JBoss Portal SVN: r8154 - in trunk: cms/src/main/org/jboss/portal/cms/impl/jcr/command and 3 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2007-09-04 15:20:16 -0400 (Tue, 04 Sep 2007)
New Revision: 8154
Modified:
trunk/cms/build.xml
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
trunk/core-wsrp/
trunk/thirdparty/
Log:
JBPORTAL-1668 - A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no errors on all cms security scenarios.
Modified: trunk/cms/build.xml
===================================================================
--- trunk/cms/build.xml 2007-09-04 19:09:45 UTC (rev 8153)
+++ trunk/cms/build.xml 2007-09-04 19:20:16 UTC (rev 8154)
@@ -415,7 +415,6 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRegEx"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryUtil"/>
-
<!-- cms file command tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreate"/>
@@ -427,8 +426,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCopy"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileDelete"/>
- <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/>
-
+ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/>
<!-- cms folder command tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderCopy"/>
@@ -436,7 +434,6 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderDelete"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderGet"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/>
-
<!-- cms fine grained security related tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/>
@@ -444,7 +441,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/>
- <!-- cms workflow related tests -->
+ <!-- cms workflow related tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/>
</x-test>
@@ -508,5 +505,16 @@
</fileset>
<report format="frames" todir="${build.reports}/html"/>
</junitreport>
- </target>
+ </target>
+ <target name="reports-noframes" depends="init">
+ <mkdir dir="${build.reports}"/>
+ <mkdir dir="${build.reports}/html"/>
+ <property name="test.reports" value="${module.output}/tests"/>
+ <junitreport todir="${build.reports}">
+ <fileset dir="${test.reports}">
+ <include name="TEST-*.xml"/>
+ </fileset>
+ <report format="noframes" todir="${build.reports}/html"/>
+ </junitreport>
+ </target>
</project>
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 19:09:45 UTC (rev 8153)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 19:20:16 UTC (rev 8154)
@@ -371,11 +371,26 @@
while(st.hasMoreTokens())
{
String token = st.nextToken();
- list.add(new String(buffer.append("/").append(token)));
+
+ buffer.append(token);
+ list.add(buffer.toString());
+
+ //Make sure only path leading up to the resource is checked against.
+ //Not on the full path to the resource...
+ //Because if that was the case, the specificPermissions would have been applied
+ //in earlier checks...This is to check the recursive application of permissions
+ //to the resource in question
+ if(st.hasMoreTokens())
+ {
+ buffer.append("/");
+ }
+ else
+ {
+ continue;
+ }
}
boolean explicitPermissionsFound = false;
-
Iterator it = list.iterator();
while (it.hasNext())
{
@@ -399,8 +414,8 @@
for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
{
Permission userPermission = (Permission)itr2.next();
- if( userPermission.getService().equals("cms") &&
- this.isActionImplied(userPermission.getAction(),action)
+ if( userPermission.getService().equals("cms") &&
+ this.isActionImplied(userPermission.getAction(),action)
)
{
String pathCriteria = userPermission.findCriteriaValue("path");
Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 19:09:45 UTC (rev 8153)
+++ trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 19:20:16 UTC (rev 8154)
@@ -146,12 +146,25 @@
//
user.getRoles().add(userRole);
userRole.getUsers().add(user);
+
+ //Another admin user besides the core admin user
+ HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin");
+ sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin"));
+ sysAdmin.setRealEmail("sysadmin(a)portal.com");
+ sysAdmin.setViewRealEmail(true);
+ sysAdmin.setEnabled(true);
//
+ //
+ sysAdmin.getRoles().add(adminRole);
+ adminRole.getUsers().add(sysAdmin);
+
+ //
session.save(adminRole);
session.save(userRole);
session.save(admin);
session.save(user);
+ session.save(sysAdmin);
success = true;
}
Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 19:09:45 UTC (rev 8153)
+++ trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 19:20:16 UTC (rev 8154)
@@ -45,6 +45,7 @@
{
String rejectPath = "/default/private";
String allowedPath = "/default/images";
+ String rootFolderPath = "/";
/**
*
@@ -101,6 +102,24 @@
/**
*
+ * @return
+ */
+ private Folder getNewRootFolder()
+ {
+ //create folder object
+ Folder folder = new FolderImpl();
+ folder.setCreationDate(new Date());
+ folder.setDescription("Folder Description");
+ folder.setTitle("Folder Title");
+ folder.setLastModified(new Date());
+ folder.setName("Unit Test");
+ folder.setBasePath(this.rootFolderPath+folder.getName());
+
+ return folder;
+ }
+
+ /**
+ *
* @param folder
* @return
*/
@@ -293,5 +312,66 @@
String cmeMessage = cme.toString();
assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
}
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
}
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testSysAdmin() throws Exception
+ {
+ this.runAs("sysadmin");
+
+ // first run against non-access scenario
+ try
+ {
+ this.runWriteScenario(this.getNewProtectedFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+
+ // now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewPublicFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+ }
}
Property changes on: trunk/core-wsrp
___________________________________________________________________
Name: svn:ignore
+ output
Property changes on: trunk/thirdparty
___________________________________________________________________
Name: svn:ignore
- antlr
*.ent
+ antlr
*.ent
*
16 years, 8 months
JBoss Portal SVN: r8153 - docs/trunk/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-09-04 15:09:45 -0400 (Tue, 04 Sep 2007)
New Revision: 8153
Modified:
docs/trunk/referenceGuide/en/modules/sso.xml
Log:
merge CAS integration docs
Modified: docs/trunk/referenceGuide/en/modules/sso.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/sso.xml 2007-09-04 17:45:33 UTC (rev 8152)
+++ docs/trunk/referenceGuide/en/modules/sso.xml 2007-09-04 19:09:45 UTC (rev 8153)
@@ -5,6 +5,11 @@
<surname>Dawidowicz</surname>
<email>boleslaw dot dawidowicz at redhat dot com</email>
</author>
+ <author>
+ <firstname>Sohil</firstname>
+ <surname>Shah</surname>
+ <email>sshah(a)redhat.com</email>
+ </author>
</chapterinfo>
<title>Single Sign ON</title>
<para>This chapter describes how to setup SSO in JBoss Portal</para>
@@ -143,9 +148,131 @@
authentication cache you may need to restart browser.</note>
</sect2>
</sect1>
- <!--<sect1>
- <title>Using external authentication providers</title>
- <para>TODO:</para>
- </sect1>-->
+ <sect1>
+ <title>CAS - Central Authentication Service</title>
+ <para>This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework.
+ Details about CAS can be found <ulink url="http://www.ja-sig.org/products/cas/">here</ulink></para>
+ <sect2>
+ <title>Integration steps</title>
+ <note>The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance.
+ CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be
+ sligtly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against
+ same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.</note>
+ <note>Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).</note>
+ <para>
+ <orderedlist>
+ <listitem>
+ Install CAS server (v 3.0.7). This should be as simple as deploying single <emphasis>cas.war</emphasis> file.
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml</emphasis> file and enable proper tomcat valve
+ by uncommenting following lines:
+ <programlisting>
+ <![CDATA[
+<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
+ casLogin="https://localhost/cas/login"
+ casValidate="https://localhost/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+/>
+ ]]>
+ </programlisting>
+ Update valve options as follow:
+ <itemizedlist>
+ <listitem>
+ <emphasis>casLogin: </emphasis> URL of your CAS Authentication Server
+ </listitem>
+ <listitem>
+ <emphasis>casValidate: </emphasis> URL of your CAS Authentication Server validation service
+ </listitem>
+ <listitem>
+ <emphasis>casServerName:</emphasis> the hostname:port combination of your CAS Authentication Server
+ </listitem>
+ </itemizedlist>
+ <note>CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here</note>
+ </listitem>
+ <listitem>
+ Copy <emphasis>casclient.jar</emphasis> into <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis>.
+ You can download this file from CAS homepage or from JBoss repository under <emphasis>http://repository.jboss.com/cas/3.0.7/lib/</emphasis>
+ <note>The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production
+ level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue,
+ you can use <emphasis>casclient-lenient.jar</emphasis> instead.</note>
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml</emphasis> file and uncomment following lines:
+ <programlisting>
+ <![CDATA[
+<mbean
+ code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
+ name="portal:service=Module,type=CASAuthenticationService"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
+ <attribute name="HavingRole"></attribute>
+</mbean>
+ ]]>
+ </programlisting>
+ This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same
+ application server instance. This AuthenticationHandler will be enabled in next 2 steps.
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml</emphasis> and add following line in the
+ <emphasis>authenticationHandlers</emphasis> section:
+ <programlisting>
+ <![CDATA[
+<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ ]]>
+ </programlisting>
+ This can replace default <emphasis>SimpleTestUsernamePasswordAuthenticationHandler</emphasis> so whole part of this config file can look
+ as follows:
+ <programlisting>
+ <![CDATA[
+<property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
+ <property
+ name="httpClient"
+ ref="httpClient" />
+ </bean>
+
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+ +-->
+ <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ </list>
+</property>
+ ]]>
+ </programlisting>
+ </listitem>
+ <listitem>
+ Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from
+ <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis> to
+ <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib</emphasis>.
+ </listitem>
+ </orderedlist>
+ </para>
+ <para>
+ To test the integration:
+ <itemizedlist>
+ <listitem>Go to your portal. Typically, http://localhost:8080/portal</listitem>
+ <listitem>Click on the "Login" link on the main portal page</listitem>
+ <listitem>This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen</listitem>
+ <listitem>Input your portal username and password. For built-in portal login try user:user or admin:admin</listitem>
+ <listitem>If login is successfull, you should be redirected back to the portal with the appropriate user logged in</listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
+ </sect1>
+
</chapter>
16 years, 8 months
JBoss Portal SVN: r8152 - in branches/JBoss_Portal_Branch_2_6: cms and 3 other directories.
by portal-commits@lists.jboss.org
Author: sohil.shah(a)jboss.com
Date: 2007-09-04 13:45:33 -0400 (Tue, 04 Sep 2007)
New Revision: 8152
Modified:
branches/JBoss_Portal_Branch_2_6/
branches/JBoss_Portal_Branch_2_6/cms/build.xml
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
branches/JBoss_Portal_Branch_2_6/thirdparty/
Log:
JBPORTAL-1668 - A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no errors on all cms security scenarios.
Property changes on: branches/JBoss_Portal_Branch_2_6
___________________________________________________________________
Name: svn:ignore
- .project
.classpath
thirdparty
eclipseBin
myworkspace
bin
*.settings
miscellaneous
local-tests
+ .project
.classpath
thirdparty
eclipseBin
myworkspace
bin
*.settings
miscellaneous
local-tests
localbin
Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:27:52 UTC (rev 8151)
+++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:45:33 UTC (rev 8152)
@@ -405,11 +405,11 @@
</target>
<target name="tests" depends="init">
<execute-tests>
- <x-sysproperty>
+ <x-sysproperty>
<!--
<jvmarg value="-Xdebug"/>
<jvmarg value="-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y"/>
- -->
+ -->
</x-sysproperty>
<x-test>
<!-- general cms setup related tests -->
@@ -417,7 +417,6 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRegEx"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryUtil"/>
-
<!-- cms file command tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreate"/>
@@ -430,7 +429,6 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileDelete"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/>
-
<!-- cms folder command tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderCopy"/>
@@ -438,7 +436,6 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderDelete"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderGet"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/>
-
<!-- cms fine grained security related tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/>
@@ -446,7 +443,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/>
- <!-- cms workflow related tests -->
+ <!-- cms workflow related tests -->
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/>
<test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/>
</x-test>
@@ -512,5 +509,16 @@
</fileset>
<report format="frames" todir="${build.reports}/html"/>
</junitreport>
- </target>
+ </target>
+ <target name="reports-noframes" depends="init">
+ <mkdir dir="${build.reports}"/>
+ <mkdir dir="${build.reports}/html"/>
+ <property name="test.reports" value="${module.output}/tests"/>
+ <junitreport todir="${build.reports}">
+ <fileset dir="${test.reports}">
+ <include name="TEST-*.xml"/>
+ </fileset>
+ <report format="noframes" todir="${build.reports}/html"/>
+ </junitreport>
+ </target>
</project>
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:27:52 UTC (rev 8151)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:45:33 UTC (rev 8152)
@@ -371,11 +371,26 @@
while(st.hasMoreTokens())
{
String token = st.nextToken();
- list.add(new String(buffer.append("/").append(token)));
+
+ buffer.append(token);
+ list.add(buffer.toString());
+
+ //Make sure only path leading up to the resource is checked against.
+ //Not on the full path to the resource...
+ //Because if that was the case, the specificPermissions would have been applied
+ //in earlier checks...This is to check the recursive application of permissions
+ //to the resource in question
+ if(st.hasMoreTokens())
+ {
+ buffer.append("/");
+ }
+ else
+ {
+ continue;
+ }
}
boolean explicitPermissionsFound = false;
-
Iterator it = list.iterator();
while (it.hasNext())
{
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:27:52 UTC (rev 8151)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:45:33 UTC (rev 8152)
@@ -146,12 +146,25 @@
//
user.getRoles().add(userRole);
userRole.getUsers().add(user);
+
+ //Another admin user besides the core admin user
+ HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin");
+ sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin"));
+ sysAdmin.setRealEmail("sysadmin(a)portal.com");
+ sysAdmin.setViewRealEmail(true);
+ sysAdmin.setEnabled(true);
//
+ //
+ sysAdmin.getRoles().add(adminRole);
+ adminRole.getUsers().add(sysAdmin);
+
+ //
session.save(adminRole);
session.save(userRole);
session.save(admin);
session.save(user);
+ session.save(sysAdmin);
success = true;
}
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:27:52 UTC (rev 8151)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:45:33 UTC (rev 8152)
@@ -45,6 +45,7 @@
{
String rejectPath = "/default/private";
String allowedPath = "/default/images";
+ String rootFolderPath = "/";
/**
*
@@ -101,6 +102,24 @@
/**
*
+ * @return
+ */
+ private Folder getNewRootFolder()
+ {
+ //create folder object
+ Folder folder = new FolderImpl();
+ folder.setCreationDate(new Date());
+ folder.setDescription("Folder Description");
+ folder.setTitle("Folder Title");
+ folder.setLastModified(new Date());
+ folder.setName("Unit Test");
+ folder.setBasePath(this.rootFolderPath+folder.getName());
+
+ return folder;
+ }
+
+ /**
+ *
* @param folder
* @return
*/
@@ -293,5 +312,66 @@
String cmeMessage = cme.toString();
assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
}
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
}
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testSysAdmin() throws Exception
+ {
+ this.runAs("sysadmin");
+
+ // first run against non-access scenario
+ try
+ {
+ this.runWriteScenario(this.getNewProtectedFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+
+ // now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewPublicFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1);
+ }
+ }
}
Property changes on: branches/JBoss_Portal_Branch_2_6/thirdparty
___________________________________________________________________
Name: svn:ignore
+ *
16 years, 8 months
JBoss Portal SVN: r8151 - in modules/identity/trunk/sso/src/etc: josso and 1 other directory.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-09-04 13:27:52 -0400 (Tue, 04 Sep 2007)
New Revision: 8151
Added:
modules/identity/trunk/sso/src/etc/cas/context.xml
modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml
modules/identity/trunk/sso/src/etc/josso/context.xml
modules/identity/trunk/sso/src/etc/josso/error.jsp
modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml
modules/identity/trunk/sso/src/etc/josso/josso-config.xml
modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml
modules/identity/trunk/sso/src/etc/josso/login-config.xml
modules/identity/trunk/sso/src/etc/josso/server.xml
Removed:
modules/identity/trunk/sso/src/etc/cas/cas_context.xml
modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml
modules/identity/trunk/sso/src/etc/josso/josso_context.xml
modules/identity/trunk/sso/src/etc/josso/josso_error.jsp
modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml
modules/identity/trunk/sso/src/etc/josso/josso_server.xml
Log:
change names
Deleted: modules/identity/trunk/sso/src/etc/cas/cas_context.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/cas/cas_context.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<Context>
- <Valve className="org.jboss.portal.identity.auth.CASAuthenticationValve"
- casLogin="https://localhost:8080/cas/login"
- casValidate="https://localhost:8080/cas/serviceValidate"
- casServerName="localhost"
- authType="FORM"
- />
-</Context>
Deleted: modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
- | all CAS deployers will need to modify.
- |
- | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
- | The beans declared in this file are instantiated at context initialization time by the Spring
- | ContextLoaderListener declared in web.xml. It finds this file because this
- | file is among those declared in the context parameter "contextConfigLocation".
- |
- | By far the most common change you will need to make in this file is to change the last bean
- | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
- | one implementing your approach for authenticating usernames and passwords.
- +-->
-<beans>
- <!--
- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
- | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
- | "authenticationManager". Most deployers will be able to use the default AuthenticationManager
- | implementation and so do not need to change the class of this bean. We include the whole
- | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
- | need to change in context.
- +-->
- <bean id="authenticationManager"
- class="org.jasig.cas.authentication.AuthenticationManagerImpl">
- <!--
- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
- | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
- | supports the presented credentials.
- |
- | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal
- | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
- | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
- | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
- | using.
- |
- | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
- | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
- | You will need to change this list if you are identifying services by something more or other than their callback URL.
- +-->
- <property name="credentialsToPrincipalResolvers">
- <list>
- <!--
- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
- | by default and produces SimplePrincipal instances conveying the username from the credentials.
- |
- | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
- | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
- | Credentials you are using.
- +-->
- <bean
- class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
- <!--
- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of
- | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
- | SimpleService identified by that callback URL.
- |
- | If you are representing services by something more or other than an HTTPS URL whereat they are able to
- | receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
- +-->
- <bean
- class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
- </list>
- </property>
-
- <!--
- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
- | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
- | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
- | until it finds one that both supports the Credentials presented and succeeds in authenticating.
- +-->
- <property name="authenticationHandlers">
- <list>
- <!--
- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
- | a server side SSL certificate.
- +-->
- <bean
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
- <property
- name="httpClient"
- ref="httpClient" />
- </bean>
-
- <!--
- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
- | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
- | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
- | local authentication strategy. You might accomplish this by coding a new such handler and declaring
- | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
- +-->
- <bean
- class="org.jboss.portal.identity.auth.CASAuthenticationHandler" />
- </list>
- </property>
- </bean>
-</beans>
Copied: modules/identity/trunk/sso/src/etc/cas/context.xml (from rev 8140, modules/identity/trunk/sso/src/etc/cas/cas_context.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/context.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/cas/context.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
+ casLogin="https://localhost/cas/login"
+ casValidate="https://localhost/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+ />
+</Context>
Copied: modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml (from rev 8140, modules/identity/trunk/sso/src/etc/cas/cas_deployerConfigContext.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/cas/deployerConfigContext.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+ | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
+ | all CAS deployers will need to modify.
+ |
+ | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
+ | The beans declared in this file are instantiated at context initialization time by the Spring
+ | ContextLoaderListener declared in web.xml. It finds this file because this
+ | file is among those declared in the context parameter "contextConfigLocation".
+ |
+ | By far the most common change you will need to make in this file is to change the last bean
+ | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
+ | one implementing your approach for authenticating usernames and passwords.
+ +-->
+<beans>
+ <!--
+ | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
+ | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
+ | "authenticationManager". Most deployers will be able to use the default AuthenticationManager
+ | implementation and so do not need to change the class of this bean. We include the whole
+ | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
+ | need to change in context.
+ +-->
+ <bean id="authenticationManager"
+ class="org.jasig.cas.authentication.AuthenticationManagerImpl">
+ <!--
+ | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
+ | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
+ | supports the presented credentials.
+ |
+ | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal
+ | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
+ | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
+ | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
+ | using.
+ |
+ | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
+ | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
+ | You will need to change this list if you are identifying services by something more or other than their callback URL.
+ +-->
+ <property name="credentialsToPrincipalResolvers">
+ <list>
+ <!--
+ | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
+ | by default and produces SimplePrincipal instances conveying the username from the credentials.
+ |
+ | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
+ | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
+ | Credentials you are using.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
+ <!--
+ | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of
+ | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
+ | SimpleService identified by that callback URL.
+ |
+ | If you are representing services by something more or other than an HTTPS URL whereat they are able to
+ | receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
+ </list>
+ </property>
+
+ <!--
+ | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
+ | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
+ | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
+ | until it finds one that both supports the Credentials presented and succeeds in authenticating.
+ +-->
+ <property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
+ <property
+ name="httpClient"
+ ref="httpClient" />
+ </bean>
+
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+ +-->
+ <bean
+ class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ </list>
+ </property>
+ </bean>
+</beans>
Copied: modules/identity/trunk/sso/src/etc/josso/context.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_context.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/context.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/context.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<Context>
+ <Valve className="org.jboss.portal.identity.sso.cas.JOSSOLogoutValve"/>
+</Context>
Copied: modules/identity/trunk/sso/src/etc/josso/error.jsp (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_error.jsp)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/error.jsp (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/error.jsp 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,41 @@
+<%--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ --%>
+
+<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %>
+<!--
+Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
+-->
+<%
+ response.sendRedirect(request.getContextPath() + "/josso_login/");
+%>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-agent-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<agent>
+ <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
+ <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
+ <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
+ <service-locator>
+ <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
+ <endpoint>localhost:8080</endpoint>
+ </service-locator>
+ <partner-apps>
+ <partner-app>
+ <context>/portal</context>
+ </partner-app>
+ <!-- used for testing purposes -->
+ <partner-app>
+ <context>/portal2</context>
+ </partner-app>
+ </partner-apps>
+</agent>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-config.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<configuration>
+ <hierarchicalXml fileName="josso-agent-config.xml"/>
+</configuration>
Copied: modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/josso-gateway-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,569 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
+ ~ All rights reserved.
+ ~ Redistribution and use in source and binary forms, with or
+ ~ without modification, are permitted provided that the following
+ ~ conditions are met:
+ ~
+ ~ * Redistributions of source code must retain the above copyright
+ ~ notice, this list of conditions and the following disclaimer.
+ ~
+ ~ * Redistributions in binary form must reproduce the above copyright
+ ~ notice, this list of conditions and the following disclaimer in
+ ~ the documentation and/or other materials provided with the
+ ~ distribution.
+ ~
+ ~ * Neither the name of the JOSSO team nor the names of its
+ ~ contributors may be used to endorse or promote products derived
+ ~ from this software without specific prior written permission.
+ ~
+ ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ ~ POSSIBILITY OF SUCH DAMAGE.
+ -->
+
+<domain>
+ <name>JOSSO</name>
+ <type>web</type>
+
+ <!--sso-web-config-->
+
+ <!-- Optional : The URL where the user will be redirected after a successfull login only if josso_back_to request parameter
+ is not present when accessing the login url
+ <loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
+ -->
+
+ <!-- Optional : The URL where the user will be redirected after a logout only if josso_back_to is not present
+ when accessing the logout url
+ <logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
+ -->
+
+ <!-- Session token properties -->
+ <!--session-token-->
+
+ <!-- Optional : Use a secure session token, a secure channel like SSL must be available for this to work
+ <secure>false</secure>
+ -->
+
+
+ <!--/session-token-->
+
+ <!--/sso-web-config-->
+
+ <authenticator>
+ <class>org.josso.auth.AuthenticatorImpl</class>
+ <authentication-schemes>
+ <!-- Basic Authentication Scheme -->
+ <authentication-scheme>
+ <name>basic-authentication</name>
+ <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
+
+ <!--
+ The message digest algorithm to be used when hashing passwords.
+ This must be an algorithm supported by the java.security.MessageDigest class
+ on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix B : Algorithms
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
+
+ To provide LDAP support, also CRYPT is available.
+ -->
+ <!--
+ <hashAlgorithm>MD5</hashAlgorithm>
+ -->
+
+ <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was specified -->
+ <!--
+ <hashEncoding>HEX</hashEncoding>
+ -->
+
+ <!-- Some hash algorithms, like CRYPT, use this property. The default value is 2.
+ <saltLength>2</saltLength>
+ -->
+
+ <!--
+ <ignorePasswordCase>false</ignorePasswordCase>
+ <ignoreUserCase>false</ignoreUserCase>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <credentialsQueryString>SELECT login AS username , password AS password FROM josso_user WHERE login = ?</credentialsQueryString>
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </credential-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Credential Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- =============================================================== -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+ <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
+ </credential-store>
+
+
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+
+ <!-- Strong Authentication Scheme -->
+ <authentication-scheme>
+ <name>strong-authentication</name>
+ <class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
+
+ <!-- ========================================================= -->
+ <!-- JDBC Credential Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <credentialsQueryString>
+
+ SELECT login AS username , password AS password FROM josso_user WHERE login = ?
+
+ </credentialsQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </credential-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Credential Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- =============================================================== -->
+ <!--
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </credential-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Credential Store -->
+ <!-- ================================================= -->
+ <credential-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <credentialsFileName>josso-credentials.xml</credentialsFileName>
+ </credential-store>
+
+ <!-- ================================================= -->
+ <!-- Credential Store Key adapter -->
+ <!-- ================================================= -->
+ <credential-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </credential-store-key-adapter>
+
+ </authentication-scheme>
+ </authentication-schemes>
+ </authenticator>
+
+ <sso-identity-manager>
+
+ <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
+
+ <!-- ========================================================= -->
+ <!-- DataSource Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
+ </userPropertiesQueryString>
+
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
+ </rolesQueryString>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+ </sso-identity-store>
+ -->
+ <!-- ========================================================= -->
+ <!-- JDBC Identity Store -->
+ <!-- -->
+ <!-- Always scape comma chars [,] in queries because -->
+ <!-- jakarta commons-configuration uses them to define arrays. -->
+ <!-- ========================================================= -->
+
+ <!--sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
+
+ <userQueryString>
+ SELECT login FROM josso_user WHERE login = ?
+ </userQueryString>
+
+ You could use a UNION to select properties from different tables/columns :
+ SELECT 'user.lastName' AS name , lastName AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT 'user.name' AS name , name AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_properties WHERE login = ?
+
+ <userPropertiesQueryString>
+ SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
+ UNION
+ SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
+ </userPropertiesQueryString>
+ <rolesQueryString>
+ SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
+ </rolesQueryString>
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+ </sso-identity-store-->
+
+ <!-- =============================================================== -->
+ <!-- LDAP Identity Store -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
+ <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
+ <providerUrl>ldap://ldaphost</providerUrl>
+ <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
+ <securityCredential>secret</securityCredential>
+ <securityAuthentication>simple</securityAuthentication>
+ <ldapSearchScope>SUBTREE</ldapSearchScope>
+ <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
+ <principalUidAttributeID>uid</principalUidAttributeID>
+ <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
+ <uidAttributeID>uniquemember</uidAttributeID>
+ <roleAttributeID>cn</roleAttributeID>
+ <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
+ <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Memory Identity Store -->
+ <!-- ================================================= -->
+ <!--
+ <sso-identity-store>
+ <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
+ <usersFileName>josso-users.xml</usersFileName>
+ </sso-identity-store>
+ -->
+
+ <!-- ================================================= -->
+ <!-- JBoss Portal Credential Store -->
+ <!-- ================================================= -->
+ <sso-identity-store>
+ <class>org.jboss.portal.identity.sso.josso.JOSSOIdentityStore</class>
+ </sso-identity-store>
+
+ <!-- ================================================= -->
+ <!-- Identity Store Key adapter -->
+ <!-- ================================================= -->
+ <sso-identity-store-key-adapter>
+ <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
+ </sso-identity-store-key-adapter>
+
+ </sso-identity-manager>
+
+ <sso-session-manager>
+
+ <class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
+
+ <!--
+ Set the maximum time interval, in minutes, between client requests before the SSO Service will invalidate
+ the session. A negative time indicates that the session should never time out.
+ -->
+ <maxInactiveInterval>30</maxInactiveInterval>
+
+ <!-- Max number of sessions per user, default 1
+ A negative value indicates that an unlimited number of sessions per user is allowed.
+ -->
+ <maxSessionsPerUser>-1</maxSessionsPerUser>
+ <!--
+ If true, when the max number of sessions per user is exceeded,
+ an already existing session will be invalidated to create a new one.
+ If false, when the max number of sessions per user is exceeded,
+ an exception is thrown and the new session is not created.
+ -->
+ <invalidateExceedingSessions>false</invalidateExceedingSessions>
+
+
+ <!--
+ Time interval, in milliseconds, between exired sessions cleanup.
+ -->
+ <sessionMonitorInterval>10000</sessionMonitorInterval>
+
+ <!-- =================================================================== -->
+ <!-- Serialized Session Store -->
+ <!-- -->
+ <!-- Session Store implementation which uses Java Serialization to -->
+ <!-- persist Single Sign-On user sessions. -->
+ <!-- It allows to reconstruct the session state after a system shutdown. -->
+ <!-- =================================================================== -->
+ <!--
+ <sso-session-store>
+ <class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
+ file where serialized sessions will be stored (optional)
+ <serializedFile>/tmp/josso_sessions.ser</serializedFile>
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- DataSource Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
+ <!-- -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+ <class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
+
+ <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
+
+ </sso-session-store>
+ -->
+
+ <!-- =============================================================== -->
+ <!-- Jdbc Session Store -->
+ <!-- -->
+ <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
+ <!-- example when multiple SSO servers must share session information-->
+ <!-- like in a cluster. -->
+ <!-- -->
+ <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
+ <!-- -->
+ <!-- Chcek javadoc for configuration details : -->
+ <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
+ <!-- =============================================================== -->
+ <!--
+ <sso-session-store>
+
+ <class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
+
+ <connectionName>josso</connectionName>
+ <connectionPassword>josso</connectionPassword>
+ <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
+ <driverName>oracle.jdbc.driver.OracleDriver</driverName>
+
+ <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
+ <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
+ <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
+ <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
+ <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
+
+ <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
+ <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
+ <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
+ <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
+ <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
+
+ </sso-session-store>
+ -->
+
+
+ <!-- =============================================================== -->
+ <!-- Memory Session Store -->
+ <!-- =============================================================== -->
+ <sso-session-store>
+ <class>org.josso.gateway.session.service.store.MemorySessionStore</class>
+ </sso-session-store>
+
+ <sso-session-id-generator>
+
+ <class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
+ <!--
+ The message digest algorithm to be used when generating session
+ identifiers. This must be an algorithm supported by the
+ java.security.MessageDigest class on your platform.
+
+ In J2SE 1.4.2 you can check :
+ Java Cryptography Architecture API Specification & Reference - Apendix A : Standard Names
+ Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
+ -->
+ <algorithm>MD5</algorithm>
+
+ </sso-session-id-generator>
+
+ </sso-session-manager>
+
+ <!-- SSO Audit Manager compoment -->
+ <sso-audit-manager>
+ <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
+
+ <!--
+ List of handlers that will process this request
+ Every handler must have its own unique name.
+ -->
+ <handlers>
+
+ <!-- This handler logs all audit trails using Log4J, under the given category -->
+ <handler>
+ <class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
+ <name>LoggerAuditTrailHandler</name>
+ <category>org.josso.gateway.audit.SSO_AUDIT</category>
+ </handler>
+
+ <!--
+ <handler>
+ <class>MyOtherHandler</class>
+ <name>MyOhterHandlerName</name>
+ <myProperty>value</myProperty>
+ </handler>
+ -->
+
+ </handlers>
+ </sso-audit-manager>
+
+ <!-- SSO Event Manager component -->
+ <sso-event-manager>
+ <class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
+ <!--
+ JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications
+ The MBean will be registered by the MBeanComponentKeeper.
+ -->
+ <oname>josso:type=SSOEventManager</oname>
+ <!-- You can add your own listeners here : -->
+ <!-- Every listener should have a unique name -->
+
+ <!--
+ <listeners>
+ <listener>
+ <class>com.myCompany.MyEventListener</class>
+ <name>MyEventListener</name>
+ <property1>MyListenerProperty1Value</property1>
+ </listener>
+ <listener>
+ <class>com.myCompany.MyOtherEventListener</class>
+ <name>MyOtherEventListener</name>
+ <propertyA>MyOtherListenerPropertyAValue</propertyA>
+ </listener>
+ </listeners>
+ -->
+
+ </sso-event-manager>
+
+</domain>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_context.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_context.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,4 +0,0 @@
-<?xml version="1.0"?>
-<Context>
- <Valve className="org.jboss.portal.identity.auth.JOSSOLogoutValve"/>
-</Context>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_error.jsp
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_error.jsp 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,41 +0,0 @@
-<%--
- ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
- ~ All rights reserved.
- ~ Redistribution and use in source and binary forms, with or
- ~ without modification, are permitted provided that the following
- ~ conditions are met:
- ~
- ~ * Redistributions of source code must retain the above copyright
- ~ notice, this list of conditions and the following disclaimer.
- ~
- ~ * Redistributions in binary form must reproduce the above copyright
- ~ notice, this list of conditions and the following disclaimer in
- ~ the documentation and/or other materials provided with the
- ~ distribution.
- ~
- ~ * Neither the name of the JOSSO team nor the names of its
- ~ contributors may be used to endorse or promote products derived
- ~ from this software without specific prior written permission.
- ~
- ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- ~ POSSIBILITY OF SUCH DAMAGE.
- --%>
-
-<%@page contentType="text/html; charset=iso-8859-1" language="java" session="true" %>
-<!--
-Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
--->
-<%
- response.sendRedirect(request.getContextPath() + "/josso_login/");
-%>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-agent-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<agent>
- <class>org.josso.jb4.agent.JBossCatalinaSSOAgent</class>
- <gatewayLoginUrl>http://localhost:8080/josso/signon/login.do</gatewayLoginUrl>
- <gatewayLogoutUrl>http://localhost:8080/josso/signon/logout.do</gatewayLogoutUrl>
- <service-locator>
- <class>org.josso.gateway.WebserviceGatewayServiceLocator</class>
- <endpoint>localhost:8080</endpoint>
- </service-locator>
- <partner-apps>
- <partner-app>
- <context>/portal</context>
- </partner-app>
- <!-- used for testing purposes -->
- <partner-app>
- <context>/portal2</context>
- </partner-app>
- </partner-apps>
-</agent>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<configuration>
- <hierarchicalXml fileName="josso-agent-config.xml"/>
-</configuration>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_josso-gateway-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,569 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-<!--
- ~ Copyright (c) 2004-2006, Novascope S.A. and the JOSSO team
- ~ All rights reserved.
- ~ Redistribution and use in source and binary forms, with or
- ~ without modification, are permitted provided that the following
- ~ conditions are met:
- ~
- ~ * Redistributions of source code must retain the above copyright
- ~ notice, this list of conditions and the following disclaimer.
- ~
- ~ * Redistributions in binary form must reproduce the above copyright
- ~ notice, this list of conditions and the following disclaimer in
- ~ the documentation and/or other materials provided with the
- ~ distribution.
- ~
- ~ * Neither the name of the JOSSO team nor the names of its
- ~ contributors may be used to endorse or promote products derived
- ~ from this software without specific prior written permission.
- ~
- ~ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
- ~ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
- ~ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
- ~ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- ~ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
- ~ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- ~ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- ~ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- ~ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- ~ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- ~ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- ~ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- ~ POSSIBILITY OF SUCH DAMAGE.
- -->
-
-<domain>
- <name>JOSSO</name>
- <type>web</type>
-
- <!--sso-web-config-->
-
- <!-- Optional : The URL where the user will be redirected after a successfull login only if josso_back_to request parameter
- is not present when accessing the login url
- <loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>
- -->
-
- <!-- Optional : The URL where the user will be redirected after a logout only if josso_back_to is not present
- when accessing the logout url
- <logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>
- -->
-
- <!-- Session token properties -->
- <!--session-token-->
-
- <!-- Optional : Use a secure session token, a secure channel like SSL must be available for this to work
- <secure>false</secure>
- -->
-
-
- <!--/session-token-->
-
- <!--/sso-web-config-->
-
- <authenticator>
- <class>org.josso.auth.AuthenticatorImpl</class>
- <authentication-schemes>
- <!-- Basic Authentication Scheme -->
- <authentication-scheme>
- <name>basic-authentication</name>
- <class>org.josso.auth.scheme.BindUsernamePasswordAuthScheme</class>
-
- <!--
- The message digest algorithm to be used when hashing passwords.
- This must be an algorithm supported by the java.security.MessageDigest class
- on your platform.
-
- In J2SE 1.4.2 you can check :
- Java Cryptography Architecture API Specification & Reference - Apendix B : Algorithms
- Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.
-
- To provide LDAP support, also CRYPT is available.
- -->
- <!--
- <hashAlgorithm>MD5</hashAlgorithm>
- -->
-
- <!-- Supported values are HEX, BASE64. Mandatory if hashAlgorithm was specified -->
- <!--
- <hashEncoding>HEX</hashEncoding>
- -->
-
- <!-- Some hash algorithms, like CRYPT, use this property. The default value is 2.
- <saltLength>2</saltLength>
- -->
-
- <!--
- <ignorePasswordCase>false</ignorePasswordCase>
- <ignoreUserCase>false</ignoreUserCase>
- -->
- <!-- ========================================================= -->
- <!-- JDBC Credential Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <credential-store>
- <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <credentialsQueryString>
-
- SELECT login AS username , password AS password FROM josso_user WHERE login = ?
-
- </credentialsQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
- <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </credential-store>
- <credential-store>
- <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
-
- <credentialsQueryString>SELECT login AS username , password AS password FROM josso_user WHERE login = ?</credentialsQueryString>
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
- </credential-store>
- -->
-
- <!-- =============================================================== -->
- <!-- LDAP Credential Store -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
- <!-- =============================================================== -->
- <!--
- <credential-store>
- <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
- <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
- <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
- <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
- <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Credential Store -->
- <!-- ================================================= -->
- <!--
- <credential-store>
- <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
- <credentialsFileName>josso-credentials.xml</credentialsFileName>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <credential-store>
- <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
- </credential-store>
-
-
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
- <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
- </authentication-scheme>
-
- <!-- Strong Authentication Scheme -->
- <authentication-scheme>
- <name>strong-authentication</name>
- <class>org.josso.auth.scheme.X509CertificateAuthScheme</class>
-
- <!-- ========================================================= -->
- <!-- JDBC Credential Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <credential-store>
- <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <credentialsQueryString>
-
- SELECT login AS username , password AS password FROM josso_user WHERE login = ?
-
- </credentialsQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
- <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </credential-store>
- -->
-
- <!-- =============================================================== -->
- <!-- LDAP Credential Store -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
- <!-- =============================================================== -->
- <!--
- <credential-store>
- <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
- <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
- <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
- <credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>
- <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </credential-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Credential Store -->
- <!-- ================================================= -->
- <credential-store>
- <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
- <credentialsFileName>josso-credentials.xml</credentialsFileName>
- </credential-store>
-
- <!-- ================================================= -->
- <!-- Credential Store Key adapter -->
- <!-- ================================================= -->
- <credential-store-key-adapter>
- <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </credential-store-key-adapter>
-
- </authentication-scheme>
- </authentication-schemes>
- </authenticator>
-
- <sso-identity-manager>
-
- <class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>
-
- <!-- ========================================================= -->
- <!-- DataSource Identity Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
- <!--
- <sso-identity-store>
- <class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>
-
- <userQueryString>
- SELECT login FROM josso_user WHERE login = ?
- </userQueryString>
-
- <userPropertiesQueryString>
- SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
- </userPropertiesQueryString>
-
- <rolesQueryString>
- SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
- </rolesQueryString>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
- </sso-identity-store>
- -->
- <!-- ========================================================= -->
- <!-- JDBC Identity Store -->
- <!-- -->
- <!-- Always scape comma chars [,] in queries because -->
- <!-- jakarta commons-configuration uses them to define arrays. -->
- <!-- ========================================================= -->
-
- <!--sso-identity-store>
- <class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>
-
- <userQueryString>
- SELECT login FROM josso_user WHERE login = ?
- </userQueryString>
-
- You could use a UNION to select properties from different tables/columns :
- SELECT 'user.lastName' AS name , lastName AS value FROM josso_user WHERE login = ?
- UNION
- SELECT 'user.name' AS name , name AS value FROM josso_user WHERE login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_properties WHERE login = ?
-
- <userPropertiesQueryString>
- SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?
- UNION
- SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?
- </userPropertiesQueryString>
- <rolesQueryString>
- SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name
- </rolesQueryString>
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
- <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
- </sso-identity-store-->
-
- <!-- =============================================================== -->
- <!-- LDAP Identity Store -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore -->
- <!-- ================================================= -->
- <!--
- <sso-identity-store>
- <class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>
- <initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
- <providerUrl>ldap://ldaphost</providerUrl>
- <securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>
- <securityCredential>secret</securityCredential>
- <securityAuthentication>simple</securityAuthentication>
- <ldapSearchScope>SUBTREE</ldapSearchScope>
- <usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>
- <principalUidAttributeID>uid</principalUidAttributeID>
- <rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>
- <uidAttributeID>uniquemember</uidAttributeID>
- <roleAttributeID>cn</roleAttributeID>
- <credentialQueryString>uid=username,userPassword=password</credentialQueryString>
- <userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>
- </sso-identity-store>
- -->
-
- <!-- ================================================= -->
- <!-- Memory Identity Store -->
- <!-- ================================================= -->
- <!--
- <sso-identity-store>
- <class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>
- <usersFileName>josso-users.xml</usersFileName>
- </sso-identity-store>
- -->
-
- <!-- ================================================= -->
- <!-- JBoss Portal Credential Store -->
- <!-- ================================================= -->
- <sso-identity-store>
- <class>org.jboss.portal.identity.auth.JOSSOIdentityStore</class>
- </sso-identity-store>
-
- <!-- ================================================= -->
- <!-- Identity Store Key adapter -->
- <!-- ================================================= -->
- <sso-identity-store-key-adapter>
- <class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>
- </sso-identity-store-key-adapter>
-
- </sso-identity-manager>
-
- <sso-session-manager>
-
- <class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>
-
- <!--
- Set the maximum time interval, in minutes, between client requests before the SSO Service will invalidate
- the session. A negative time indicates that the session should never time out.
- -->
- <maxInactiveInterval>30</maxInactiveInterval>
-
- <!-- Max number of sessions per user, default 1
- A negative value indicates that an unlimited number of sessions per user is allowed.
- -->
- <maxSessionsPerUser>-1</maxSessionsPerUser>
- <!--
- If true, when the max number of sessions per user is exceeded,
- an already existing session will be invalidated to create a new one.
- If false, when the max number of sessions per user is exceeded,
- an exception is thrown and the new session is not created.
- -->
- <invalidateExceedingSessions>false</invalidateExceedingSessions>
-
-
- <!--
- Time interval, in milliseconds, between exired sessions cleanup.
- -->
- <sessionMonitorInterval>10000</sessionMonitorInterval>
-
- <!-- =================================================================== -->
- <!-- Serialized Session Store -->
- <!-- -->
- <!-- Session Store implementation which uses Java Serialization to -->
- <!-- persist Single Sign-On user sessions. -->
- <!-- It allows to reconstruct the session state after a system shutdown. -->
- <!-- =================================================================== -->
- <!--
- <sso-session-store>
- <class>org.josso.gateway.session.service.store.SerializedSessionStore</class>
- file where serialized sessions will be stored (optional)
- <serializedFile>/tmp/josso_sessions.ser</serializedFile>
- </sso-session-store>
- -->
-
-
- <!-- =============================================================== -->
- <!-- DataSource Session Store -->
- <!-- -->
- <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
- <!-- example when multiple SSO servers must share session information-->
- <!-- like in a cluster. -->
- <!-- -->
- <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
- <!-- -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.session.service.store.db.DataSourceSessionStore -->
- <!-- =============================================================== -->
- <!--
- <sso-session-store>
-
- <class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
-
- <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
- <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
- <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
- <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
- <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
-
- <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
- <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
- <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
- <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
- <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
-
- <dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>
-
- </sso-session-store>
- -->
-
- <!-- =============================================================== -->
- <!-- Jdbc Session Store -->
- <!-- -->
- <!-- This store persists SSO sessions in a RDBMS, it's usefull for -->
- <!-- example when multiple SSO servers must share session information-->
- <!-- like in a cluster. -->
- <!-- -->
- <!-- NOTE :Remember to escape spetial chars like < with < , etc -->
- <!-- -->
- <!-- Chcek javadoc for configuration details : -->
- <!-- org.josso.gateway.session.service.store.db.JdbcSessionStore -->
- <!-- =============================================================== -->
- <!--
- <sso-session-store>
-
- <class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>
-
- <connectionName>josso</connectionName>
- <connectionPassword>josso</connectionPassword>
- <connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>
- <driverName>oracle.jdbc.driver.OracleDriver</driverName>
-
- <sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>
- <keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>
- <loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>
- <loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>
- <loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>
-
- <loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>
- <loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>
- <deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>
- <deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>
- <insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>
-
- </sso-session-store>
- -->
-
-
- <!-- =============================================================== -->
- <!-- Memory Session Store -->
- <!-- =============================================================== -->
- <sso-session-store>
- <class>org.josso.gateway.session.service.store.MemorySessionStore</class>
- </sso-session-store>
-
- <sso-session-id-generator>
-
- <class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>
- <!--
- The message digest algorithm to be used when generating session
- identifiers. This must be an algorithm supported by the
- java.security.MessageDigest class on your platform.
-
- In J2SE 1.4.2 you can check :
- Java Cryptography Architecture API Specification & Reference - Apendix A : Standard Names
- Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
- -->
- <algorithm>MD5</algorithm>
-
- </sso-session-id-generator>
-
- </sso-session-manager>
-
- <!-- SSO Audit Manager compoment -->
- <sso-audit-manager>
- <class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>
-
- <!--
- List of handlers that will process this request
- Every handler must have its own unique name.
- -->
- <handlers>
-
- <!-- This handler logs all audit trails using Log4J, under the given category -->
- <handler>
- <class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>
- <name>LoggerAuditTrailHandler</name>
- <category>org.josso.gateway.audit.SSO_AUDIT</category>
- </handler>
-
- <!--
- <handler>
- <class>MyOtherHandler</class>
- <name>MyOhterHandlerName</name>
- <myProperty>value</myProperty>
- </handler>
- -->
-
- </handlers>
- </sso-audit-manager>
-
- <!-- SSO Event Manager component -->
- <sso-event-manager>
- <class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>
- <!--
- JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications
- The MBean will be registered by the MBeanComponentKeeper.
- -->
- <oname>josso:type=SSOEventManager</oname>
- <!-- You can add your own listeners here : -->
- <!-- Every listener should have a unique name -->
-
- <!--
- <listeners>
- <listener>
- <class>com.myCompany.MyEventListener</class>
- <name>MyEventListener</name>
- <property1>MyListenerProperty1Value</property1>
- </listener>
- <listener>
- <class>com.myCompany.MyOtherEventListener</class>
- <name>MyOtherEventListener</name>
- <propertyA>MyOtherListenerPropertyAValue</propertyA>
- </listener>
- </listeners>
- -->
-
- </sso-event-manager>
-
-</domain>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,165 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE policy PUBLIC
- "-//JBoss//DTD JBOSS Security Config 3.0//EN"
- "http://www.jboss.org/j2ee/dtd/security_config.dtd">
-
-<!-- The XML based JAAS login configuration read by the
-org.jboss.security.auth.login.XMLLoginConfig mbean. Add
-an application-policy element for each security domain.
-
-The outline of the application-policy is:
-<application-policy name="security-domain-name">
- <authentication>
- <login-module code="login.module1.class.name" flag="control_flag">
- <module-option name = "option1-name">option1-value</module-option>
- <module-option name = "option2-name">option2-value</module-option>
- ...
- </login-module>
-
- <login-module code="login.module2.class.name" flag="control_flag">
- ...
- </login-module>
- ...
- </authentication>
-</application-policy>
-
--->
-
-<policy>
- <!-- Used by clients within the application server VM such as
- mbeans and servlets that access EJBs.
- -->
- <application-policy name = "client-login">
- <authentication>
- <login-module code = "org.jboss.security.ClientLoginModule"
- flag = "required">
- <!-- Any existing security context will be restored on logout -->
- <module-option name="restore-login-identity">true</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- Security domain for JBossMQ -->
- <application-policy name = "jbossmq">
- <authentication>
- <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
- flag = "required">
- <module-option name = "unauthenticatedIdentity">guest</module-option>
- <module-option name = "dsJndiName">java:/DefaultDS</module-option>
- <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
- <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- Security domain for JBossMQ when using file-state-service.xml
- <application-policy name = "jbossmq">
- <authentication>
- <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
- flag = "required">
- <module-option name = "unauthenticatedIdentity">guest</module-option>
- <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
- </login-module>
- </authentication>
- </application-policy>
- -->
-
- <!-- Security domains for testing new jca framework -->
- <application-policy name = "HsqlDbRealm">
- <authentication>
- <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
- flag = "required">
- <module-option name = "principal">sa</module-option>
- <module-option name = "userName">sa</module-option>
- <module-option name = "password"></module-option>
- <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <application-policy name = "JmsXARealm">
- <authentication>
- <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
- flag = "required">
- <module-option name = "principal">guest</module-option>
- <module-option name = "userName">guest</module-option>
- <module-option name = "password">guest</module-option>
- <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the jmx-console web application. This
- defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name = "jmx-console">
- <authentication>
- <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required">
- <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
- <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the web-console web application. This
- defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name = "$webConsoleDomain">
- <authentication>
- <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required">
- <module-option name="usersProperties">web-console-users.properties</module-option>
- <module-option name="rolesProperties">web-console-roles.properties</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- A template configuration for the JBossWS web application (and transport layer!).
- This defaults to the UsersRolesLoginModule the same as other and should be
- changed to a stronger authentication mechanism as required.
- -->
- <application-policy name="JBossWS">
- <authentication>
- <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag="required">
- <module-option name="usersProperties">props/jbossws-users.properties</module-option>
- <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
- <module-option name="unauthenticatedIdentity">anonymous</module-option>
- </login-module>
- </authentication>
- </application-policy>
-
- <!-- The default login configuration used by any security domain that
- does not have a application-policy entry with a matching name
- -->
- <application-policy name = "other">
- <!-- A simple server login module, which can be used when the number
- of users is relatively small. It uses two properties files:
- users.properties, which holds users (key) and their password (value).
- roles.properties, which holds users (key) and a comma-separated list of
- their roles (value).
- The unauthenticatedIdentity property defines the name of the principal
- that will be used when a null username and password are presented as is
- the case for an unuathenticated web client or MDB. If you want to
- allow such users to be authenticated add the property, e.g.,
- unauthenticatedIdentity="nobody"
- -->
- <authentication>
- <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
- flag = "required" />
- </authentication>
- </application-policy>
-
- <!-- JOSSO JAAS Module configuration -->
- <application-policy name = "josso">
- <authentication>
- <login-module code = "org.jboss.portal.identity.auth.JOSSOLoginModule"
- flag = "required">
- <module-option name="debug">true</module-option>
- </login-module>
- </authentication>
- </application-policy>
-</policy>
Deleted: modules/identity/trunk/sso/src/etc/josso/josso_server.xml
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:21:09 UTC (rev 8150)
+++ modules/identity/trunk/sso/src/etc/josso/josso_server.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -1,178 +0,0 @@
-<Server>
-
- <!-- Use a custom version of StandardService that allows the
- connectors to be started independent of the normal lifecycle
- start to allow web apps to be deployed before starting the
- connectors.
- -->
- <Service name="jboss.web"
- className="org.jboss.web.tomcat.tc5.StandardService">
-
- <!-- A HTTP/1.1 Connector on port 8080 -->
- <Connector port="8080" address="${jboss.bind.address}"
- maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
- emptySessionPath="true"
- enableLookups="false" redirectPort="8443" acceptCount="100"
- connectionTimeout="20000" disableUploadTimeout="true"/>
-
- <!-- Add this option to the connector to avoid problems with
- .NET clients that don't implement HTTP/1.1 correctly
- restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
- -->
-
- <!-- A AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" address="${jboss.bind.address}"
- emptySessionPath="true" enableLookups="false" redirectPort="8443"
- protocol="AJP/1.3"/>
-
- <!-- SSL/TLS Connector configuration using the admin devl guide keystore
- <Connector port="8443" address="${jboss.bind.address}"
- maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
- emptySessionPath="true"
- scheme="https" secure="true" clientAuth="false"
- keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
- keystorePass="rmi+ssl" sslProtocol = "TLS" />
- -->
-
- <Engine name="jboss.web" defaultHost="localhost">
-
- <!-- The JAAS based authentication and authorization realm implementation
- that is compatible with the jboss 3.2.x realm implementation.
- - certificatePrincipal : the class name of the
- org.jboss.security.auth.certs.CertificatePrincipal impl
- used for mapping X509[] cert chains to a Princpal.
- - allRolesMode : how to handle an auth-constraint with a role-name=*,
- one of strict, authOnly, strictAuthOnly
- + strict = Use the strict servlet spec interpretation which requires
- that the user have one of the web-app/security-role/role-name
- + authOnly = Allow any authenticated user
- + strictAuthOnly = Allow any authenticated user only if there are no
- web-app/security-roles
- -->
- <!--
- <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
- certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"
- />
- -->
-
- <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
- behavior of JBossSecurityMgrRealm, but overrides the authorization
- checks to use JACC permissions with the current java.security.Policy
- to determine authorized access.
- - allRolesMode : how to handle an auth-constraint with a role-name=*,
- one of strict, authOnly, strictAuthOnly
- + strict = Use the strict servlet spec interpretation which requires
- that the user have one of the web-app/security-role/role-name
- + authOnly = Allow any authenticated user
- + strictAuthOnly = Allow any authenticated user only if there are no
- web-app/security-roles
- <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
- certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
- allRolesMode="authOnly"
- />
- -->
-
- <!-- Integrating the JOSSO realm -->
- <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
- appName="josso"
- userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
- roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
- debug="1" />
-
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false" deployXML="false">
-
- <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
- <Host name="localhost"
- autoDeploy="false" deployOnStartup="false" deployXML="false"
- configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
- -->
-
-
- <!-- Uncomment to enable request dumper. This Valve "logs interesting
- contents from the specified Request (before processing) and the
- corresponding Response (after processing). It is especially useful
- in debugging problems related to headers and cookies."
- -->
- <!--
- <Valve className="org.apache.catalina.valves.RequestDumperValve" />
- -->
-
- <!-- Access logger -->
- <!--
- <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
- prefix="localhost_access_log." suffix=".log"
- pattern="common" directory="${jboss.server.home.dir}/log"
- resolveHosts="false" />
- -->
-
- <!-- Uncomment to enable single sign-on across web apps
- deployed to this host. Does not provide SSO across a cluster.
-
- If this valve is used, do not use the JBoss ClusteredSingleSignOn
- valve shown below.
-
- A new configuration attribute is available beginning with
- release 4.0.4:
-
- cookieDomain configures the domain to which the SSO cookie
- will be scoped (i.e. the set of hosts to
- which the cookie will be presented). By default
- the cookie is scoped to "/", meaning the host
- that presented it. Set cookieDomain to a
- wider domain (e.g. "xyz.com") to allow an SSO
- to span more than one hostname.
- -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Uncomment to enable single sign-on across web apps
- deployed to this host AND to all other hosts in the cluster.
-
- If this valve is used, do not use the standard Tomcat SingleSignOn
- valve shown above.
-
- Valve uses a JBossCache instance to support SSO credential
- caching and replication across the cluster. The JBossCache
- instance must be configured separately. By default, the valve
- shares a JBossCache with the service that supports HttpSession
- replication. See the "tc5-cluster-service.xml" file in the
- server/all/deploy directory for cache configuration details.
-
- Besides the attributes supported by the standard Tomcat
- SingleSignOn valve (see the Tomcat docs), this version also
- supports the following attributes:
-
- cookieDomain see above
-
- treeCacheName JMX ObjectName of the JBossCache MBean used to
- support credential caching and replication across
- the cluster. If not set, the default value is
- "jboss.cache:service=TomcatClusteringCache", the
- standard ObjectName of the JBossCache MBean used
- to support session replication.
- -->
- <!--
- <Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
- -->
-
-
- <!-- Uncomment to check for unclosed connections and transaction terminated checks
- in servlets/jsps.
- Important: You need to uncomment the dependency on the CachedConnectionManager
- in META-INF/jboss-service.xml
- <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
- cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
- transactionManagerObjectName="jboss:service=TransactionManager" />
- -->
-
- <!-- JOSSO Agent Valve -->
- <Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/>
- </Host>
- </Engine>
-
- </Service>
-
-</Server>
Copied: modules/identity/trunk/sso/src/etc/josso/login-config.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_login-config.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/login-config.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/login-config.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,165 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name" flag="control_flag">
+ <module-option name = "option1-name">option1-value</module-option>
+ <module-option name = "option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name" flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name = "client-login">
+ <authentication>
+ <login-module code = "org.jboss.security.ClientLoginModule"
+ flag = "required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ -->
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "dsJndiName">java:/DefaultDS</module-option>
+ <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
+ <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domain for JBossMQ when using file-state-service.xml
+ <application-policy name = "jbossmq">
+ <authentication>
+ <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
+ flag = "required">
+ <module-option name = "unauthenticatedIdentity">guest</module-option>
+ <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+ -->
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name = "HsqlDbRealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">sa</module-option>
+ <module-option name = "userName">sa</module-option>
+ <module-option name = "password"></module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "JmsXARealm">
+ <authentication>
+ <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag = "required">
+ <module-option name = "principal">guest</module-option>
+ <module-option name = "userName">guest</module-option>
+ <module-option name = "password">guest</module-option>
+ <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "jmx-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
+ <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name = "$webConsoleDomain">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">web-console-users.properties</module-option>
+ <module-option name="rolesProperties">web-console-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the JBossWS web application (and transport layer!).
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name = "other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required" />
+ </authentication>
+ </application-policy>
+
+ <!-- JOSSO JAAS Module configuration -->
+ <application-policy name = "josso">
+ <authentication>
+ <login-module code = "org.jboss.portal.identity.auth.JOSSOLoginModule"
+ flag = "required">
+ <module-option name="debug">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+</policy>
Copied: modules/identity/trunk/sso/src/etc/josso/server.xml (from rev 8140, modules/identity/trunk/sso/src/etc/josso/josso_server.xml)
===================================================================
--- modules/identity/trunk/sso/src/etc/josso/server.xml (rev 0)
+++ modules/identity/trunk/sso/src/etc/josso/server.xml 2007-09-04 17:27:52 UTC (rev 8151)
@@ -0,0 +1,178 @@
+<Server>
+
+ <!-- Use a custom version of StandardService that allows the
+ connectors to be started independent of the normal lifecycle
+ start to allow web apps to be deployed before starting the
+ connectors.
+ -->
+ <Service name="jboss.web"
+ className="org.jboss.web.tomcat.tc5.StandardService">
+
+ <!-- A HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080" address="${jboss.bind.address}"
+ maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ connectionTimeout="20000" disableUploadTimeout="true"/>
+
+ <!-- Add this option to the connector to avoid problems with
+ .NET clients that don't implement HTTP/1.1 correctly
+ restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
+ -->
+
+ <!-- A AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" address="${jboss.bind.address}"
+ emptySessionPath="true" enableLookups="false" redirectPort="8443"
+ protocol="AJP/1.3"/>
+
+ <!-- SSL/TLS Connector configuration using the admin devl guide keystore
+ <Connector port="8443" address="${jboss.bind.address}"
+ maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
+ emptySessionPath="true"
+ scheme="https" secure="true" clientAuth="false"
+ keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
+ keystorePass="rmi+ssl" sslProtocol = "TLS" />
+ -->
+
+ <Engine name="jboss.web" defaultHost="localhost">
+
+ <!-- The JAAS based authentication and authorization realm implementation
+ that is compatible with the jboss 3.2.x realm implementation.
+ - certificatePrincipal : the class name of the
+ org.jboss.security.auth.certs.CertificatePrincipal impl
+ used for mapping X509[] cert chains to a Princpal.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ -->
+ <!--
+ <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
+ behavior of JBossSecurityMgrRealm, but overrides the authorization
+ checks to use JACC permissions with the current java.security.Policy
+ to determine authorized access.
+ - allRolesMode : how to handle an auth-constraint with a role-name=*,
+ one of strict, authOnly, strictAuthOnly
+ + strict = Use the strict servlet spec interpretation which requires
+ that the user have one of the web-app/security-role/role-name
+ + authOnly = Allow any authenticated user
+ + strictAuthOnly = Allow any authenticated user only if there are no
+ web-app/security-roles
+ <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
+ certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
+ allRolesMode="authOnly"
+ />
+ -->
+
+ <!-- Integrating the JOSSO realm -->
+ <Realm className="org.josso.jb4.agent.JBossCatalinaRealm"
+ appName="josso"
+ userClassNames="org.josso.gateway.identity.service.BaseUserImpl"
+ roleClassNames="org.josso.gateway.identity.service.BaseRoleImpl"
+ debug="1" />
+
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false">
+
+ <!-- UNCOMMENT TO ENABLE CUSTOMIZATION OF TOMCAT AUTHENTICATORS
+ <Host name="localhost"
+ autoDeploy="false" deployOnStartup="false" deployXML="false"
+ configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
+ -->
+
+
+ <!-- Uncomment to enable request dumper. This Valve "logs interesting
+ contents from the specified Request (before processing) and the
+ corresponding Response (after processing). It is especially useful
+ in debugging problems related to headers and cookies."
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve" />
+ -->
+
+ <!-- Access logger -->
+ <!--
+ <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host. Does not provide SSO across a cluster.
+
+ If this valve is used, do not use the JBoss ClusteredSingleSignOn
+ valve shown below.
+
+ A new configuration attribute is available beginning with
+ release 4.0.4:
+
+ cookieDomain configures the domain to which the SSO cookie
+ will be scoped (i.e. the set of hosts to
+ which the cookie will be presented). By default
+ the cookie is scoped to "/", meaning the host
+ that presented it. Set cookieDomain to a
+ wider domain (e.g. "xyz.com") to allow an SSO
+ to span more than one hostname.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Uncomment to enable single sign-on across web apps
+ deployed to this host AND to all other hosts in the cluster.
+
+ If this valve is used, do not use the standard Tomcat SingleSignOn
+ valve shown above.
+
+ Valve uses a JBossCache instance to support SSO credential
+ caching and replication across the cluster. The JBossCache
+ instance must be configured separately. By default, the valve
+ shares a JBossCache with the service that supports HttpSession
+ replication. See the "tc5-cluster-service.xml" file in the
+ server/all/deploy directory for cache configuration details.
+
+ Besides the attributes supported by the standard Tomcat
+ SingleSignOn valve (see the Tomcat docs), this version also
+ supports the following attributes:
+
+ cookieDomain see above
+
+ treeCacheName JMX ObjectName of the JBossCache MBean used to
+ support credential caching and replication across
+ the cluster. If not set, the default value is
+ "jboss.cache:service=TomcatClusteringCache", the
+ standard ObjectName of the JBossCache MBean used
+ to support session replication.
+ -->
+ <!--
+ <Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
+ -->
+
+
+ <!-- Uncomment to check for unclosed connections and transaction terminated checks
+ in servlets/jsps.
+ Important: You need to uncomment the dependency on the CachedConnectionManager
+ in META-INF/jboss-service.xml
+ <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
+ cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
+ transactionManagerObjectName="jboss:service=TransactionManager" />
+ -->
+
+ <!-- JOSSO Agent Valve -->
+ <Valve className="org.josso.tc55.agent.SSOAgentValve" debug="1"/>
+ </Host>
+ </Engine>
+
+ </Service>
+
+</Server>
16 years, 8 months
JBoss Portal SVN: r8150 - in branches/JBoss_Portal_Branch_2_6: cms and 4 other directories.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-09-04 13:21:09 -0400 (Tue, 04 Sep 2007)
New Revision: 8150
Added:
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml
Modified:
branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml
branches/JBoss_Portal_Branch_2_6/cms/build.xml
branches/JBoss_Portal_Branch_2_6/core/build.xml
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp
branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp
Log:
files for SSO integration
Modified: branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/build/build-thirdparty.xml 2007-09-04 17:21:09 UTC (rev 8150)
@@ -59,7 +59,6 @@
<componentref name="apache-codec" version="1.3.0"/>
<componentref name="apache-collections" version="3.1"/>
<componentref name="apache-digester" version="1.6"/>
- <!--<componentref name="apache-directory" version="mixed"/>-->
<componentref name="apache-fileupload" version="1.1.1"/>
<componentref name="apache-httpclient" version="3.0.1"/>
<componentref name="apache-lang" version="2.1"/>
@@ -117,7 +116,7 @@
<componentref name="jbpm/jaronly" version="3.1.2"/>
<componentref name="freemarker" version="2.3.9"/>
<componentref name="wutka-dtdparser" version="1.2.1"/>
- <componentref name="portals-bridges" version="1.0.3"/>
+ <componentref name="portals-bridges" version="1.0.3"/>
</build>
<synchronizeinfo/>
Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:21:09 UTC (rev 8150)
@@ -252,7 +252,8 @@
-->
<fileset dir="${jboss.portal-core-cms.lib}" includes="portal-core-cms-lib.jar"/>
<fileset dir="${jboss.portal/modules/identity.lib}" includes="portal-identity-lib.jar"/>
- <fileset dir="${jboss.portal-workflow.lib}" includes="portal-workflow-lib.jar"/>
+ <fileset dir="${jboss.portal/modules/identity.lib}" includes="portal-identity-sso-lib.jar"/>
+ <fileset dir="${jboss.portal-workflow.lib}" includes="portal-workflow-lib.jar"/>
<fileset dir="${jboss.portal-portlet.lib}" includes="portal-portlet-testframework-lib.jar"/>
</jar>
<jar jarfile="${build.lib}/test-cms-cluster.war">
Modified: branches/JBoss_Portal_Branch_2_6/core/build.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/core/build.xml 2007-09-04 17:21:09 UTC (rev 8150)
@@ -336,6 +336,7 @@
<fileset dir="${jboss.portal-security.root}/lib" includes="portal-security-lib.jar"/>
<fileset dir="${jboss.portal-search.root}/lib" includes="portal-search-lib.jar"/>
<fileset dir="${jboss.portal/modules/identity.root}/lib" includes="portal-identity-lib.jar"/>
+ <fileset dir="${jboss.portal/modules/identity.root}/lib" includes="portal-identity-sso-lib.jar"/>
<fileset dir="${jboss.portal-registration.root}/lib" includes="portal-registration-lib.jar"/>
<fileset dir="${ehcache.ehcache.lib}" includes="ehcache.jar"/>
<fileset dir="${apache.collections.lib}" includes="commons-collections.jar"/>
Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-core-sar/META-INF/jboss-service.xml 2007-09-04 17:21:09 UTC (rev 8150)
@@ -599,7 +599,40 @@
@portal.single.xml.open@
-->
+ <!--
+ | Uncomment to enable CAS server based SSO authentication. This will expose authentication service that will
+ | be leveraged by CAS to perform user authentication. Its usefull only when both CAS and JBoss Portal are
+ | deployed on the same AS instance
+ -->
+ <!--
+ <mbean
+ code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
+ name="portal:service=Module,type=CASAuthenticationService"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
+ <attribute name="HavingRole"></attribute>
+ </mbean>
+ -->
+
+ <!--
+ | Uncomment to enable JOSSO server based SSO authentication. This will expose authentication service that will
+ | be leveraged by JOSSO to perform user authentication. Its usefull only when both JOSSO and JBoss Portal are
+ | deployed on the same AS instance
+ -->
+ <!--
+ <mbean
+ code="org.jboss.portal.identity.sso.josso.JOSSOIdentityServiceImpl"
+ name="portal:service=Module,type=JOSSOIdentityService"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
+ </mbean>
+ -->
+
<!-- Registries -->
<mbean
code="org.jboss.portal.portlet.impl.container.PortletApplicationRegistryImpl"
Added: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml (rev 0)
+++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/WEB-INF/context.xml 2007-09-04 17:21:09 UTC (rev 8150)
@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+<Context>
+
+
+
+ <!--
+ | Uncomment to enable CAS server based SSO authentication.
+ -->
+
+ <!--
+ <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
+ casLogin="https://localhost/cas/login"
+ casValidate="https://localhost/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+ />
+ -->
+
+ <!--
+ | Uncomment to enable JOSSO server based SSO authentication.
+ -->
+
+ <!--
+ <Valve className="org.jboss.portal.identity.sso.josso.JOSSOLogoutValve"/>
+ -->
+
+</Context>
\ No newline at end of file
Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/error.jsp 2007-09-04 17:21:09 UTC (rev 8150)
@@ -24,6 +24,15 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+ | Uncomment to enable JOSSO server based SSO authentication.
+ | Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
+-->
+
+<%
+ /* response.sendRedirect(request.getContextPath() + "/josso_login/"); */
+%>
+
<html>
<head>
<style>
Modified: branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp
===================================================================
--- branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp 2007-09-04 16:57:58 UTC (rev 8149)
+++ branches/JBoss_Portal_Branch_2_6/core/src/resources/portal-server-war/login.jsp 2007-09-04 17:21:09 UTC (rev 8150)
@@ -24,6 +24,16 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+ | Uncomment to enable JOSSO server based SSO authentication.
+ | Redirects the user to the propper login page. Configured as the login url the web.xml for this application.
+-->
+
+<%
+ /* response.sendRedirect(request.getContextPath() + "/josso_login/"); */
+%>
+
+
<html>
<head>
<style>
16 years, 8 months
JBoss Portal SVN: r8149 - docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-09-04 12:57:58 -0400 (Tue, 04 Sep 2007)
New Revision: 8149
Modified:
docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml
Log:
initial doc for CAS integration
Modified: docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml
===================================================================
--- docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-09-04 13:37:27 UTC (rev 8148)
+++ docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-09-04 16:57:58 UTC (rev 8149)
@@ -5,6 +5,11 @@
<surname>Dawidowicz</surname>
<email>boleslaw dot dawidowicz at redhat dot com</email>
</author>
+ <author>
+ <firstname>Sohil</firstname>
+ <surname>Shah</surname>
+ <email>sshah(a)redhat.com</email>
+ </author>
</chapterinfo>
<title>Single Sign ON</title>
<para>This chapter describes how to setup SSO in JBoss Portal</para>
@@ -143,9 +148,131 @@
authentication cache you may need to restart browser.</note>
</sect2>
</sect1>
- <!--<sect1>
- <title>Using external authentication providers</title>
- <para>TODO:</para>
- </sect1>-->
+ <sect1>
+ <title>CAS - Central Authentication Service</title>
+ <para>This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework.
+ Details about CAS can be found <ulink url="http://www.ja-sig.org/products/cas/">here</ulink></para>
+ <sect2>
+ <title>Integration steps</title>
+ <note>The steps below assume that CAS server and JBoss Portal will be deployed on the same JBoss Application Server instance.
+ CAS will be configured to leverage identity services exposed by JBoss Portal to perform authentication. Procedure may be
+ sligtly different for other deployment scenarios. Both JBoss Portal and CAS will need to be configured to authenticate against
+ same database or LDAP server. Please see CAS documentation to learn how to setup it up against proper identity store.</note>
+ <note>Configuration below assumes that JBoss Application Server is HTTPS enabled and operates on standard ports: 80 (for HTTP) and 443 (for HTTPS).</note>
+ <para>
+ <orderedlist>
+ <listitem>
+ Install CAS server (v 3.0.7). This should be as simple as deploying single <emphasis>cas.war</emphasis> file.
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/WEB-INF/context.xml</emphasis> file and enable proper tomcat valve
+ by uncommenting following lines:
+ <programlisting>
+ <![CDATA[
+<Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
+ casLogin="https://localhost/cas/login"
+ casValidate="https://localhost/cas/serviceValidate"
+ casServerName="localhost"
+ authType="FORM"
+/>
+ ]]>
+ </programlisting>
+ Update valve options as follow:
+ <itemizedlist>
+ <listitem>
+ <emphasis>casLogin: </emphasis> URL of your CAS Authentication Server
+ </listitem>
+ <listitem>
+ <emphasis>casValidate: </emphasis> URL of your CAS Authentication Server validation service
+ </listitem>
+ <listitem>
+ <emphasis>casServerName:</emphasis> the hostname:port combination of your CAS Authentication Server
+ </listitem>
+ </itemizedlist>
+ <note>CAS client requires to use SSL connection. To learn how to setup JBoss Application Server to use HTTPS see here</note>
+ </listitem>
+ <listitem>
+ Copy <emphasis>casclient.jar</emphasis> into <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis>.
+ You can download this file from CAS homepage or from JBoss repository under <emphasis>http://repository.jboss.com/cas/3.0.7/lib/</emphasis>
+ <note>The CAS engine does not accept self-signed SSL certificates. This requirement is fine for production use where a production
+ level SSL certificate is available. However, for testing purposes, this can get a little annoying. Hence, if you are having this issue,
+ you can use <emphasis>casclient-lenient.jar</emphasis> instead.</note>
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml</emphasis> file and uncomment following lines:
+ <programlisting>
+ <![CDATA[
+<mbean
+ code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
+ name="portal:service=Module,type=CASAuthenticationService"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Module,type=IdentityServiceController</depends>
+ <attribute name="HavingRole"></attribute>
+</mbean>
+ ]]>
+ </programlisting>
+ This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same
+ application server instance. This AuthenticationHandler will be enabled in next 2 steps.
+ </listitem>
+ <listitem>
+ Edit <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/deployerConfigContext.xml</emphasis> and add following line in the
+ <emphasis>authenticationHandlers</emphasis> section:
+ <programlisting>
+ <![CDATA[
+<bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ ]]>
+ </programlisting>
+ This can replace default <emphasis>SimpleTestUsernamePasswordAuthenticationHandler</emphasis> so whole part of this config file can look
+ as follows:
+ <programlisting>
+ <![CDATA[
+<property name="authenticationHandlers">
+ <list>
+ <!--
+ | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
+ | a server side SSL certificate.
+ +-->
+ <bean
+ class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
+ <property
+ name="httpClient"
+ ref="httpClient" />
+ </bean>
+
+ <!--
+ | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
+ | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
+ | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
+ | local authentication strategy. You might accomplish this by coding a new such handler and declaring
+ | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+ +-->
+ <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler" />
+ </list>
+</property>
+ ]]>
+ </programlisting>
+ </listitem>
+ <listitem>
+ Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from
+ <emphasis>$JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib</emphasis> to
+ <emphasis>$JBOSS_HOME/server/default/deploy/cas.war/WEB-INF/lib</emphasis>.
+ </listitem>
+ </orderedlist>
+ </para>
+ <para>
+ To test the integration:
+ <itemizedlist>
+ <listitem>Go to your portal. Typically, http://localhost:8080/portal</listitem>
+ <listitem>Click on the "Login" link on the main portal page</listitem>
+ <listitem>This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen</listitem>
+ <listitem>Input your portal username and password. For built-in portal login try user:user or admin:admin</listitem>
+ <listitem>If login is successfull, you should be redirected back to the portal with the appropriate user logged in</listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
+ </sect1>
+
</chapter>
16 years, 8 months
JBoss Portal SVN: r8148 - trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-09-04 09:37:27 -0400 (Tue, 04 Sep 2007)
New Revision: 8148
Modified:
trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
Log:
Add the CMS Exception back, still needs a better error handling though
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:36:36 UTC (rev 8147)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:37:27 UTC (rev 8148)
@@ -251,8 +251,7 @@
username = user.getUserName();
}
log.debug("Unauthorized command (" + invocation + ") for user: " + username);
-// throw new CMSException("Access to this resource is denied");
- return null;
+ throw new CMSException("Access to this resource is denied");
}
}
else
16 years, 8 months
JBoss Portal SVN: r8147 - branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-09-04 09:36:36 -0400 (Tue, 04 Sep 2007)
New Revision: 8147
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
Log:
Add the CMS Exception back, still needs a better error handling though
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:35:27 UTC (rev 8146)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/interceptors/ACLInterceptor.java 2007-09-04 13:36:36 UTC (rev 8147)
@@ -251,8 +251,7 @@
username = user.getUserName();
}
log.debug("Unauthorized command (" + invocation + ") for user: " + username);
-// throw new CMSException("Access to this resource is denied");
- return null;
+ throw new CMSException("Access to this resource is denied");
}
}
else
16 years, 8 months
JBoss Portal SVN: r8146 - trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-09-04 09:35:27 -0400 (Tue, 04 Sep 2007)
New Revision: 8146
Modified:
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
Log:
JBPORTAL-1668: A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:34:05 UTC (rev 8145)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:35:27 UTC (rev 8146)
@@ -24,6 +24,7 @@
import java.util.Collection;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import java.util.HashSet;
import java.util.StringTokenizer;
@@ -365,24 +366,22 @@
//that excludes this user from having access for this action
StringTokenizer st = new StringTokenizer(path,"/");
StringBuffer buffer = new StringBuffer("/");
- boolean explicitPermissionsFound = false;
+ List list = new ArrayList();
+ list.add(new String(buffer.toString()));
while(st.hasMoreTokens())
{
- buffer.append(st.nextToken());
- String currentNode = buffer.toString();
- Collection permissions = this.getPermissions(currentNode);
-
- //this is for forming the path using the next token
- if(st.hasMoreTokens())
- {
- buffer.append("/");
- }
- else
- {
- continue;
- }
-
-
+ String token = st.nextToken();
+ list.add(new String(buffer.append("/").append(token)));
+ }
+
+ boolean explicitPermissionsFound = false;
+
+ Iterator it = list.iterator();
+ while (it.hasNext())
+ {
+ String currentPath = (String)it.next();
+ Collection permissions = this.getPermissions(currentPath);
+
//perform processing for permissions explicitly set on this node
//in the path hierarchy
if(permissions!=null && !permissions.isEmpty())
@@ -405,7 +404,7 @@
)
{
String pathCriteria = userPermission.findCriteriaValue("path");
- if(pathCriteria.equals(currentNode))
+ if(pathCriteria.equals(currentPath))
{
//this means this user has read access to this path
accessFound = true;
16 years, 8 months
JBoss Portal SVN: r8145 - branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-09-04 09:34:05 -0400 (Tue, 04 Sep 2007)
New Revision: 8145
Modified:
branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
Log:
JBPORTAL-1668: A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo
Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 11:54:12 UTC (rev 8144)
+++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 13:34:05 UTC (rev 8145)
@@ -24,6 +24,7 @@
import java.util.Collection;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import java.util.HashSet;
import java.util.StringTokenizer;
@@ -365,24 +366,22 @@
//that excludes this user from having access for this action
StringTokenizer st = new StringTokenizer(path,"/");
StringBuffer buffer = new StringBuffer("/");
- boolean explicitPermissionsFound = false;
+ List list = new ArrayList();
+ list.add(new String(buffer.toString()));
while(st.hasMoreTokens())
{
- buffer.append(st.nextToken());
- String currentNode = buffer.toString();
- Collection permissions = this.getPermissions(currentNode);
-
- //this is for forming the path using the next token
- if(st.hasMoreTokens())
- {
- buffer.append("/");
- }
- else
- {
- continue;
- }
-
-
+ String token = st.nextToken();
+ list.add(new String(buffer.append("/").append(token)));
+ }
+
+ boolean explicitPermissionsFound = false;
+
+ Iterator it = list.iterator();
+ while (it.hasNext())
+ {
+ String currentPath = (String)it.next();
+ Collection permissions = this.getPermissions(currentPath);
+
//perform processing for permissions explicitly set on this node
//in the path hierarchy
if(permissions!=null && !permissions.isEmpty())
@@ -405,7 +404,7 @@
)
{
String pathCriteria = userPermission.findCriteriaValue("path");
- if(pathCriteria.equals(currentNode))
+ if(pathCriteria.equals(currentPath))
{
//this means this user has read access to this path
accessFound = true;
16 years, 8 months