[jboss-user] [JBoss Portal] - Using alternative source for JBoss Portal authentication

[engela]

I quite like to use the JBoss Portal, but have to use an LDAP Server for authentication and retrieving the roles of a user. I have read through the Wiki Entry: 

http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingAnLDAPSourceForPortalAuthentication

Some of the portlets need a fine-grained access a rights and I am considering using Acegi security for this. Since I am quite new to all of this I thought I start simple. Instead of adding a new login-module using the org.jboss.security.auth.spi.LdapExtLoginModule as described in above Wiki I added a new login-module using org.jboss.security.auth.spi.UsersRolesLoginModule and set the flag of org.jboss.portal.identity.auth.IdentityLoginModule to ?sufficient?. So my new login.config.xml in JBOSS_HOME/server/default/deploy/jboss-portla.sar/conf/ looks like:


   <!-- For the JCR CMS -->
   <application-policy name="cms">
      
         <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
      
   </application-policy>
   
   <application-policy name="portal">
      
         <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
            <module-option name="unauthenticatedIdentity">guest</module-option>
            <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
            <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
            <module-option name="additionalRole">Authenticated</module-option>
            <module-option name="password-stacking">useFirstPass</module-option>
         </login-module>
	<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">props/portal-users.properties</module-option>
           <module-option name="rolesProperties">props/portal-roles.properties</module-option>
          </login-module>

      
   </application-policy>


I added the portal-users.properties and portal-roles.properties to the correct location. 

portal-roles.properties:

# A sample users.properties file for use with the UsersRolesLoginModule
first=first
second=second

portal-roles.properties

first=Administrators,Admin
second=Users,User

When logging in as first or second user I get the error message: HTTP Status 403 - Access to the requested resource has been denied

Questions:
-	Is it possible use integrate an alternative LoginModule e.g. UsersRolesLoginModule or org.jboss.security.auth.spi.LdapExtLoginModule to define Authenication and the roles of the users?
-	Has anyone successfully integrated an external LDAP Directory server which also supplies the roles of the user?
-	Has anyone successfully integrated AcegiSecurity for authentication and retrieving the roles of a user e.g. by using the LoginModule: org.acegisecurity.adapters.jboss.JbossAcegiLoginModule? How do I configure the login-module.xml?

I have just read through a similar Forum Entry:

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=103606

Do I have to sychronize all users in my LDAP directory with the portal database in order to define the role of users? I don?t think it is a practical option for us to maintain two systems in which we hold user information.

Thanks,

Anette


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4026583#4026583

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4026583