Differences between revisions 11 and 12
Revision 11 as of 2008-07-28 14:14:27
Size: 3963
Comment:
Revision 12 as of 2009-09-20 23:45:08
Size: 3963
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
Feel free to make changes to this document. A seperate document for basic setup is located under ["JackrabbitOnJBoss"] Feel free to make changes to this document. A seperate document for basic setup is located under [[JackrabbitOnJBoss]]

This document describes how to

  • Configure Jackrabbit security through JAAS on Jboss.

Feel free to make changes to this document. A seperate document for basic setup is located under JackrabbitOnJBoss

This document is based on Jackrabbit-1.1, and can be used with either the JCA approach above, or the .WAR server approach.

Files that will be modified:

  • JBOSS Files
    • $JBOSS_HOME/server/<default>/conf/login-config.xml

    • Alternatively, jboss mbean dynamicloginconfig approach.
  • Jackrabbit Files
    • repository.xml


Configuring Security Authentication Policy

The security authentication policy will tie jackrabbit and the jboss security systems together. The default security policy is called Jackrabbit, but can be changed if necessary (especially if you already have an existing domain configured in jboss login-config.xml that you would like to re-use).

The security policy is repository-wide, regardless of workspace(s). If you need different security/authentication, you will need different repositories (i.e. new repository.xml for each repository). However, if you can use the same authentication but have different authorization requirements, you can use the same repository with a custom AccessManager.

repository.xml

<!-- remove this loginmodule to only use the login-config.xml configured modules.

-->

  • </Security>

$JBOSS_HOME/server/<default>/conf/login-config.xml

  • <application-policy name="Jackrabbit">

    • <authentication>

      • <!-- your security modules for Ldap, Ad, Database, role.properties, etc here -->

      </authentication>

    </application-policy>

Caution: name attribute of application-policy tag in login module definition could be whatever you want, until it matches appName of Security tag in repository.xml.


Configuring Authorization/Jackrabbit AccessManager

TODO

Custom access manager when using Jboss for security is referenced at SimpleJbossAccessManager


JBoss Mbean Dynamic Login Config option

This is for deployment of the authentication login modules outside of the login-config.xml. The reasoning is usually company-policy-oriented and/or preference. This is a jboss-specific option not related to Jackrabbit -- all jackrabbit configuration related to login-config.xml will now go into the jackrabbit-login-config.xml below.

See http://wiki.jboss.org/wiki/DynamicLoginConfig .

  • Create a $JBOSS_HOME/server/<default>/deploy/jackrabbitsecurity.sar directory (yes, name the directory with .sar at the end).

  • jackrabbitsecurity.rar/META-INF/jboss-service.xml

<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="org.apache.jackrabbit:service=DynamicLoginConfig">

</mbean> </server>

  • jackrabbitsecurity.sar/jackrabbit-login-config.xml

Place what would be your normal login-config.xml configuration here.

In addition, if you have custom login module libraries only used for this security authentication configuration, those can also be placed here.


JackrabbitOnJbossSecurity (last edited 2009-09-20 23:45:08 by localhost)