Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from + <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis> to + <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib</emphasis>. + </listitem> + </orderedlist> + </para> + <para> + To test the integration: + <itemizedlist> + <listitem>Go to your portal. Typically, http://localhost:8080/portal</listitem> + <listitem>Click on the "Login" link on the main portal page</listitem> + <listitem>This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen</listitem> + <listitem>Input your portal username and password. For built-in portal login try user:user or admin:admin</listitem> + <listitem>If login is successfull, you should be redirected back to the portal with the appropriate user logged in</listitem> + </itemizedlist> + </para> + </sect2> + </sect1> + </chapter>

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8148 - trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors.

by portal-commits＠lists.jboss.org

Author: thomas.heute(a)jboss.com Date: 2007-09-04 09:37:27 -0400 (Tue, 04 Sep 2007) New Revision: 8148 Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java Log: Add the CMS Exception back, still needs a better error handling though Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:36:36 UTC (rev 8147) +++ trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:37:27 UTC (rev 8148) @@ -251,8 +251,7 @@ username = user.getUserName(); } log.debug("Unauthorized command (" + invocation + ") for user: " + username); -// throw new CMSException("Access to this resource is denied"); - return null; + throw new CMSException("Access to this resource is denied"); } } else

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8147 - branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors.

by portal-commits＠lists.jboss.org

Author: thomas.heute(a)jboss.com Date: 2007-09-04 09:36:36 -0400 (Tue, 04 Sep 2007) New Revision: 8147 Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java Log: Add the CMS Exception back, still needs a better error handling though Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:35:27 UTC (rev 8146) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:36:36 UTC (rev 8147) @@ -251,8 +251,7 @@ username = user.getUserName(); } log.debug("Unauthorized command (" + invocation + ") for user: " + username); -// throw new CMSException("Access to this resource is denied"); - return null; + throw new CMSException("Access to this resource is denied"); } } else

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8146 - trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command.

by portal-commits＠lists.jboss.org

Author: thomas.heute(a)jboss.com Date: 2007-09-04 09:35:27 -0400 (Tue, 04 Sep 2007) New Revision: 8146 Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java Log: JBPORTAL-1668: A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:34:05 UTC (rev 8145) +++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:35:27 UTC (rev 8146) @@ -24,6 +24,7 @@ import java.util.Collection; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; import java.util.Set; import java.util.HashSet; import java.util.StringTokenizer; @@ -365,24 +366,22 @@ //that excludes this user from having access for this action StringTokenizer st = new StringTokenizer(path,"/"); StringBuffer buffer = new StringBuffer("/"); - boolean explicitPermissionsFound = false; + List list = new ArrayList(); + list.add(new String(buffer.toString())); while(st.hasMoreTokens()) { - buffer.append(st.nextToken()); - String currentNode = buffer.toString(); - Collection permissions = this.getPermissions(currentNode); - - //this is for forming the path using the next token - if(st.hasMoreTokens()) - { - buffer.append("/"); - } - else - { - continue; - } - - + String token = st.nextToken(); + list.add(new String(buffer.append("/").append(token))); + } + + boolean explicitPermissionsFound = false; + + Iterator it = list.iterator(); + while (it.hasNext()) + { + String currentPath = (String)it.next(); + Collection permissions = this.getPermissions(currentPath); + //perform processing for permissions explicitly set on this node //in the path hierarchy if(permissions!=null && !permissions.isEmpty()) @@ -405,7 +404,7 @@ ) { String pathCriteria = userPermission.findCriteriaValue("path"); - if(pathCriteria.equals(currentNode)) + if(pathCriteria.equals(currentPath)) { //this means this user has read access to this path accessFound = true;

16 years, 8 months

1
0
0 / 0

JBoss Portal SVN: r8145 - branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command.

by portal-commits＠lists.jboss.org

Author: thomas.heute(a)jboss.com Date: 2007-09-04 09:34:05 -0400 (Tue, 04 Sep 2007) New Revision: 8145 Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java Log: JBPORTAL-1668: A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 11:54:12 UTC (rev 8144) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:34:05 UTC (rev 8145) @@ -24,6 +24,7 @@ import java.util.Collection; import java.util.ArrayList; import java.util.Iterator; +import java.util.List; import java.util.Set; import java.util.HashSet; import java.util.StringTokenizer; @@ -365,24 +366,22 @@ //that excludes this user from having access for this action StringTokenizer st = new StringTokenizer(path,"/"); StringBuffer buffer = new StringBuffer("/"); - boolean explicitPermissionsFound = false; + List list = new ArrayList(); + list.add(new String(buffer.toString())); while(st.hasMoreTokens()) { - buffer.append(st.nextToken()); - String currentNode = buffer.toString(); - Collection permissions = this.getPermissions(currentNode); - - //this is for forming the path using the next token - if(st.hasMoreTokens()) - { - buffer.append("/"); - } - else - { - continue; - } - - + String token = st.nextToken(); + list.add(new String(buffer.append("/").append(token))); + } + + boolean explicitPermissionsFound = false; + + Iterator it = list.iterator(); + while (it.hasNext()) + { + String currentPath = (String)it.next(); + Collection permissions = this.getPermissions(currentPath); + //perform processing for permissions explicitly set on this node //in the path hierarchy if(permissions!=null && !permissions.isEmpty()) @@ -405,7 +404,7 @@ ) { String pathCriteria = userPermission.findCriteriaValue("path"); - if(pathCriteria.equals(currentNode)) + if(pathCriteria.equals(currentPath)) { //this means this user has read access to this path accessFound = true;

16 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

portal-commits September 2007