Bug 37748 - JNDIPrincipalStore that uses J2EE Container
Summary: JNDIPrincipalStore that uses J2EE Container
Status: NEW
Alias: None
Product: Slide
Classification: Unclassified
Component: Stores (show other bugs)
Version: Nightly
Hardware: Other other
: P2 normal (vote)
Target Milestone: ---
Assignee: Slide Developer List
Depends on:
Reported: 2005-12-02 03:00 UTC by Damien Bastin
Modified: 2005-12-01 18:15 UTC (History)
0 users

JndiPrincipalStore (36.86 KB, text/plain)
2005-12-02 03:04 UTC, Damien Bastin
AbstractPrincipalStore (12.06 KB, text/plain)
2005-12-02 03:04 UTC, Damien Bastin
J2EEPrincipalStore (7.30 KB, text/plain)
2005-12-02 03:07 UTC, Damien Bastin
WebDavServlet (13.85 KB, text/plain)
2005-12-02 03:11 UTC, Damien Bastin
J2EEWebdavServlet (609 bytes, text/plain)
2005-12-02 03:12 UTC, Damien Bastin
Example Domain.xml snip using the J2EEPrincipalStore (3.24 KB, text/plain)
2005-12-02 03:13 UTC, Damien Bastin

Note You need to log in before you can comment on or make changes to this bug.
Description Damien Bastin 2005-12-02 03:00:47 UTC
We wanted a new implementation of the way Slide handles Jndi Principal Stores to
fix the following issues:

    * JndiPrincipalStore directly accesses LDAP. We want to use a J2EE Container.
    * It stores the LDAP config principals as clear text.
    * It loads users and groups during the deployment and J2EE Container
startup. This isn't requried.
    * It doesn't map the full user names from LDAP.
    * J2EE JNDI nested groups don't work in JndiPrincipalStore. This generates
complicated ACL's and ACL scripts. 

We are using: Nightly 20051005042448

We have provided some code that changes the JNDIPrincipalStore by extracting an
AbstractPrincipalStore, and creates a J2EEPrincipalStore that extends it and
resolves the issues outlined above.
Comment 1 Damien Bastin 2005-12-02 03:04:05 UTC
Created attachment 17112 [details]

This now extends an AbstractPrincipalStore in order for the new
J2EEPrincipalStore to use some code from this class.
Comment 2 Damien Bastin 2005-12-02 03:04:50 UTC
Created attachment 17113 [details]
Comment 3 Damien Bastin 2005-12-02 03:07:23 UTC
Created attachment 17114 [details]

This is the new class that uses the J2EE principal store rather than accessing
LDAP directly. There is a call to isUserInRole() that requires the request. We
get this from threadlocal variable provided by extending the WebDavServlet (see
Comment 4 Damien Bastin 2005-12-02 03:11:52 UTC
Created attachment 17115 [details]

Slight changes to this class to allow us to extend it with J2EEWebDavServlet to
hook in the request the threadlocal so we can use it in the J2EEPrincipalStore.
Comment 5 Damien Bastin 2005-12-02 03:12:31 UTC
Created attachment 17116 [details]

adds the request to threadlocal
Comment 6 Damien Bastin 2005-12-02 03:13:22 UTC
Created attachment 17117 [details]
Example Domain.xml snip using the J2EEPrincipalStore