The simple jboss access manager is a specialized Access Manager to handle Authorization of individuals authenticated through jboss login modules. It maps roles from the jboss simplegroup class to jackrabbit permissions.
The intent of this document is to
Deploy and enable a SimpleJbossAccessManager.
- Configure the mappings between groups/roles from the authentication system to jackrabbit permissions.
Files that will be modified
Deploy SimpleJbossAccessManager.jar to WEB-INF/lib or somewhere else to add to the classpath.
Add SimpleJbossAccessManager to classpath
All code is apache licensed.
For the server .WAR deployment option, go to the attachments section and save the SimpleJbossAccessManager.jar under /WEB-INF/lib/SimpleJbossAccessManager.jar.
For JCA deployment option, save that same .jar and add it to the RAR file.
Configure Jackrabbit to use SimpleJbossAccessManager
Go to your repository.xml and modify the following:
<!-- remove this loginmodule so only use the login-config.xml configured modules. <LoginModule class="org.apache.jackrabbit.core.security.SimpleLoginModule"> <param name="anonymousId" value="anonymous"/> </LoginModule> -->
Authorization - mapping roles to permissions
This module uses the Jboss simplegroup class to get a list of Roles from the login-modules. This has specifically been tested on AD (active directory), although should be transparent for other security implementations.
Under your repository homedir (defined in your repository.xml as 'path') that usually shows /repository, /version, and /workspace directories create a rolemappings.properties file. If someone wanted to modify the code to allow positioning where the mapping file is, that would be fine.
rolemappings.properties (without the bullets):
#SimpleJbossAccessManager Jackrabbit permissions.
- #permissions must be:
- # read, full, or none
- #Roles that are not defined are defaulted to none.