Choosing 'Custom' security model munges my <security> content

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Choosing 'Custom' security model munges my <security> content

James CE Johnson
When I use the UI to set the Security Model to Custom, I loose the
anonymousAccessEnabled and authenticationSource values in my nexus.xml
file. Shouldn't it leave things alone in that scenario?

Thanks,
James



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Choosing 'Custom' security model munges my <security> content

Tamas Cservenak
Well, no. But the path you walk is unfinished in beta-3.1 :)

The idea with "custom" was to give custom components to nexus (in 3.1 by manually editing the nexus.xml) and manually configure those.
The nexus in this case simply cleans all existing settings.

The authenticationSource and realm is actually just plexus components, so you should provide you own "customized" components here.

~t~

On Wed, 2008-06-11 at 15:26 -0400, James CE Johnson wrote:
When I use the UI to set the Security Model to Custom, I loose the
anonymousAccessEnabled and authenticationSource values in my nexus.xml
file. Shouldn't it leave things alone in that scenario?

Thanks,
James



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Choosing 'Custom' security model munges my <security> content

James CE Johnson
Hi Tamas,

> Well, no. But the path you walk is unfinished in beta-3.1 :)

Indeed! But that's what makes it interesting :->

BTW: I'm doing my OpenSSO integration on the nexus-security branch but
there doesn't seem to have been any activity there in the last week or so.
Should I be looking to the trunk or elsewhere?

> The idea with "custom" was to give custom components to nexus (in 3.1 by
> manually editing the nexus.xml) and manually configure those.
> The nexus in this case simply cleans all existing settings.

OK. So it *should* leave them alone to support manual editing but it isn't
currently implemented that way.

> The authenticationSource and realm is actually just plexus components,
> so you should provide you own "customized" components here.

Right. Part of my difficultly is that I'm new to Plexus so the learning
curve has a bit more of an incline for me...

In GlobalConfigurationResourceHandler.put() I've found a bit of
hard-coding around the value of the selected security configuration. I
suspect that would change if your ultimate goal is to support pluggable
auth implementations?

>
> ~t~
>
> On Wed, 2008-06-11 at 15:26 -0400, James CE Johnson wrote:
>
>> When I use the UI to set the Security Model to Custom, I loose the
>> anonymousAccessEnabled and authenticationSource values in my nexus.xml
>> file. Shouldn't it leave things alone in that scenario?
>>
>> Thanks,
>> James



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Choosing 'Custom' security model munges my <security> content

Brian E. Fox
James,
We are entirely focused on testing and bug fixing beta-4 right now, but
as soon as that is done this week, we will be actively working on the
beta-5 which will include the security work. This branch was a proof of
concept and may get merged into the trunk when we do that. (I originally
pointed you here more to see the diffs so you could see where/how we
were looking at making changes)

Also, FYI, the system time on your emails is wrong...

-----Original Message-----
From: James CE Johnson [mailto:[hidden email]]
Sent: Wednesday, June 11, 2008 4:01 PM
To: [hidden email]
Subject: Re: [nexus-dev] Choosing 'Custom' security model munges my
<security> content

Hi Tamas,

> Well, no. But the path you walk is unfinished in beta-3.1 :)

Indeed! But that's what makes it interesting :->

BTW: I'm doing my OpenSSO integration on the nexus-security branch but
there doesn't seem to have been any activity there in the last week or
so.
Should I be looking to the trunk or elsewhere?

> The idea with "custom" was to give custom components to nexus (in 3.1
by
> manually editing the nexus.xml) and manually configure those.
> The nexus in this case simply cleans all existing settings.

OK. So it *should* leave them alone to support manual editing but it
isn't
currently implemented that way.

> The authenticationSource and realm is actually just plexus components,
> so you should provide you own "customized" components here.

Right. Part of my difficultly is that I'm new to Plexus so the learning
curve has a bit more of an incline for me...

In GlobalConfigurationResourceHandler.put() I've found a bit of
hard-coding around the value of the selected security configuration. I
suspect that would change if your ultimate goal is to support pluggable
auth implementations?

>
> ~t~
>
> On Wed, 2008-06-11 at 15:26 -0400, James CE Johnson wrote:
>
>> When I use the UI to set the Security Model to Custom, I loose the
>> anonymousAccessEnabled and authenticationSource values in my
nexus.xml
>> file. Shouldn't it leave things alone in that scenario?
>>
>> Thanks,
>> James



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Choosing 'Custom' security model munges my <security> content

James CE Johnson
Hi Brian,

> James,
> We are entirely focused on testing and bug fixing beta-4 right now,

Ah. I wasn't aware of that. Sorry.

>  but
> as soon as that is done this week, we will be actively working on the
> beta-5 which will include the security work. This branch was a proof of
> concept and may get merged into the trunk when we do that. (I originally
> pointed you here more to see the diffs so you could see where/how we
> were looking at making changes)

OK. That makes sense.

I've pretty much got the OpenSSO integration working though there are some
rough edges. The diff is just at 200 lines plus five new classes, two new
properties files and the OpenSSO jar dependency. It sounds like I should
hold off and leave ya'll alone until you have the new security stuff in
the trunk?

> Also, FYI, the system time on your emails is wrong...

eh? The last one I sent shows up as 4:01 which agrees with my watch. We're
currently GMT-4 here in Atlanta. It's about 4:20 now as I send this one.

>
> -----Original Message-----
> From: James CE Johnson [mailto:[hidden email]]
> Sent: Wednesday, June 11, 2008 4:01 PM
> To: [hidden email]
> Subject: Re: [nexus-dev] Choosing 'Custom' security model munges my
> <security> content
>
> Hi Tamas,
>
>> Well, no. But the path you walk is unfinished in beta-3.1 :)
>
> Indeed! But that's what makes it interesting :->
>
> BTW: I'm doing my OpenSSO integration on the nexus-security branch but
> there doesn't seem to have been any activity there in the last week or
> so.
> Should I be looking to the trunk or elsewhere?
>
>> The idea with "custom" was to give custom components to nexus (in 3.1
> by
>> manually editing the nexus.xml) and manually configure those.
>> The nexus in this case simply cleans all existing settings.
>
> OK. So it *should* leave them alone to support manual editing but it
> isn't
> currently implemented that way.
>
>> The authenticationSource and realm is actually just plexus components,
>> so you should provide you own "customized" components here.
>
> Right. Part of my difficultly is that I'm new to Plexus so the learning
> curve has a bit more of an incline for me...
>
> In GlobalConfigurationResourceHandler.put() I've found a bit of
> hard-coding around the value of the selected security configuration. I
> suspect that would change if your ultimate goal is to support pluggable
> auth implementations?
>
>>
>> ~t~
>>
>> On Wed, 2008-06-11 at 15:26 -0400, James CE Johnson wrote:
>>
>>> When I use the UI to set the Security Model to Custom, I loose the
>>> anonymousAccessEnabled and authenticationSource values in my
> nexus.xml
>>> file. Shouldn't it leave things alone in that scenario?
>>>
>>> Thanks,
>>> James
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Choosing 'Custom' security model munges my <security> content

Brian E. Fox

>> We are entirely focused on testing and bug fixing beta-4 right now,
>Ah. I wasn't aware of that. Sorry.

No prob, I didn't mean to imply you were bugging us...just explaining
why no activity is happening on that branch right now. ;-) It's as far
as we can go before we make more changes in Nexus.


>I've pretty much got the OpenSSO integration working though there are
some
>rough edges. The diff is just at 200 lines plus five new classes, two
new
>properties files and the OpenSSO jar dependency. It sounds like I
should
>hold off and leave ya'll alone until you have the new security stuff in
>the trunk?

Well there is a good risk that some of this will change since we haven't
completely defined all the interfaces. So you can continue to work on
the integration but I would keep that in mind so you can adapt as we
move forward. We will make a conscious effort to document what we are
doing as we figure it out so we don't leave you in the dark. We are also
on the #nexus channel on irc.codehaus.org.

>> Also, FYI, the system time on your emails is wrong...
>eh? The last one I sent shows up as 4:01 which agrees with my watch.
We're
>currently GMT-4 here in Atlanta. It's about 4:20 now as I send this
one.

Exactly, but when I receive it, it said 4:37:  (and it's still only
4:27)

-----Original Message-----
From: James CE Johnson [mailto:[hidden email]]
Sent: Wednesday, June 11, 2008 4:37 PM
To: [hidden email]
Subject: RE: [nexus-dev] Choosing 'Custom' security model munges my
<security> content

Weird.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]