Thanks Greg. I have tried configuring the JAAS config file a number of ways (based on your recommendation), and none have worked correctly. We use a custom authenticator that uses a DB to store user info, and this is configured through the Weblogic Console (both the DataSource info and the security flags). When I try to specify its LoginModule in the JAAS config file, it does not initialize the Datasource name because it depends on the init code called by the MBean (using the value supplied by the user in the Weblogic console), and therefore fails when trying to connect.
Magnolia cannot be configured in the Weblogic console since it doesn't have a respective MBean, and so I'm trying to use the runtime JAVA_OPTIONS argument when starting up: -Djava.security.auth.login.config=%WL_HOME%\server\lib\jaas-magnolia.config I believe, though, that our custom authentication is not compatible with Magnolia, since it seems that the Magnolia web app depends on user types defined within Magnolia. Basically, we'd like to completely bypass Magnolia's authentication/authorization if favor of our own. I don't know if this is very doable, considering the fact that Magnolia stores its users and groups within the repository itself... There are many references in the Magnolia source to superuser and anonymous (the "default" users?), and so I guess what I *really* need to do is modify the Magnolia application code to use our custom authentication/authorization instead. Does this sound like the correct direction? If so, do you have a good idea about how Magnolia authenticates behind the scenes (i.e., which classes should be modified to accomplish this)? Dallas > -----Original Message----- > From: dev-list@magnolia.info [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 13, 2007 4:16 PM > To: dev-list@magnolia.info > Subject: Re: [magnolia-dev] External authentication > > Hi, > > On Dec 13, 2007, at 18:57 , Vaughan, Dallas wrote: > > > Hello, > > We are trying to integrate Magnolia (3.5RC3) with a pre-existing > > web app (with a pre-existing custom security provider) on Weblogic > > 9.2. I've configured Magnolia JAAS authentication (by modifying > > the flags in the JAAS config file to "sufficient"), and configured > > Weblogic to use this file, and it seems to work, to a point. > > Navigating to Magnolia (either before or after logging in to our > > web app) always fails with this: > > I'm assuming you mean you want to use a custom > javax.security.auth.spi.LoginModule. In the JAAS config, you need to > keep the "info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required", > in order to get the ACLs (authorization) from Magnolia/JCR. Your > module can be on top of that and replace JCRAuthenticationModule, but > it can't be "sufficient" since that will interrupt the chain, I think > it needs to be "requisite". > > Please let me know how this goes. > > Now, the exception you get isn't the nicest thing to understand > what's wrong, so you might want to report this in Jira or better yet, > propose a patch that handles this a bit more nicely. > > Cheers, > > greg > > ps: when creating a new thread on the list, please create a new > message rather than replying to a random unrelated one. thanks. > > > java.util.NoSuchElementException > > at java.util.HashMap$HashIterator.nextEntry(HashMap.java:2139) > > at java.util.HashMap$KeyIterator.next(HashMap.java:2172) > > at info.magnolia.cms.util.WorkspaceAccessUtil.createAccessManager > > (WorkspaceAccessUtil.java:146) > > at info.magnolia.context.DefaultRepositoryStrategy.getAccessManager > > (DefaultRepositoryStrategy.java:69) > > at info.magnolia.context.AbstractContext.getAccessManager > > (AbstractContext.java:114) > > at info.magnolia.context.MgnlContext.getAccessManager > > (MgnlContext.java:167) > > at info.magnolia.cms.security.URISecurityFilter.isAllowed > > (URISecurityFilter.java:81) > > at info.magnolia.cms.security.BaseSecurityFilter.doFilter > > (BaseSecurityFilter.java:59) > > at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter > > (AbstractMgnlFilter.java:70) > > at info.magnolia.cms.filters.MgnlFilterChain.doFilter > > (MgnlFilterChain.java:71) > > at info.magnolia.cms.security.LogoutFilter.doFilter > > (LogoutFilter.java:81) > > at > > info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter > > (OncePerRequestAbstractMgnlFilter.java:62) > > at info.magnolia.cms.filters.MgnlFilterChain.doFilter > > (MgnlFilterChain.java:71) > > at info.magnolia.cms.security.auth.login.LoginFilter.doFilter > > (LoginFilter.java:83) > > at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter > > (AbstractMgnlFilter.java:70) > > at info.magnolia.cms.filters.MgnlFilterChain.doFilter > > (MgnlFilterChain.java:71) > > at info.magnolia.cms.filters.ContentTypeFilter.doFilter > > (ContentTypeFilter.java:73) > > at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter > > (AbstractMgnlFilter.java:70) > > at info.magnolia.cms.filters.MgnlFilterChain.doFilter > > (MgnlFilterChain.java:71) > > at info.magnolia.cms.filters.ContextFilter.doFilter > > (ContextFilter.java:72) > > at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter > > (AbstractMgnlFilter.java:70) > > at info.magnolia.cms.filters.MgnlFilterChain.doFilter > > (MgnlFilterChain.java:71) > > at info.magnolia.cms.filters.CompositeFilter.doFilter > > (CompositeFilter.java:64) > > at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter > > (AbstractMgnlFilter.java:70) > > at info.magnolia.cms.filters.MgnlMainFilter.doFilter > > (MgnlMainFilter.java:98) > > at info.magnolia.cms.filters.MgnlMainFilter.doFilter > > (MgnlMainFilter.java:195) > > at weblogic.servlet.internal.FilterChainImpl.doFilter > > (FilterChainImpl.java:42) > > at weblogic.servlet.internal.WebAppServletContext > > $ServletInvocationAction.run(WebAppServletContext.java:3212) > > at weblogic.security.acl.internal.AuthenticatedSubject.doAs > > (AuthenticatedSubject.java:321) > > at weblogic.security.service.SecurityManager.runAs > > (SecurityManager.java:121) > > at weblogic.servlet.internal.WebAppServletContext.securedExecute > > (WebAppServletContext.java:1983) > > at weblogic.servlet.internal.WebAppServletContext.execute > > (WebAppServletContext.java:1890) > > at weblogic.servlet.internal.ServletRequestImpl.run > > (ServletRequestImpl.java:1344) > > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) > > at weblogic.work.ExecuteThread.run(ExecuteThread.java:181) > > > > Has anyone (reading this) had success with configuring Magnolia to > > use external security, especially on Weblogic? Where would be the > > best place to start in order to customize Magnolia's > > authentication? Thanks! > > > > Dallas Vaughan > > > > > > ---------------------------------------------------------------- > for list details see > http://documentation.magnolia.info/docs/en/editor/stayupdated.html > ---------------------------------------------------------------- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.2/1184 - Release Date: 12/14/2007 11:29 AM ---------------------------------------------------------------- for list details see http://documentation.magnolia.info/docs/en/editor/stayupdated.html ----------------------------------------------------------------
