-
1. Re: Giving Admin Priviledges to another Role
theute Jul 23, 2007 10:46 AM (in response to roth)If you want them to be admin why don't you add them the admin role ?
The roles are checked in the portlet following the spec (isUserInRole("admin"). -
2. Re: Giving Admin Priviledges to another Role
theute Jul 23, 2007 10:49 AM (in response to roth)But you can map this role to any of your business role (see the spec and Java security in general)
-
3. Re: Giving Admin Priviledges to another Role
roth Jul 24, 2007 1:33 AM (in response to roth)Hi Thomas
"thomas.heute@jboss.com" wrote:
If you want them to be admin why don't you add them the admin role ?
Because I later want to integrate the portal with my existing ldap. Instead of adding a new role for every system I attach to my ldap ('admin' for the portal, 'root' for system x, 'administrator' for system y), I want to use already existing roles."thomas.heute@jboss.com" wrote:
But you can map this role to any of your business role (see the spec and Java security in general)
That was what I was trying to do. Do the examples I posted look sensible? Or did I approach this in all wrongly? The above is what looks right to me, but I don't know much about java security. I did read the reference guide about that topic though, that's how I came up with the above.
Thanks -
4. Re: Giving Admin Priviledges to another Role
theute Jul 24, 2007 2:11 AM (in response to roth)You should read:
PLT.20.3 Programmatic Security
Of the portlet spec.
You will have to adapt portal-core.war/WEB-INF/portlet.xml to reference your roles -
5. Re: Giving Admin Priviledges to another Role
roth Jul 24, 2007 2:58 AM (in response to roth)Thanks! That was exacty the piece of information I was missing.
I'll write a wiki article in the next few days about this as well as my efforts concerning portal integration in MS Active Directory. -
6. Re: Giving Admin Priviledges to another Role
theute Jul 24, 2007 5:12 AM (in response to roth)That would be a great value-added, thanks !
-
7. Re: Giving Admin Priviledges to another Role
swisst Jul 30, 2007 10:52 AM (in response to roth)How's that wiki article coming? :-)
I have to integrate with AD and was looking forward to your post....
Thanks! -
8. Re: Giving Admin Priviledges to another Role
roth Jul 31, 2007 1:46 AM (in response to roth)Right... I was a bit distracted by other work.
Anyway, you'll have the article until Friday night. I'll post a link here once I'm done.
Cheers -
-
10. Re: Giving Admin Priviledges to another Role
theute Aug 3, 2007 10:42 AM (in response to roth)Thanks a lot ! I know lot of people will enjoy this :)
-
11. Re: Giving Admin Priviledges to another Role
swisst Aug 8, 2007 6:11 PM (in response to roth)Thanks!
-
12. Re: Giving Admin Priviledges to another Role
swisst Aug 8, 2007 6:16 PM (in response to roth)Okay, so I tried the AD set-up and had a little kablammo:
15:12:56,575 ERROR [IdentityLoginModule] Error when validating password org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult) at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253) at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289) at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:204) at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:158) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Unknown Source) Caused by: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult) at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:260) at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219) ... 30 more
Any clues? Do you need more information? My config was almost identical to the referenced wiki article.
Thanks,
Thad -
13. Re: Giving Admin Priviledges to another Role
roth Aug 9, 2007 2:15 AM (in response to roth)Dunno, maybe I forgot some step to install ldap-specific libraries in the wiki article. I'll check.
-
14. Re: Giving Admin Priviledges to another Role
roth Aug 9, 2007 4:02 AM (in response to roth)I walked through the wiki article again step by step, and it worked for me, using jboss-4.2.1-GA and JBoss_Portal_2_6_1. Are you sure you didn't miss anything?