WCK

Has anyone gotten WCK to do authorization? I have the
JAASLoginModule.java coded so that it is adding roles
specific to our company to the m_roles object.  I know this
is working because of debug output. The problem I'm having
is that although the user logging in is not a member of the
"root" role, it is still being assigned
"root" priviledges. I know this because the logged
in user can change acls on the "/files"
collection. Only members of the "root" role can do
this. It seems like everything in the code is working as it
should... it seems like I'm missing some setting that turns
authorization on or something. Does anyone have any hints as
to what I might be doing wrong? Also, is there a way to get
the roles assigned to the currently logged in user? I tried
doing a propgetall on the user and it doesn't list the
roles. 
 
Thanks for your help with this. 
--Frank

 


************************************************************
*************
This communication, including attachments, is
for the exclusive use of addressee and may contain
proprietary,
confidential and/or privileged information.  If you are not
the intended
recipient, any use, copying, disclosure, dissemination or
distribution is
strictly prohibited.  If you are not the intended recipient,
please notify
the sender immediately by return e-mail, delete this
communication and
destroy all copies.
************************************************************
*************



------------------------------------------------------------
---------
To unsubscribe, e-mail: slide-user-unsubscribejakarta.apache.org
For additional commands, e-mail: slide-user-helpjakarta.apache.org

Frank:

I am not a 100% sure, but I think WCK is too abstract for
you to control
authorization. As far as I can tell, authentication is as
far as WCK
built-in functionality goes. I don't see any spot where WCK
actually checks
against JAAS for roles. However, you could implement this
yourself in your
custom store by checking the Principal's roles in your
methods and throw an
AccessDeniedException as you see fit.

Reza

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzothehartford.com] 
Sent: Sunday, January 28, 2007 3:47 PM
To: Slide Users Mailing List
Subject: WCK

Has anyone gotten WCK to do authorization? I have the
JAASLoginModule.java
coded so that it is adding roles specific to our company to
the m_roles
object.  I know this is working because of debug output. The
problem I'm
having is that although the user logging in is not a member
of the "root"
role, it is still being assigned "root"
priviledges. I know this because the
logged in user can change acls on the "/files"
collection. Only members of
the "root" role can do this. It seems like
everything in the code is working
as it should... it seems like I'm missing some setting that
turns
authorization on or something. Does anyone have any hints as
to what I might
be doing wrong? Also, is there a way to get the roles
assigned to the
currently logged in user? I tried doing a propgetall on the
user and it
doesn't list the roles. 
 
Thanks for your help with this. 
--Frank

 


************************************************************
*************
This communication, including attachments, is
for the exclusive use of addressee and may contain
proprietary,
confidential and/or privileged information.  If you are not
the intended
recipient, any use, copying, disclosure, dissemination or
distribution is
strictly prohibited.  If you are not the intended recipient,
please notify
the sender immediately by return e-mail, delete this
communication and
destroy all copies.
************************************************************
*************



-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.14/658 - Release
Date: 1/29/2007
2:49 PM
 
  

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.14/658 - Release
Date: 1/29/2007
2:49 PM
 


------------------------------------------------------------
---------
To unsubscribe, e-mail: slide-user-unsubscribejakarta.apache.org
For additional commands, e-mail: slide-user-helpjakarta.apache.org