'RE: RE: Are default Domail.xml/web.xml roles consistent?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       slide-user
Subject:    RE: RE: Are default Domail.xml/web.xml roles consistent?
From:       Mark.Papiani () ubsw ! com
Date:       2001-05-31 14:32:29
[Download RAW message or body]

["BDY.TXT" (text/plain)]

Sorry to be persistent but I would love to get this working correctly 
... I am very close. I still need a little help with 
user/roles/permissions in Domain.xml.

Everything is working fine with Tomcat 3.2.1/Slide 1.0.10/MySQL, except 
locking. GET, PUT work fine for content in MySQL.

Problem:
*** I use 3 clients: Dav Explorer, Web Folders and DreamWeaver, and 
regardless of who I logon to slide as (and which client I use) the 
locks table in MySQL always shows the subject as /users/root. I can 
add/remove locks from any of my client apps as any user. John can 
remove root's locks etc.

Is there something in my config files that allows this?  I have 
attached my full tomcat-user.xml, Domain.xml and web.xml.

I am fairly happy that tomcat-user defines 3 users root, guest, john 
with roles root, guest, john. web.xml allows all the webDav methods to 
be executed by root, guest, john in the security-constraint tag.

I am still lost with Domain.xml. Is this causing my problem?

If anyone can restructure my Domain.xml so that it does not allow root, 
john, guest to add/remove locks always as subject /users/root then I 
would be very grateful.

Alternatively a little more info on the authorisation in Domain.xml as 
per my request below might get me there.

Many Thanks
Mark



>From: "Remy Maucherat" <remm@apache.org>
>Reply-To: slide-user@jakarta.apache.org
>To: <slide-user@jakarta.apache.org>, <papiani@computer.org>
>Subject: Re: RE:RE: Are default Domail.xml/web.xml roles consistent?
>Date: Thu, 31 May 2001 00:44:46 -0700
>
> > I'm just installing the new slide 1.0.10 release and would like to 
>revisit
> > my question about the consistency of roles defined in 
Domail.xml/web.xml
> > (partial file contents pated in below).
> >
> > Domain.xml:
> > <role name="admin">slideroles.basic.RootRole</role>
> > <role name="guest">slideroles.basic.GuestRole</role>
> > ...
> >         <permission action="/actions" subject="admin"/>
> >         <permission action="/actions/read" subject="user"
> > ...
> >           <objectnode classname="slideroles.basic.GuestRoleImpl"
> >            uri="/users/guest">
> >             <revision>
> >               <property name="password"></property>
> >             </revision>
> >           </objectnode>
> >
> >         </objectnode>
> > ...
> >
> >           <objectnode classname="slideroles.basic.RootRoleImpl"
> >            uri="/users/root">
> >             <revision>
> >               <property name="password">root</property>
> >             </revision>
> >           </objectnode>
> >
> > web.xml:
> > -------
> >
> >   <!--security-constraint>
> >     <web-resource-collection>
> >       <web-resource-name>DAV resource</web-resource-name>
> >       <url-pattern>/*</url-pattern>
> >       <http-method>COPY</http-method>
> >       <http-method>DELETE</http-method>
> >       <http-method>GET</http-method>
> >       <http-method>HEAD</http-method>
> >       <http-method>LOCK</http-method>
> >       <http-method>MKCOL</http-method>
> >       <http-method>MOVE</http-method>
> >       <http-method>OPTIONS</http-method>
> >       <http-method>POST</http-method>
> >       <http-method>PROPFIND</http-method>
> >       <http-method>PROPPATCH</http-method>
> >       <http-method>PUT</http-method>
> >       <http-method>UNLOCK</http-method>
> >     </web-resource-collection>
> >     <auth-constraint>
> >       <role-name>root</role-name>
> >       <role-name>guest</role-name>
> >     </auth-constraint>
> >   </security-constraint>
> >
> >   <security-constraint>
> >     <web-resource-collection>
> >       <web-resource-name>Manager</web-resource-name>
> >       <url-pattern>/manager/*</url-pattern>
> >       <http-method>GET</http-method>
> >       <http-method>POST</http-method>
> >     </web-resource-collection>
> >     <auth-constraint>
> >       <role-name>root</role-name>
> >     </auth-constraint>
> >   </security-constraint>
> >
> >
> > Could anyone explian how this fits together. I have tried the
>documentation
> > but do not understand.
> >
> > The web.xml says that the methods are available to root and guest 
on 
>path
> > /*. I have these roles setup in tomcat-users.conf. This I 
understand.
> >
> > The Domain.xml confuses me ...
> >
> > Domain.xml seems to assign a few roles e.g. <role
> > name="admin">slideroles.basic.RootRole</role>
> >
> > at the top, but does not seem to use these roles?
> >
> > e.g.
> >
> >
> >         <permission action="/actions" subject="admin"/>
> >
> > and then,
> >
> >
> >           <objectnode classname="slideroles.basic.RootRoleImpl"
> >            uri="/users/root">
> >             <revision>
> >               <property name="password">root</property>
> >             </revision>
> >           </objectnode>
> >
> > This last part seems to use the whole classname
> > slideroles.basic.RootRoleImpl
> >
> > to assign this level of access to root?
> >
> > So why define:
> >
> > <role name="admin">slideroles.basic.RootRole</role>
> >
> > at the top?
> >
> >
> > Any help with this or a few sentences to explain how all this fits 
would
>be
> > much appreciated.
>
>Yes, it's indeed confusing, between :
>- the user names declared in the servlet container realm
>- the security constraint roles
>- the Slide users
>- the Slide roles (and esp the class names which are different from 
the 
>role
>name)
>
>I'll try to modify the default configuration so that it's less 
confusing.
>A nice way to reduce the amount of different types of roles / users in 
your
>system is to try to use the SlideRealm + Catalina. In the past, 
versions of
>Tomcat 4 packaged with Slide were avalilable, but it was very time 
>consuming
>to maintain the packaging as both products evolved a lot. Now that TC 
4 is
>more stable (as well as Slide), I think it would be a good idea to 
start
>again.
>
>Remy
>

________________________________________________________________________
_
Get Your Private, Free E-mail from MSN Hotmail at 
http://www.hotmail.com.


["tomcat-users.xml" (application/octet-stream)]
["Domain.xml" (application/octet-stream)]
["web.xml" (application/octet-stream)]
["disclaim.txt" (text/plain)]

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic