Differences between revisions 6 and 7
Revision 6 as of 2006-11-27 19:23:40
Size: 2527
Editor: 66-252-47-2
Comment:
Revision 7 as of 2009-09-20 23:45:05
Size: 2539
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 16: Line 16:
 * attachment:SimpleJbossAccessManager.jar
 * attachment:SimpleJbossAccessManager.java
 * attachment:pom.xml
 * [[attachment:SimpleJbossAccessManager.jar]]
 * [[attachment:SimpleJbossAccessManager.java]]
 * [[attachment:pom.xml]]

The simple jboss access manager is a specialized Access Manager to handle Authorization of individuals authenticated through jboss login modules. It maps roles from the jboss simplegroup class to jackrabbit permissions.

The intent of this document is to

  • Deploy and enable a SimpleJbossAccessManager.

  • Configure the mappings between groups/roles from the authentication system to jackrabbit permissions.

Files that will be modified

  • Deploy SimpleJbossAccessManager.jar to WEB-INF/lib or somewhere else to add to the classpath.

  • repository.xml
  • $REPO_HOMEDIR/rolemappings.properties


Add SimpleJbossAccessManager to classpath

All code is apache licensed.

For the server .WAR deployment option, go to the attachments section and save the SimpleJbossAccessManager.jar under /WEB-INF/lib/SimpleJbossAccessManager.jar.

For JCA deployment option, save that same .jar and add it to the RAR file.


Configure Jackrabbit to use SimpleJbossAccessManager

Go to your repository.xml and modify the following:

  • <Security appName="Jackrabbit">

<!-- remove this loginmodule so only use the login-config.xml configured modules. <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule"> <param name="anonymousId" value="anonymous"/> </LoginModule> -->

  • </Security>


Authorization - mapping roles to permissions

This module uses the Jboss simplegroup class to get a list of Roles from the login-modules. This has specifically been tested on AD (active directory), although should be transparent for other security implementations.

Under your repository homedir (defined in your repository.xml as 'path') that usually shows /repository, /version, and /workspace directories create a rolemappings.properties file. If someone wanted to modify the code to allow positioning where the mapping file is, that would be fine.

rolemappings.properties (without the bullets):

  • #SimpleJbossAccessManager Jackrabbit permissions.

  • #permissions must be:
  • # read, full, or none
  • #Roles that are not defined are defaulted to none.
  • developers=full
  • admin=full
  • active_directory_group_called_jackrabbit_ro=read


SimpleJbossAccessManager (last edited 2009-09-20 23:45:05 by localhost)