From portal-commits at lists.jboss.org Mon Mar 5 11:29:15 2007 Content-Type: multipart/mixed; boundary="===============2964357683649885748==" MIME-Version: 1.0 From: portal-commits at lists.jboss.org To: portal-commits at lists.jboss.org Subject: [portal-commits] JBoss Portal SVN: r6541 - docs/trunk/referenceGuide/en/modules. Date: Mon, 05 Mar 2007 11:29:15 -0500 Message-ID: --===============2964357683649885748== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Author: bdaw Date: 2007-03-05 11:29:15 -0500 (Mon, 05 Mar 2007) New Revision: 6541 Modified: docs/trunk/referenceGuide/en/modules/authentication.xml Log: addons for Authentication chapter Modified: docs/trunk/referenceGuide/en/modules/authentication.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 14:5= 6:52 UTC (rev 6540) +++ docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 16:2= 9:15 UTC (rev 6541) @@ -21,15 +21,15 @@ JAAS Login Modules JBoss Portal comes with few implementations of JAAS = LoginModule interface - IdentityLoginModule + org.jboss.portal.identity.auth.IdentityLoginModule TODO - DBIdentityLoginModule + org.jboss.portal.identity.auth.DBIdentityLoginModule</titl= e> <para>TODO</para> </sect2> <sect2> - <title>SynchronizingLdapLoginModule + org.jboss.portal.identity.auth.SynchronizingLdapLoginModul= e Use can use this module instead of IdentityLoginModule to bind= to LDAP. org.jboss.portal.identity.auth.SynchronizingLDAPLogi= nModule class is a wrapper around @@ -77,7 +77,7 @@ For obvious reasons this is designed to use with portal ident= ity modules configured with DB and not LDAP - SynchronizingLdapExtLoginModule + org.jboss.portal.identity.auth.SynchronizingLdapExtLoginMo= dule All options that apply for SynchronizingLdapLogin= Module also apply here. It's the same kind of wrapper made around LdapExtLoginModule from JBossSX. Sample configuration can look like this: @@ -110,5 +110,52 @@ ]]> + + org.jboss.portal.identity.auth.SynchronizingLoginModule</t= itle> + <para> + This module is designed to provide synchronization support for= any other LoginModule placed in the authentication stack. + It leverages the fact that in JAAS authentication process occu= rs in two phases. In first phase when login() method is invoked + it always returns "true". Because of this behaviour <emphasis>= SynchronizingLoginModule</emphasis> should be always used with + "optional" flag.. + Morover it should be placed after module we want to leverage a= s a source for synchronization and this module should have "required" flag = set. + During the second phase when commit() method is invoked it get= s user <emphasis>Subject</emphasis> and its <emphasis>Principal</emphasis>s + and tries to synchronize them into storage configured for port= al identity modules. For this purposes such options are supported: + <itemizedlist> + <listitem> + <emphasis role=3D"bold">userModuleJNDIName</emphasis> - = JNDI name of portal UserModule. This option is <emphasis>obligatory</emphas= is> + if <emphasis>synchronizeIdentity</emphasis> option is se= t to <emphasis>true</emphasis> + </listitem> + <listitem> + <emphasis role=3D"bold">roleModuleJNDIName</emphasis> - = JNDI name of portal RoleModule. This option is <emphasis>obligatory</emphas= is> + if <emphasis>synchronizeIdentity</emphasis> and <emphasi= s>synchronizeRoles</emphasis> options are set to <emphasis>true</emphasis> + </listitem> + <listitem> + <emphasis role=3D"bold">membershipModuleJNDIName</emphas= is> - JNDI name of portal MembershipModule. This option is <emphasis>obliga= tory</emphasis> + if <emphasis>synchronizeIdentity</emphasis> and <emphasi= s>synchronizeRoles</emphasis> options are set to <emphasis>true</emphasis> + </listitem> + <listitem> + <emphasis role=3D"bold">userProfileModuleJNDIName</empha= sis> - JNDI name of portal UserProfileModule. This option is <emphasis>obli= gatory</emphasis> + if <emphasis>synchronizeIdentity</emphasis> option is se= t to <emphasis>true</emphasis> + </listitem> + <listitem> + <emphasis role=3D"bold">synchronizeIdentity</emphasis> -= if set to <emphasis>true</emphasis> module will check if + successfully authenticated user exist in portal and if n= ot it will try to create it. If user exists module will update its password + to the one that was just validated. + </listitem> + <listitem> + <emphasis role=3D"bold">synchronizeRoles</emphasis> - if= set to <emphasis>true</emphasis> module will iterate over all roles assign= ed to + authenticated user and for each it will try to check if = such role exists in portal and if not it will try to create it. This option= is + checked only if <emphasis>synchronizeIdentity</emphasis>= is set to true; + </listitem> + <listitem> + <emphasis role=3D"bold">additionalRole</emphasis> - modu= le will add this role name to the group of principals assigned to the authe= nticated user. + </listitem> + <listitem> + <emphasis role=3D"bold">defaultAssignedRole</emphasis> -= if <emphasis>synchronizeIdentity</emphasis> is set to true, module will tr= y to assign + portal role with such name to the authenticated user. If= such role doesn't exist in portal, module will try to create it. + </listitem> + </itemizedlist> + </para> + </sect2> </sect1> </chapter> --===============2964357683649885748==--