|

Authentication and Authorization / OSGi

View: New views

6 Messages — Rating Filter: Alert me

	Authentication and Authorization / OSGi by chadws :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Are there any good resources / documents on how to authenticate users in EasyBeans also, how does this integrate with OSGi with regard to authentication and authorization? Thanks, Chad THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL.
	Re: Authentication and Authorization / OSGi by Guillaume Sauthier :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message EasyBeans alone do not provide any security realm to authenticate users against. So it has to be used with with a "realm provider" (like JOnAS). EasyBeans "only" provides role based permission checking (ie the @AllowedRoles annotations) and a SimpleLoginModule that can be used with JAAS. --G CHAD SKINNER a écrit : > Are there any good resources / documents on how to authenticate users in EasyBeans also, how does this integrate with OSGi with regard to authentication and authorization? > > Thanks, > Chad > > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. > > > `[Guillaume_Sauthier.vcf]` `begin:vcard fn:Guillaume Sauthier n:Sauthier;Guillaume org:<a href="http://www.ow2.org"><img title="OW2" alt="OW2 Consortium" border="0" src="http://www.ow2.org/xwiki/bin/skin/XWiki/DefaultSkin/logoOW2.png" /></a> adr:;;;;;;France email;internet:guillaume.sauthier@... title:<a href="http://jonas.ow2.org">JOnAS Application Server</a> x-mozilla-html:TRUE url:http://jonas.ow2.org version:2.1 end:vcard`
	Re: Authentication and Authorization / OSGi by chadws :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I would like to implement a simple authentication and authorization system for OSGi that would work with EJB annotations. Unfortunately, in the past all I have done is to use these systems never implement them. I would like to provide a simple RBAC that would create the user's subject and populate it with the required roles. Unfortunately, Security seems to be one of the least documented features in most systems and so I was wondering if anyone could point me at some good documentation or source code that I could read to see how the EJB authentication annotations are processed? Thanks again, -- Chad >>> Guillaume Sauthier <Guillaume.Sauthier@...> 4/2/2009 11:40 AM >>> EasyBeans alone do not provide any security realm to authenticate users against. So it has to be used with with a "realm provider" (like JOnAS). EasyBeans "only" provides role based permission checking (ie the @AllowedRoles annotations) and a SimpleLoginModule that can be used with JAAS. --G CHAD SKINNER a écrit : > Are there any good resources / documents on how to authenticate users in EasyBeans also, how does this integrate with OSGi with regard to authentication and authorization? > > Thanks, > Chad > > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. > > > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL.
	Re: Re: Authentication and Authorization / OSGi by Guillaume Sauthier :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I don't get what you want to do (your final goal). Is it the security system you just talk about ? If so, the authorization part is already handled by easybeans (using JACC and Permission). What easybaens standalone does not provide is a security realm that can be used to perform authentication... If you want to contribute one ... :) --G CHAD SKINNER a écrit : > I would like to implement a simple authentication and authorization > system for OSGi that would work with EJB annotations. Unfortunately, > in the past all I have done is to use these systems never implement > them. I would like to provide a simple RBAC that would create the > user's subject and populate it with the required roles. > > Unfortunately, Security seems to be one of the least documented > features in most systems and so I was wondering if anyone could point > me at some good documentation or source code that I could read to see > how the EJB authentication annotations are processed? > > Thanks again, > -- Chad > > > >>> Guillaume Sauthier <Guillaume.Sauthier@...> 4/2/2009 > 11:40 AM >>> > EasyBeans alone do not provide any security realm to authenticate users > against. > So it has to be used with with a "realm provider" (like JOnAS). > > EasyBeans "only" provides role based permission checking (ie the > @AllowedRoles annotations) and a SimpleLoginModule that can be used with > JAAS. > --G > > CHAD SKINNER a écrit : > > Are there any good resources / documents on how to authenticate > users in EasyBeans also, how does this integrate with OSGi with regard > to authentication and authorization? > > > > Thanks, > > Chad > > > > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN > TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE > INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS > MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF > THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED > FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION > IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. > > > > > > > > ------------------------------------------------------------------------ > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, > KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION > CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS MISTAKENLY > BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY > REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, > PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL > MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. `[Guillaume_Sauthier.vcf]` `begin:vcard fn:Guillaume Sauthier n:Sauthier;Guillaume org:<a href="http://www.ow2.org"><img title="OW2" alt="OW2 Consortium" border="0" src="http://www.ow2.org/xwiki/bin/skin/XWiki/DefaultSkin/logoOW2.png" /></a> adr:;;;;;;France email;internet:guillaume.sauthier@... title:<a href="http://jonas.ow2.org">JOnAS Application Server</a> x-mozilla-html:TRUE url:http://jonas.ow2.org version:2.1 end:vcard`
	Re: Re: Re: Authentication and Authorization / OSGi by Florent BENOIT-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message In EasyBeans, there is one LoginModule that can be used to take Identity from the authenticated Subject and propagate it to the EasyBeans framework: http://fisheye.easybeans.org/browse/EasyBeans/trunk/easybeans/modules/security/src/main/java/org/ow2/easybeans/security/auth/spi/ClientLoginModule.java?r=4117 (It will extract Principal name from Principal.class object and the roles will be extracted from the Group.class contains in the subject) More details here: http://fisheye.easybeans.org/browse/EasyBeans/trunk/easybeans/modules/security/src/main/java/org/ow2/easybeans/security/propagation/context/SecurityContext.java?r=2556 Regards, Florent Guillaume Sauthier wrote: > I don't get what you want to do (your final goal). Is it the security > system you just talk about ? > If so, the authorization part is already handled by easybeans (using > JACC and Permission). What easybaens standalone does not provide is a > security realm that can be used to perform authentication... > > If you want to contribute one ... :) > --G > > CHAD SKINNER a écrit : >> I would like to implement a simple authentication and authorization >> system for OSGi that would work with EJB annotations. Unfortunately, >> in the past all I have done is to use these systems never implement >> them. I would like to provide a simple RBAC that would create the >> user's subject and populate it with the required roles. >> >> Unfortunately, Security seems to be one of the least documented >> features in most systems and so I was wondering if anyone could point >> me at some good documentation or source code that I could read to see >> how the EJB authentication annotations are processed? >> >> Thanks again, >> -- Chad >> >> >> >>> Guillaume Sauthier <Guillaume.Sauthier@...> 4/2/2009 >> 11:40 AM >>> >> EasyBeans alone do not provide any security realm to authenticate users >> against. >> So it has to be used with with a "realm provider" (like JOnAS). >> >> EasyBeans "only" provides role based permission checking (ie the >> @AllowedRoles annotations) and a SimpleLoginModule that can be used with >> JAAS. >> --G >> >> CHAD SKINNER a écrit : >> > Are there any good resources / documents on how to authenticate >> users in EasyBeans also, how does this integrate with OSGi with >> regard to authentication and authorization? >> > >> > Thanks, >> > Chad >> > >> > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN >> TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE >> INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS >> MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF >> THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED >> FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION >> IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. >> > >> > >> > >> ------------------------------------------------------------------------ >> THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN >> TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE >> INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS >> MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF >> THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED >> FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION >> IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. >
	Re: Re: Re: Authentication and Authorization / OSGi by chadws :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I would like to write a service that could be deployed on OSGi, this service would take an HttpServletRequest and HttpServlet Response and be able to determine if the current user is authenticated. For example, we use a portal server that sets a cookie for our domain. If this cookie is set then we would call the server to determine if the user's session is still valid. If the request does not have a valid session and the Request contains the authentication credentials it should be able to log the user in or if the credentials are not valid return a message that would cause our applications to either deny access or send the user back to the login page. I can create a subject and populate it with the users roles in the authentication service, but what I don't know is where I put the subject or how I identify the subject to the easybeans container on the OSGi service so that my EJB security annotations are handled correctly. Is this a bad Idea? The problem I see with JAAS in a web system is that it works well for username/password authentication, but I don't know how to make it authenticate a user based on other attributes in the request and consequently I do know how one would go about implementing things like openId or oAuth using it alone. Someone mentioned a LoginModule that would take my subject and propogate the permissions to the Easybeans container, but I am not certain how this would be used in my situation as well so I am going to be doing more reading. Thanks, -- Chad >>> Guillaume Sauthier <guillaume.sauthier@...> 04/03/09 3:20 AM >>> I don't get what you want to do (your final goal). Is it the security system you just talk about ? If so, the authorization part is already handled by easybeans (using JACC and Permission). What easybaens standalone does not provide is a security realm that can be used to perform authentication... If you want to contribute one ... :) --G CHAD SKINNER a écrit : > I would like to implement a simple authentication and authorization > system for OSGi that would work with EJB annotations. Unfortunately, > in the past all I have done is to use these systems never implement > them. I would like to provide a simple RBAC that would create the > user's subject and populate it with the required roles. > > Unfortunately, Security seems to be one of the least documented > features in most systems and so I was wondering if anyone could point > me at some good documentation or source code that I could read to see > how the EJB authentication annotations are processed? > > Thanks again, > -- Chad > > > >>> Guillaume Sauthier <guillaume.sauthier@...> 4/2/2009 > 11:40 AM >>> > EasyBeans alone do not provide any security realm to authenticate users > against. > So it has to be used with with a "realm provider" (like JOnAS). > > EasyBeans "only" provides role based permission checking (ie the > @AllowedRoles annotations) and a SimpleLoginModule that can be used with > JAAS. > --G > > CHAD SKINNER a écrit : > > Are there any good resources / documents on how to authenticate > users in EasyBeans also, how does this integrate with OSGi with regard > to authentication and authorization? > > > > Thanks, > > Chad > > > > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN > TOPEKA, KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE > INFORMATION CONTAINED HEREIN MAY BE CONFIDENTIAL. IF THIS EMAIL HAS > MISTAKENLY BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF > THE ERROR BY REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED > FORWARDING, PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION > IN THIS EMAIL MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. > > > > > > > > ------------------------------------------------------------------------ > THIS EMAIL MESSAGE IS FROM THE TOPEKA PUBLIC SCHOOLS USD501 IN TOPEKA, > KANSAS AND IS INTENDED ONLY FOR THE ADDRESSEE. THE INFORMATION > CONTAINED HEREIN MAY BE CONFI> BEEN SENT TO YOU, PLEASE DELETE IT AFTER NOTIFYING US OF THE ERROR BY > REPLY EMAIL OR BY CALLING 785-295-3000. UNAUTHORIZED FORWARDING, > PRINTING, COPYING, DISTRIBUTING OR USING THE INFORMATION IN THIS EMAIL > MESSAGE IS STRICTLY PROHIBITED AND MAY BE UNLAWFUL. </guillaume.sauthier@...></guillaume.sauthier@...>