Announcement Announcement Module
Collapse
No announcement yet.
JBoss Portal & Acegi Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • JBoss Portal & Acegi

    I am thinking of using Acegi in a JBoss Portal to
    - Authenticate a user
    - Restrict access to accessing Portal Pages
    - Implement a fine-grained authorization within the portlets, which will be based on the Spring Portlet MVC framework

    Has anyone used Ageci for authentication and authorization within JBoss Portal?

    Thanks,

    Anette

  • #2
    I would try search for this, I'm pretty sure I've seen this brought up a few times.
    e.g.
    http://forum.springframework.org/showthread.php?t=22971

    Comment


    • #3
      The subject came up in a few posts but none of them is sufficient for me to understand how to integrate Acegi Security in the JBoss Portal . At the moment I am mainly interested in Authentication and retrieving the user roles as the basic coarse-grained Authorization for Portal Pages and Portlet Instance is sufficient for me to start with. At a later stage I would like to integrate Acegi Security into portlets for a more fine-grained authorization within a portlet.

      JBossAcegiLoginModule
      ----------------------
      In the JBoss Portal you can change the Authentication by adding a new login-module for the portal in the login.config.xml in JBOSS_HOME/server/default/deploy/jboss-portla.sar/conf/ looks. A login-module has to implenent the javax.security.auth.spi.LoginModule interface. There a few existing implemenations e.g UsersRolesLoginModule or org.jboss.security.auth.spi.LdapExtLoginModule. An Example:

      <application-policy name="portal">
      <login-module code="org.jboss.portal.identity.auth.IdentityLogin Module" flag="sufficient">
      <module-option name="unauthenticatedIdentity">guest</module-option>
      <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
      <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
      <module-option name="additionalRole">Authenticated</module-option>
      <module-option name="password-stacking">useFirstPass</module-option>
      </login-module>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginM odule" flag = "required">
      <module-option name="usersProperties">props/portal-users.properties</module-option>
      <module-option name="rolesProperties">props/portal-roles.properties</module-option>
      </login-module>
      </application-policy>

      I noticed the org.acegisecurity.adapters.jboss.JbossAcegiLoginMo dule, which I assume implements the LoginModule interface. Can I use this module to integrate Acegi with the JBoss Portal? If yes how do I configure the login-module.xml?

      When securing a web application using Acegi I would configure authentication and authorization in a xml file e.g. the applicationContext-acegi-security.xml in the Acegi Security Tutorial Sample and the configuration for the Acegi Filter Chain Proxy to the web.xml of my web application. How would I configure authentication when Integrating Acegi in the JBoss Portal?

      JAAS
      -----
      Since JBoss Security is based on JAAS another option to integrate Acegi in JBoss Portal might to delegate authentication requests to the Java Authentication and Authorization Service (JAAS) (see http://acegisecurity.org/docbook/acegi.html#jaas). Not sure if that would be a viable option and I would have to implement a JAAS AuthorityGranter.

      Best Regards,

      Anette

      Comment

      Working...
      X