[Registry-dev] Authentication and Authorization implementation

Chathura C. Ekanayake chathura at wso2.com
Sat Sep 29 04:10:16 PDT 2007 

Hi Jonathan,

Now Registry and the User Manager both work with the in-memory database.
So there is no need set up an external database!

Below are the steps to get it going...

1) Check out the latest Registry code.

2) Build the Registry using "mvn clean install".

3) Copy the file "modules/webapps/target/wso2registry.war" to the 
<tomcat-home>\webapps folder.

4) Place the user.default.sql file in some folder (e.g. C:\user.default.sql)

5) Edit the <tomcat-home>\webapps\wso2registry\WEB-INF\web.xml file to 
contain the following entry.

<init-param>
            <param-name>sqlFilePath</param-name>
            <param-value>C:\user.default.sql</param-value>
</init-param>

6) Start tomcat

7) Open a browser and point it to http://localhost:8080/wso2registry

8) Select edit and sign in as username: admin, password: admin

9) Now you can do any thing with the registry. Add new users and give 
them permissions.
Currently only below permissions are supported:
put - Add or edit resources
get - read resources
delete - delete resources

For example if you want the user "jonathan" to allow reading a resource 
at path /mashups/games/sudoku,
fill the text boxes in "Grant permission" section as
User name - jonathan
Path - /mashups/games/sudoku
Action - get

Thanks,
Chathura

> These instructions are too sketchy for me to get working.  After a lot of
> fiddling and help from Prasad I still only got halfway, as described below.
> Where have I gone wrong?
>
> Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com
>  
>
>   
>> -----Original Message-----
>> From: registry-dev-bounces at wso2.org [mailto:registry-dev-
>> bounces at wso2.org] On Behalf Of Chathura C. Ekanayake
>> Sent: Friday, September 28, 2007 1:02 AM
>> To: registry-dev at wso2.org
>> Subject: [Registry-dev] Authentication and Authorization implementation
>>
>>
>> Hi,
>>
>> I have done the first stage of the authentication and authorization
>> implementation based on the User Manager.
>> As a result now you won't be able to even browse the registry without
>> signing in :) as anonymous user doesn't have GET permissions for any
>> collection by default.
>>
>> This is how to configure and start to work with the registry.
>>
>> 1) Configure the following parameters in the web.xml file of the
>> wso2registry webapp:
>>
>>         <init-param>
>>             <param-name>sqlFilePath</param-name>
>>
>> <param-value>/home/user/usermanager/resources/user.default.sql</param-
>> value>
>>     
>
> Presumably this value gets set to the location of the user.default.sql.
> E.g. on Windows "C:\user.default.sql".
>
>   
>>         </init-param>
>>         <init-param>
>>             <param-name>dbURL</param-name>
>>
>> <param-value>jdbc:derby:/home/user/usermanager/umdb</param-value>
>>         </init-param>
>>     
>
> Presumably the value "jdbc:derby:umdb" would be fine too.
>
>   
>>         <init-param>
>>             <param-name>driver</param-name>
>>             <param-value>org.apache.derby.jdbc.EmbeddedDriver</param-
>> value>
>>         </init-param>
>>
>> user.default.sql file is shipped with the User Manager. I have attached
>> it to this mail. You have to create a database using the attached
>> create_db.sql file, which is also bundled with the User Manager. We can
>> omit this configuration once the User Manager starts to support Data
>> Sources.
>>     
>
> This is by 
> 1) downloading and unzipping Derby (10.3) from
> http://db.apache.org/derby/derby_downloads.html
> 2) add DERBY_HOME environment variable with the path of the unzipped derby
> directory
> 3) add %DERBY_HOME%/bin (Windows) to the PATH variable
> 4) execute /bin/ij
> 5) type "CONNECT 'jdbc:derby:umdb;create=true';
> 6) copy create_db.sql to the derby/bin directory
> 7) type "run 'create_db.sql'"
> 8) type "show tables;" to verify tables were correctly created.
>
> Do we need to execute "startNetworkService" as well?  Tried it with no
> effect.
>
>   
>> 2) Configure a datasource named jdbc/WSO2RegistryDB in the servlet
>> container. If this is not done, Registry will use the HSQL in-memory
>> database.
>>     
>
> Not sure what you mean, but I added this to the Tomcat/conf/server.xml
> without avail:
>
> <Resource name="jdbc/WSO2RegistryDB" 
>               type="javax.sql.DataSource"  auth="Container"
>               description="Derby database for UserManager"
>               maxActive="100" maxIdle="30" maxWait="10000"
>               username="" password="" 
>               driverClassName="org.apache.derby.jdbc.EmbeddedDriver"
>               url="jdbc:derby:umdb" />
>
>   
>> 3) Go to the edit UI. Sign in with the user name: admin and
>> password:admin. Now you have all the permissions and can perform any
>> action.
>>     
>
> Did a mvn clean install of the registry and moved the war to Tomcat.  The
> trivial first page works, but in the edit view the Registry gives an
> exception "Could not connect to the database."
>
>   
>> 4) Add some users and give them required permissions. Then sign in as
>> the newly created users and try to perform authorized and unauthorized
>> operations.
>> You will be given an authorization failure message when you try to
>> perform unauthorized operations.
>>
>> Comments...
>>     
>
> Help!
>
>   
>> Thanks,
>> Chathura
>>     
>
>
> _______________________________________________
> Registry-dev mailing list
> Registry-dev at wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
>
>

More information about the Registry-dev mailing list