Access Controller: Authorization and Authentication

Author: Michael Wechner (michael.wechner@lenya.org)
Created: 2002.01.03
Version: 2002.10.20

Contents

  1. Creating and Editing Users (Command Line)
    1. IML-Authenticator
    2. RDB-Authenticator
    3. LDAP-Authenticator
  2. Editing Authorization Policies (Command Line)
    1. PML-Authorizer
    2. XACML-Authorizer

Creating and Editing Users (Command Line)

Creating and editing users on the command line depends on the concrete authenticator used by the publication. You can find out which authenticator is used by taking a look at the sitemaps of the publication. The default authenticator is currently the IML-Authenticator.

IML-Authenticator

"IML" stands for Identity Markup Language. Each user is defined by an IML-file. For example, the user "lenya" is defined by the file "lenya.iml". The IML-files are normally located at MY_PUB/docs/lenya/ac/passwd, where MY_PUB is not the string "MY_PUB", but rather the filesystem path under which "My Publication" is located, for instance "lenya/pubs/ethz-mat". To create a new user, just copy an existing one. The new user will have the same password as the one you have copied. To create a new MD5 encrypted password you can use the Java class org.apache.lenya.cms.ac.Password, which is using the Java class org.w3c.tools.crypt.Md5 (The classes can be found at WEB-INF/classes).

RDB-Authenticator

Not implemented yet.

LDAP-Authenticator

Not implemented yet.

Editing Authorization Policies (Command Line)

Creating and editing policies/permissions on the command line depends on the concrete authorizer used by the publication. You can find out which authorizer is used by taking a look at the sitemaps of the publication. The default authorizer is currently the PML-Authorizer.

PML-Authorizer

"PML" stands for "Policy Markup Language". The PML-Authorizer is matching each HTTP-request with an action (i.e. read, write, publish, etc.) and a policy (permissions). The rules for matching are defined by the sitemap "policies-sitemap.xmap". This sitemap is normally located in the "root" directory (MY_PUB) of each publication. The policies themselves can normally be found at MY_PUB/docs/lenya/ac/policies.

XACML-Authorizer

Not implemented yet. More information on XACML can be found here.