Page tree
Skip to end of metadata
Go to start of metadata

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 119 rates

This page describes necessary manual steps (possibly to be scripted out) to upgrade security configuration to Magnolia 4.5.

Jackrabbit security

Update all the jackrabbit-bundle-*-search.xml files to contain new security changes.

jackrabbit-bundle-*-search.xml
<Security appName="magnolia">
  <SecurityManager class="org.apache.jackrabbit.core.DefaultSecurityManager"/>
  <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager">
  </AccessManager>
  <!-- login module defined here is used by the repo to authenticate every request. not by the webapp to authenticate user against the webapp context (this one has to be passed before thing here gets invoked -->
  <LoginModule class="info.magnolia.jaas.sp.jcr.JackrabbitAuthenticationModule">
  </LoginModule>
</Security>

You may have to update the DTD to version 1.5:

<!DOCTYPE Repository PUBLIC "-//The Apache Software Foundation//DTD Jackrabbit 1.5//EN" "http://jackrabbit.apache.org/dtd/repository-1.5.dtd">

Workspaces

Update all workspace.xml files (in your repositories folder) to contain new security changes.

workspace.xml
<Workspace>
  ...
   <WorkspaceSecurity>
      <AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider" />
   </WorkspaceSecurity>
</Workspace>

and remove the following lines:

workspace.xml
...
<param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer"/>
...
<param name="textFilterClasses" value="org.apache.jackrabbit.extractor.MsWordTextExtractor, .."/>
...

You can update the workspace files manually as shown above or you can run the ws.py Python script. The script is in the add-ons folder in the magnolia-4.5-migration bundle in Nexus. (warning) 4.5.9+

To run the script:

jsmith:~ $ ./wsp.py /path/to/your/repositories-folder

JAAS chain

Update the JAAS chain configuration. We use one chain now as all the authentication is done by JCR (Jackrabbit) on behalf of Magnolia CMS.

jaas.config
magnolia {
  // ensure user is who he claims he is (check pwd for the user)
  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
  // retrieve users ACLs
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};

You can update the workspace files manually as shown above or you can run the jaas.py Python script. The script is in the add-ons folder in the magnolia-4.5-migration bundle in Nexus. (warning) 4.5.9+

To run the script:

jsmith:~ $ ./jaas.py /path/to/your/jaas.config

Match the names

The name of the JAAS chain and the appName in jackrabbit-bundle-*-search.xml need to be identical. Set both to magnolia. It used to be Jackrabbit.

  • No labels

2 Comments

  1. This:

    Match the names

    The name of the JAAS chain and the appName in jackrabbit-bundle-*-search.xml need to be identical. Set both to magnolia. It used to be Jackrabbit.

    is unclear. Please provide more precision. Where is a change necessary? Thanks!

  2. ./wsp.py /path-to-repositories-folder

    does NOT remove:

    <param name="analyzer" value="org.apache.lucene.analysis.standard.StandardAnalyzer"/>

    it only removes:

    <param name="textFilterClasses" value="org.apache.jackrabbit.extractor.MsWordTextExtractor, .."/>

     

    Patch:

    add on line21:

    if p.getAttribute("name") == "analyzer":

                        index.removeChild(p)