JBoss Portal & Acegi

[engela]

I am thinking of using Acegi in a JBoss Portal to
- Authenticate a user
- Restrict access to accessing Portal Pages
- Implement a fine-grained authorization within the portlets, which will be based on the Spring Portlet MVC framework

Has anyone used Ageci for authentication and authorization within JBoss Portal?

Thanks,

Anette

[karldmoore]

I would try search for this, I'm pretty sure I've seen this brought up a few times.
e.g.
http://forum.springframework.org/showthread.php?t=22971

[engela]

The subject came up in a few posts but none of them is sufficient for me to understand how to integrate Acegi Security in the JBoss Portal . At the moment I am mainly interested in Authentication and retrieving the user roles as the basic coarse-grained Authorization for Portal Pages and Portlet Instance is sufficient for me to start with. At a later stage I would like to integrate Acegi Security into portlets for a more fine-grained authorization within a portlet.

JBossAcegiLoginModule
----------------------
In the JBoss Portal you can change the Authentication by adding a new login-module for the portal in the login.config.xml in JBOSS_HOME/server/default/deploy/jboss-portla.sar/conf/ looks. A login-module has to implenent the javax.security.auth.spi.LoginModule interface. There a few existing implemenations e.g UsersRolesLoginModule or org.jboss.security.auth.spi.LdapExtLoginModule. An Example:

<application-policy name="portal">
<login-module code="org.jboss.portal.identity.auth.IdentityLogin Module" flag="sufficient">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginM odule" flag = "required">
<module-option name="usersProperties">props/portal-users.properties</module-option>
<module-option name="rolesProperties">props/portal-roles.properties</module-option>
</login-module>
</application-policy>

I noticed the org.acegisecurity.adapters.jboss.JbossAcegiLoginMo dule, which I assume implements the LoginModule interface. Can I use this module to integrate Acegi with the JBoss Portal? If yes how do I configure the login-module.xml?

When securing a web application using Acegi I would configure authentication and authorization in a xml file e.g. the applicationContext-acegi-security.xml in the Acegi Security Tutorial Sample and the configuration for the Acegi Filter Chain Proxy to the web.xml of my web application. How would I configure authentication when Integrating Acegi in the JBoss Portal?

JAAS
-----
Since JBoss Security is based on JAAS another option to integrate Acegi in JBoss Portal might to delegate authentication requests to the Java Authentication and Authorization Service (JAAS) (see http://acegisecurity.org/docbook/acegi.html#jaas). Not sure if that would be a viable option and I would have to implement a JAAS AuthorityGranter.

Best Regards,

Anette