Welcome to the jGuard's wiki » 全体像 » Frequently Asked Questions

Frequently Asked Questions

Last modified by RaffaelloPelagalli on 2006/01/11 04:43

Frequently Asked Questions

  1. How does work authentication on jGuard?
  2. How can i configure jGuard to authenticate against an LDAP directory?
  3. How can i configure jGuard to authenticate against a Kerberos system?
  4. How can i configure jGuard to authenticate against the NT/Unix/Solaris host system?
  5. How to add support of a database on the authorization system?
  6. AccessFilter automatically tries to log me in as 'guest'.Why should there be a "default" user in jGuard? Isn't that a security issue?
  7. Can i create a permission not bound to a Domain?
  8. What is the role of logonProcessURI?
  9. I've got a stack trace at startup with java.lang.NoClassDefFoundError: net/sf/jguard/security/JGuardPolicy

How does work authentication on jGuard?

jGuard authenticate users (with the help of JAAS), through a stack of LoginModules.

How can i configure jGuard to authenticate against an LDAP directory?

jGuard provide some convenient LoginModules, but not yet a loginModule dedicated to LDAP authentication (it is planned for the next release). So, the solution is to use a LoginModule provided by sun directly with the Java Runtime Environment(JRE). to do it, you have only to declare in the 'loginmodules' field this one: com.sun.security.auth.module.JndiLoginModule note that this loginmodule connect to LDAP through the great abstraction layer called JNDI. more details can be reached directly at the corresponding page It exists others LoginModule implementations which do the same stuff. the only requirement is only to implements the LoginModule interface.

How can i configure jGuard to authenticate against a Kerberos system?

you can configure jGuard to authenticate through a Kerberos system. the loginModule to use is the one provided by sun: com.sun.security.auth.module.Krb5LoginModule more information are provided here.

How can i configure jGuard to authenticate against the NT/Unix/Solaris host system?

jGuard can authenticate it with any provided LoginModules implementations. here are the one provided by sun.

How to add support of a database on the authorization system?

you have to inherit from the class JdbcAuthorizationManager (present in the net.sf.jguard.authorization package) to create a specific 'MyDatabaseAuthorizationManager'. the specific parts of each implementation are the SQL requests. the JdbcAuthorizationmanager define dummy SQL requests you have to override in the public void assemblySQLStatements() method . note that table names are defined at startup, because user can customize them. and that's all you have to do! exemple:

public void assemblySQLStatements() {
    String ROLES = " select name from " + jgAppRole;
    ......
    ......
    super.ABS_ROLES = ROLES;
}

AccessFilter automatically tries to log me in as 'guest'.Why should there be a "default" user in jGuard? Isn't that a security issue?

jGuard automatically authenticate you as 'Guest' by default. it's not a security issue, but a design choice. but to fulfills your security requirements, you can configure that guest (unauthorized users), hasn't got access to your protected pages. how to do it? => configure the Guest role with no permissions. the guest user will only have access to login page and access denied page(access is always grant to these pages).

Can i create a permission not bound to a Domain?

"I didn't want to associate a domain to the permission because this permission is alone in a functional point of view."

all permission must belong to a domain. to solve your problem, it is suitable to create a 'default' domain which will regroup "orphan permissions". but it is not mandatory to assign this domain to a role (this domain hasn't got any "functional meaning"). you will only assign some permissions of this domain to the role. the reason to always assign a domain to a permission, is to be sure that the sum of permissions of all domains contains all the permissions declared in the application.

What is the role of logonProcessURI?

logonProcessURI is the way jGuard receive credentials through FORM authentication. the html form which contains your login and password will send these informations to this special URI interecepted by jGuard. jGuard will evaluate them and authenticate you. it will redirect you to the convenient URI. so, this special URI does not point to a dedicated page.

I've got a stack trace at startup with java.lang.NoClassDefFoundError: net/sf/jguard/security/JGuardPolicy

to solve this issue, you've got to put the jGuard-jvm.jar archive only in the 'shared lib' directory of your application server.more details about installation on application servers can be found on the dedicated page

Tags:
Created by Masa Naka on 2006/01/11 04:43

jGuard team copyright 2004-2009
3.1.1