[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-1646) portal-cms depends on existence of user 'admin'

Sohil Shah (JIRA) jira-events at lists.jboss.org
Tue Nov 27 18:08:51 EST 2007 

     [ http://jira.jboss.com/jira/browse/JBPORTAL-1646?page=all ]

Sohil Shah resolved JBPORTAL-1646.
----------------------------------

    Resolution: Done

The following two aspects of CMS security and now made configurable:

1/ Ability to configure the CMS super user instead of the built-in admin user. This can be achieved by the configuration inside the portal-cms.sar/META-INF/jboss-service.xml.

<mbean
      code="org.jboss.portal.cms.security.AuthorizationProviderImpl"
      name="portal:service=AuthorizationProvider,type=cms"
      xmbean-dd=""
      xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
      <xmbean/> 
      <!--
      	NOTE: cmsRootUserName denotes a single Portal user that has access to everything in the CMS. Denote this user
      	carefully and should be synonymous to the 'root' user in a Unix system. By default: this value is the built-in
      	'admin' user account. This can be changed to any other user account registered in your Portal
      -->
      <attribute name="CmsRootUserName">admin</attribute>  
      <depends optional-attribute-name="IdentityServiceController" proxy-type="attribute">portal:service=Module,type=IdentityServiceController</depends>     
 </mbean>

2/ The Portal Role that has access to the CMS Security Console for setting up the permissions on the CMS nodes can now be specified in the following file:
     jboss-portal.sar/conf/identity/standardidentity-config.xml

<!--Common options section-->
      <option-group>
         <group-name>common</group-name>
         <option>
            <name>userCtxDN</name>
            <value>ou=People,dc=example,dc=com</value>
         </option>
         <option>
            <name>uidAttributeID</name>
            <value>uid</value>
         </option>
         <option>
            <name>passwordAttributeID</name>
            <value>userPassword</value>
         </option>
         <option>
            <name>roleCtxDN</name>
            <value>ou=Roles,dc=example,dc=com</value>
         </option>
         <option>
            <name>ridAttributeId</name>
            <value>cn</value>
         </option>
         <option>
            <name>roleDisplayNameAttributeID</name>
            <value>cn</value>
         </option>
         <option>
            <name>membershipAttributeID</name>
            <value>member</value>
         </option>
         <option>
            <name>membershipAttributeIsDN</name>
            <value>true</value>
         </option>
         <!-- NOTE: defaultAdminRole is a required option -->
         <option>
            <name>defaultAdminRole</name>
            <value>Admin</value>
         </option>         
      </option-group> 

> portal-cms depends on existence of user 'admin'
> -----------------------------------------------
>
>                 Key: JBPORTAL-1646
>                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1646
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal CMS
>    Affects Versions: 2.6.1 Final
>            Reporter: Tobias Roth
>         Assigned To: Sohil Shah
>             Fix For: 2.6.3 Final
>
>
> cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java has the user 'admin' hardcoded:
>    /** Loads content from sar and adds it to the repo. */
>    public void createContent() throws Exception
>    {
>       log.info("Creating default CMS content.");
>       
>       // Get the content
>       URL root = Thread.currentThread().getContextClassLoader().getResource(defaultContentLocation);
>       
>       //make the user executing these to create the default content, an 'Admin' user
>       //without this, the fine grained security won't allow the creation
>       UserModule userModule = getUserModule();
>       if(userModule != null)
>       {
> 	      org.hibernate.Session session = org.jboss.portal.cms.hibernate.state.Tools.getOpenSession();
> 	      org.hibernate.Transaction tx = session.beginTransaction();
> 	      User user = userModule.findUserByUserName("admin"); // HERE
> 	      if(user!=null)
> 	      {
> 	    	  JCRCMS.getUserInfo().set(user);
> 	      }
> 	      tx.rollback();
> 	      org.jboss.portal.cms.hibernate.state.Tools.closeSession(session);
>       }	
> If it doesn't exist (for example because LDAP is being used), portal-cms cannopt be deployed, and several database tables are not created. If 'admin' is changed to an existing user, everything works fine.
> There is another reference to 'admin' in cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java, but leaving this as it is doesn't seem to have any negative effect.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list