Jahia Dev Forum > Delegating Authorization...

0 (0 Good)
0 (0 Bad)

Delegating Authorization of external app to Jahia

by  gregor »  2011/06/07 20:47

Hi there,

first off: I'm referring to Jahia 6.1

- Debian 6.0
- Tomcat 6.0

We want to migrate our existing websites to Jahia.

However, those websites contain some Servlets, which we'd like to integrate into Jahia.

Since we'd like to re-use those servlets, the idea is to deploy them as a war-file, each having their own context. They will be called from within our webpages hostest in Jahia simply via a URL, each servlet will open in it's own window.

Now comes the catch:

All our website are read-protected, meaning, you have to be registered to access any content.

Currently, we are using Tomcat's container-based security-mechanism.

Our goal is to delegate the authorization-stuff to Jahia.

The problem:

I've got no idea what type of AAA Jahia is using, and the docs just give very little information here.

I thought I just had to include a filter into the servlet's web.xml, and that would be it, but I have no idea where to start.

Could anyone here enlighten me

- what kind of AAA-mechanism is Jahia using anyways?
- point me to a simple example of a Servlet being integrated into Jahia with AAA-delegation (that would be my xmas-whish)
- point me to some techical- / developer's readups about the AAA-mechanism inside Jahia

Any useful answer will rapidly increase your personal karma wink

Cheers

Gregor

  • Delegating Authorization of external app to Jahia
    2011/07/08 12:10

    gregor <p> Hi there,<br /> <br /> first off: I&#39;m referring to Jahia 6.1<br /> <br /> - Debian 6.0<br /> - Tomcat 6.0<br /> <br /> We want to migrate our existing websites to Jahia.<br /> <br /> However, those websites contain some Servlets, which we&#39;d like to integrate into Jahia.<br /> <br /> Since we&#39;d like to re-use those servlets, the idea is to deploy them as a war-file, each having their own context. They will be called from within our webpages hostest in Jahia simply via a URL, each servlet will open in it&#39;s own window.<br /> <br /> Now comes the catch:<br /> <br /> All our website are read-protected, meaning, you have to be registered to access any content.<br /> <br /> Currently, we are using Tomcat&#39;s container-based security-mechanism.<br /> <br /> Our goal is to delegate the authorization-stuff to Jahia.<br /> <br /> The problem:<br /> <br /> I&#39;ve got no idea what type of AAA Jahia is using, and the docs just give very little information here.<br /> <br /> I thought I just had to include a filter into the servlet&#39;s web.xml, and that would be it, but I have no idea where to start.<br /> <br /> Could anyone here enlighten me<br /> <br /> - what kind of AAA-mechanism is Jahia using anyways?<br /> - point me to a simple example of a Servlet being integrated into Jahia with AAA-delegation (that would be my xmas-whish)<br /> - point me to some techical- / developer&#39;s readups about the AAA-mechanism inside Jahia<br /> <br /> Any useful answer will rapidly increase your personal karma <img alt="wink" height="20" src="https://www.jahia.com/modules/assets/javascript/ckeditor/plugins/smiley/images/wink_smile.gif" title="wink" width="20" /><br /> <br /> Cheers<br /> <br /> Gregor</p>

  • Number of messages  11
    Registration date Jun 7, 2011
    0 (0 Good)
    0 (0 Bad)

    Re: Delegating Authorization of external app to Jahia

    by  pilak »  2011/06/07 20:47

    Excuse me, what is AAA ?
    Actually, I think, a quick look at web.xml of Jahia would helps you.

    Regards.
  • Re: Delegating Authorization of external app to Jahia
    2011/06/07 20:47

    pilak Excuse me, what is AAA ?<br/>Actually, I think, a quick look at web.xml of Jahia would helps you.<br/><br/>Regards.

  • Number of messages  14
    Registration date Jun 7, 2011
    0 (0 Good)
    0 (0 Bad)

    Re: Delegating Authorization of external app to Jahia

    by  gregor »  2011/06/07 20:47

    AAA: http://en.wikipedia.org/wiki/AAA_protocol

    In short: Access / Authorization (Accounting is not needed)

    And no, the deployment-descriptor of Jahia's ROOT-app doesn't help at all, as does the "documentation" (please note I put that between quotes...)

    I'd already be happy if somebody could let me know abot the AA-system being used:

    - is it homegrown? if so, which packages cionatin the code?
    - is it a 3rd-party-component? if so, which one?

    I'm aware that Jahia is using CAS on their extra-net, so I started to read up CAS, however, Jahia's configuration doesn't look like what the CAS-guys are writing within their docs.

    And I'm really wondering if I'm the first one having such a request (embedding legacy-webapps).

    Regards

    Gregor

  • Re: Delegating Authorization of external app to Jahia
    2011/07/08 12:10

    gregor <p> AAA:&nbsp;<a href="http://en.wikipedia.org/wiki/AAA_protocol">http://en.wikipedia.org/wiki/AAA_protocol</a><br /> <br /> In short: Access / Authorization (Accounting is not needed)<br /> <br /> And no, the deployment-descriptor of Jahia&#39;s ROOT-app doesn&#39;t help at all, as does the &quot;documentation&quot; (please note I put that between quotes...)<br /> <br /> I&#39;d already be happy if somebody could let me know abot the AA-system being used:<br /> <br /> - is it homegrown? if so, which packages cionatin the code?<br /> - is it a 3rd-party-component? if so, which one?<br /> <br /> I&#39;m aware that Jahia is using CAS on their extra-net, so I started to read up CAS, however, Jahia&#39;s configuration doesn&#39;t look like what the CAS-guys are writing within their docs.<br /> <br /> And I&#39;m really wondering if I&#39;m the first one having such a request (embedding legacy-webapps).<br /> <br /> Regards<br /> <br /> Gregor</p>

  • Number of messages  11
    Registration date Jun 7, 2011
    0 (0 Good)
    0 (0 Bad)

    Re: Delegating Authorization of external app to Jahia

    by  pilak »  2011/06/07 20:47

    Do you have the source code of Jahia ?
    If not, try to checkout it ...
    I don't understand very well what you mean or are attempting for.
    Do you want to develop, admin, plug ... ?
  • Re: Delegating Authorization of external app to Jahia
    2011/06/07 20:47

    pilak Do you have the source code of Jahia ?<br/>If not, try to checkout it ...<br/>I don't understand very well what you mean or are attempting for.<br/>Do you want to develop, admin, plug ... ?

  • Number of messages  14
    Registration date Jun 7, 2011
    0 (0 Good)
    0 (0 Bad)

    Re: Delegating Authorization of external app to Jahia

    by  gregor »  2011/06/07 20:47

    I want to do something quite simple:

    I do have a legacy servlet. However, this servlet should only be available if yiu are a registered user.

    So my idea was, to use Jahia's authorization-mechanism to protect this servlet. The servlet itself will be called via a url from a page hosted inside Jahia.

    Shouldn't be all that difficult, right? Well, that was what I thought.

    An option would be to convert this servlet into a portlet and deploy it inside Jahia, but the conversion is way too much of effort.

    I could also integrate the servlet into Jahia's ROOT-app, but since we do have around 30 servlets to be integrated, that would only mess up Jahia's deployment-descriptor, which is - from my point of view - already way too big.
    Besides, if I go for this solution, we would get problems if we want to re-deploy those servlets, sinde we had to re-deploy the whole ROOT-app.

    Meanwhile, I'm trying to create a detacher-servlet hosted inside Jahia's ROOT-app which then calls the other servlets in their own contexts, but that doesn't really work since although authorized via Jahia, javax.security.Principal seems to be null - meaning, I'm running out of options now.

    And yes, I do have the source-code, but withought somebody pointing me to the right direction, I feel completely lost in here.

    Regards

    Gregor
  • Re: Delegating Authorization of external app to Jahia
    2011/06/07 20:47

    gregor I want to do something quite simple:<br/><br/>I do have a legacy servlet. However, this servlet should only be available if yiu are a registered user.<br/><br/>So my idea was, to use Jahia's authorization-mechanism to protect this servlet. The servlet itself will be called via a url from a page hosted inside Jahia.<br/><br/>Shouldn't be all that difficult, right? Well, that was what I thought.<br/><br/>An option would be to convert this servlet into a portlet and deploy it inside Jahia, but the conversion is way too much of effort.<br/><br/>I could also integrate the servlet into Jahia's ROOT-app, but since we do have around 30 servlets to be integrated, that would only mess up Jahia's deployment-descriptor, which is - from my point of view - already way too big.<br/>Besides, if I go for this solution, we would get problems if we want to re-deploy those servlets, sinde we had to re-deploy the whole ROOT-app.<br/><br/>Meanwhile, I'm trying to create a detacher-servlet hosted inside Jahia's ROOT-app which then calls the other servlets in their own contexts, but that doesn't really work since although authorized via Jahia, javax.security.Principal seems to be null - meaning, I'm running out of options now.<br/><br/>And yes, I do have the source-code, but withought somebody pointing me to the right direction, I feel completely lost in here.<br/><br/>Regards<br/><br/>Gregor

  • Number of messages  11
    Registration date Jun 7, 2011
    0 (0 Good)
    0 (0 Bad)

    Re: Delegating Authorization of external app to Jahia

    by  shuber »  2011/06/07 20:47

    Hello Gregor,

    Not sure what your exact requirements are, but if I understand you correctly, maybe the best way to integrate your servlet would be in add it in Jahia's context, and then setup a servlet filter that would control access to it. You could then check if there is a user in the session before delegating to the servlet, or do whatever setup you need.

    Here is an example on how to retrieve the user from the session :

    jahiaUser = (JahiaUser) session.getAttribute(ProcessingContext.SESSION_USER);

    You could then for example use a request wrapper to do whatever the legacy servlet needs.

    I hope this helps,

    Best regards,
    Serge Huber.

    Serge Huber (shuber)

    Number of messages  271
    Registration date
    Contact
    Share
    Feedback

    Get in touch

    Whether you are a current user or if you are just evaluating Jahia, we are here to help.

    Contact us

    Share this page