Frequently Asked Questions

Last modified by RaffaelloPelagalli on 2006/02/27 17:38

Frequently Asked Questions

  1. How does work authentication on jGuard?
  2. How can i configure jGuard to authenticate against an LDAP directory?
  3. How can i configure jGuard to authenticate against a Kerberos system?
  4. How can i configure jGuard to authenticate against the NT/Unix/Solaris host system?
  5. How to add support of a database on the authorization system?
  6. AccessFilter automatically tries to log me in as 'guest'.Why should there be a "default" user in jGuard? Isn't that a security issue?
  7. Can i create a permission not bound to a Domain?
  8. What is the role of logonProcessURI?
  9. I've got a stack trace at startup with java.lang.NoClassDefFoundError: net/sf/jguard/security/JGuardPolicy

How does work authentication on jGuard?

jGuard authenticates users (with the help of JAAS), through a stack of LoginModules.

How can I configure jGuard to authenticate against an LDAP directory?

jGuard provides some convenient LoginModules, but currently, there is no loginModule dedicated to LDAP authentication (it is planned for the next release). So, the solution is to use a LoginModule provided by sun directly with the Java Runtime Environment(JRE). to do it, you just have to declare in the 'loginmodules' field this one: com.sun.security.auth.module.JndiLoginModule note that this loginmodule connects to LDAP through the JNDI abstraction layer. More details provided at the corresponding page It exists others LoginModule implementations which do the same stuff. the only requirement is only to implements the LoginModule interface.

How can i configure jGuard to authenticate against a Kerberos system?

You can configure jGuard to authenticate through a Kerberos system. The loginModule to use is the one provided by sun: com.sun.security.auth.module.Krb5LoginModule. More information is provided here.

How can i configure jGuard to authenticate against the NT/Unix/Solaris host system?

jGuard can authenticate with any provided LoginModules implementations. Here are the one provided by sun.

How to add support of a database on the authorization system?

You have to inherit from the JdbcAuthorizationManager class (present in the net.sf.jguard.authorization package) to create a specific 'MyDatabaseAuthorizationManager'. the specific parts of each implementation are the SQL requests. the JdbcAuthorizationmanager defines dummy SQL requests you have to override in the public void assemblySQLStatements() method . Note that table names are defined at startup, because user can customize them. and that's all you have to do! example:

public void assemblySQLStatements() {
    String ROLES = " select name from " + jgAppRole;
    ......
    ......
    super.ABS_ROLES = ROLES;
}

AccessFilter automatically tries to log me in as 'guest'.Why should there be a "default" user in jGuard? Isn't that a security issue?

jGuard automatically authenticates you as 'Guest' by default. It is not a security issue, it is a design choice. To fulfill your security requirements, you can configure that guest (unauthorized users) to not have access to your protected pages. How do you do this? => Configure the Guest role with no permissions. The guest user will only have access to 'login page' and 'access denied page' (access is always granted to these pages).

Can i create a permission not bound to a Domain?

"I didn't want to associate a domain to the permission because this permission is alone in a functional point of view."

all permission must belong to a domain. to solve your problem, it is suitable to create a 'default' domain which will regroup "orphan permissions". but it is not mandatory to assign this domain to a role (this domain hasn't got any "functional meaning"). you will only assign some permissions of this domain to the role. the reason to always assign a domain to a permission, is to be sure that the sum of permissions of all domains contains all the permissions declared in the application.

What is the role of logonProcessURI?

logonProcessURI is the way jGuard receive credentials through FORM authentication. the html form which contains your login and password will send these informations to this special URI interecepted by jGuard. jGuard will evaluate them and authenticate you. it will redirect you to the convenient URI. so, this special URI does not point to a dedicated page.

I've got a stack trace at startup with java.lang.NoClassDefFoundError: net/sf/jguard/security/JGuardPolicy

To solve this issue, you've got to put the jGuard-jvm.jar archive only in the 'shared lib' directory of your application server.more details about installation on application servers can be found on the dedicated page

Tags:
Created by on 2005/09/06 14:23

jGuard team copyright 2004-2009
3.1.1