[00:02:16 EDT(-0400)] * andrew_petro_ubu (n=apetro@71-223-119-61.phnx.qwest.net) has joined ##uportal
[00:02:28 EDT(-0400)] <andrew_petro_ubu> kinda lonely in here...
[01:28:42 EDT(-0400)] <andrew_petro_ubu> Any good reason I wouldn't be able to sftp into www.ja-sig.org : Status: Connection established, waiting for welcome message...
[01:28:42 EDT(-0400)] <andrew_petro_ubu> Error: Could not connect to server
[03:07:27 EDT(-0400)] * apetro_win_home (n=andrew_p@ip68-99-92-218.ph.ph.cox.net) has left ##uportal
[03:07:37 EDT(-0400)] * apetro_win_home (n=andrew_p@ip68-99-92-218.ph.ph.cox.net) has joined ##uportal
[09:21:25 EDT(-0400)] * esm (n=esm@asdf.dkc.jhu.edu) has joined ##uportal
[10:15:09 EDT(-0400)] * EricDalquist (n=dalquist@bohemia.doit.wisc.edu) has joined ##uportal
[10:17:31 EDT(-0400)] <esm> EricDalquist: hey got a sec
[10:17:42 EDT(-0400)] <EricDalquist> sure
[10:18:00 EDT(-0400)] <esm> so... on this ldap thing
[10:18:11 EDT(-0400)] <esm> backing up, I took a look at users in general in up3
[10:18:22 EDT(-0400)] <EricDalquist> ok
[10:19:53 EDT(-0400)] <esm> so there is an acegi authentication provider, used on login, and there is another user controller with "acegi" in the classname used by the portal common context code
[10:20:15 EDT(-0400)] <EricDalquist> sounds like what I remember
[10:20:37 EDT(-0400)] <esm> the acegi authentication provider is totally vanilla, and actually looks at the "user" and "authorities" column of the db.
[10:20:49 EDT(-0400)] <esm> the UserDaoImpl (used by the context code) looks at UP_USER
[10:20:55 EDT(-0400)] <EricDalquist> yeah
[10:21:15 EDT(-0400)] <EricDalquist> so the UserDaoImpl is what ties the acegi generated principal with uP3's concept of a user
[10:21:26 EDT(-0400)] <esm> so i'm wondering the best way to proceed. those divergent approaches need to be merged, right?
[10:21:29 EDT(-0400)] <esm> ok
[10:21:43 EDT(-0400)] <EricDalquist> so you would swap the acegi auth config to go against ldap
[10:21:49 EDT(-0400)] <esm> right
[10:22:00 EDT(-0400)] <esm> no prob there
[10:22:10 EDT(-0400)] <EricDalquist> and then the next step would be to update the UserDaoImpl and perhaps some UserDao client code logic to deal with users that don't actually exist yet
[10:22:23 EDT(-0400)] <EricDalquist> I'm thinking you'll only need to update UserDaoImpl
[10:22:43 EDT(-0400)] <EricDalquist> so that it is smart enough that if a user being asked about doesn't exist it creates the uP3 user object and persists it
[10:23:21 EDT(-0400)] <esm> ok i think i get it
[10:23:56 EDT(-0400)] <EricDalquist> UserDao is really more of a mapping
[10:24:29 EDT(-0400)] <EricDalquist> from acegi generated principal IDs to the internal User object (really represented by the generated key in the table that UserDaoImpl uses)
[10:27:14 EDT(-0400)] <esm> ok i guess i what was confusing to me was that acegi's authentication providers are looking in one place for authentication (e.g. the USER table) and then the AcegiSessionUserController is using the UserDaoImpl to get user info from aonther place.
[10:28:09 EDT(-0400)] <esm> UP_USER
[10:28:21 EDT(-0400)] <esm> the apache ds plugins for eclipse are nice
[10:28:23 EDT(-0400)] <EricDalquist> yeah
[10:28:32 EDT(-0400)] <EricDalquist> so the USER table represents LDAP
[10:28:45 EDT(-0400)] <EricDalquist> just some source of user credentials
[10:28:51 EDT(-0400)] <esm> ok
[10:28:53 EDT(-0400)] <EricDalquist> the portal framework never looks at it
[10:29:02 EDT(-0400)] <esm> at some point that has to be updated to be encrypted and stuff right?
[10:29:03 EDT(-0400)] <EricDalquist> UP_USER is the list of users the portal 'knows' about
[10:29:08 EDT(-0400)] <EricDalquist> yeah
[10:29:08 EDT(-0400)] <EricDalquist> well
[10:29:19 EDT(-0400)] <EricDalquist> yeah it would
[10:29:34 EDT(-0400)] <EricDalquist> but if we use ApacheDS as the default
[10:29:39 EDT(-0400)] <esm> right
[10:29:40 EDT(-0400)] <EricDalquist> that table would just go away
[10:29:49 EDT(-0400)] <EricDalquist> in favor of whatever DS uses for its backing store
[10:30:07 EDT(-0400)] <esm> ok so another question - i don't see anywhere in uP3 where users are actually created
[10:30:19 EDT(-0400)] <esm> up3 seems to assume that users are already "there"
[10:30:30 EDT(-0400)] <esm> is that a correct assumption on my part?
[10:31:22 EDT(-0400)] <esm> user state (attributes etc.) may be updated - I don't know about that - but I didn't see anywhere where users actually get created by the framework
[10:31:30 EDT(-0400)] <EricDalquist> yeah
[10:31:34 EDT(-0400)] <esm> in fact userdaoimpl doesn't implement the persistent part of the interface
[10:31:39 EDT(-0400)] <EricDalquist> there is no user creation right now
[10:31:47 EDT(-0400)] <EricDalquist> that was a TODO that was never done
[10:32:04 EDT(-0400)] <esm> ok so as part of this work do we need to do that? OR will Apache DS just load default users
[10:32:10 EDT(-0400)] <EricDalquist> so the only thing that really needs to be done to create a user is to make the UserDao return a User object when asked for it
[10:32:10 EDT(-0400)] <esm> like we do now
[10:32:16 EDT(-0400)] <esm> ok
[10:32:40 EDT(-0400)] <EricDalquist> so when using DS if you wanted to add a new user the only requirement should be to add the user information to the ApacheDS server
[10:33:02 EDT(-0400)] <esm> ok and that would be done outside of uP
[10:33:04 EDT(-0400)] <esm> no prob
[10:33:05 EDT(-0400)] <EricDalquist> when you auth with acegi as that user and the UserDao is queried the default operation should be to just create the user automaticly
[10:33:20 EDT(-0400)] <EricDalquist> that will likely be the most common usage pattern
[10:33:25 EDT(-0400)] <esm> right because the UserDao trusts that the framework has already authenticated the request
[10:33:37 EDT(-0400)] <EricDalquist> yeah
[10:33:41 EDT(-0400)] <esm> ok cool
[10:33:51 EDT(-0400)] <esm> so last questoin
[10:33:54 EDT(-0400)] <EricDalquist> if Acegi presents a principal it is assumed that user should exist
[10:34:29 EDT(-0400)] <esm> apacheds has tons of deps. deps that conflict with existing up3 deps, especially spring. ds is spring 1.x.
[10:34:35 EDT(-0400)] <esm> so i have ds in a separate project
[10:34:48 EDT(-0400)] <esm> and i have it configured as a separate webapp
[10:34:52 EDT(-0400)] <EricDalquist> ok
[10:35:20 EDT(-0400)] <esm> and a servletcontext listener fires it up and shuts it down
[10:35:39 EDT(-0400)] <EricDalquist> cool
[10:35:56 EDT(-0400)] <esm> ok cool thanks for the help, i am travelling later this week so I should have some quality plane time
[10:36:30 EDT(-0400)] <esm> i also, btw updated pluto to not need xml parsers in a shared classloader
[10:37:05 EDT(-0400)] <EricDalquist> sweet
[10:37:29 EDT(-0400)] <esm> and i think a request/jira is being filed "soon" to assemble powf in pluto portal
[10:38:22 EDT(-0400)] <EricDalquist> powf?
[10:38:32 EDT(-0400)] <esm> plain ole war file
[10:39:07 EDT(-0400)] <EricDalquist> ahh
[10:39:26 EDT(-0400)] <esm> so that will mean i have to do dupe detection
[10:39:34 EDT(-0400)] <EricDalquist> yup
[10:39:50 EDT(-0400)] <EricDalquist> shouldn't be too hard ... is there a DD object for the web.xml yet?
[10:40:24 EDT(-0400)] <esm> pluto descriptor services has a DD OM for web.xml
[10:41:42 EDT(-0400)] <EricDalquist> yeah
[10:41:57 EDT(-0400)] <EricDalquist> all you should need to do then is load the DD and see if the servlet/mappings are there
[10:42:05 EDT(-0400)] <esm> yup shouldn't be hard
[11:01:07 EDT(-0400)] * andrew_petro_ubu (n=apetro@uni1.unicon.net) has joined ##uportal
[13:06:27 EDT(-0400)] * athena7 (n=athena@lumina.its.yale.edu) has joined ##uportal
[13:24:17 EDT(-0400)] <andrew_petro_ubu> it's posted.
[13:24:29 EDT(-0400)] <EricDalquist> sweet
[13:26:27 EDT(-0400)] <andrew_petro_ubu> alright. For 2.7, let's remove SLM and ALM (less code to maintain), remove the whole security infrastructure and replace it with embedded CAS (less code to maintain), remove the GAPS code in favor of using the .jars (less code to maintain), and remove the persondir code in favor of using the Persondir .jar (less code to maintain).
[13:26:51 EDT(-0400)] <EricDalquist>
[13:26:53 EDT(-0400)] <andrew_petro_ubu> Then let's rework DLM persistence to use uP3-style flatter data.
[13:27:01 EDT(-0400)] <andrew_petro_ubu> Making it easier to compose example layouts etc. that showcase
[13:27:07 EDT(-0400)] <andrew_petro_ubu> oodles of channels and portlets we suck into the project.
[13:27:16 EDT(-0400)] <andrew_petro_ubu> all built using Maven.
[13:35:44 EDT(-0400)] <andrew_petro_ubu> heh. Apparently the license we've got is OSI certified if we would only recognize that it is exactly the BSD license
[13:36:10 EDT(-0400)] <EricDalquist> lol
[13:36:33 EDT(-0400)] <EricDalquist> just change the header to remove the JA-SIG part and call it what it is?
[13:39:08 EDT(-0400)] <andrew_petro_ubu> Just add to the header to declare "This is the BSD license." ?
[13:39:21 EDT(-0400)] <andrew_petro_ubu> When you distribute something under Apache 2.0, e.g., the copyright holder doesn't have to be Apache
[13:39:29 EDT(-0400)] <andrew_petro_ubu> what's described is the license
[13:39:41 EDT(-0400)] <andrew_petro_ubu> now, it would be nice if the declared copyright holder were an actually existing entity
[13:40:26 EDT(-0400)] <andrew_petro_ubu> what are the odds I could get up2 to build under Maven 2 in time for 2.6.0 GA
[13:40:30 EDT(-0400)] <andrew_petro_ubu> and sell everyone on this being okay?
[13:40:42 EDT(-0400)] <EricDalquist> heh
[13:40:52 EDT(-0400)] <EricDalquist> not sure
[13:40:59 EDT(-0400)] <EricDalquist> sounds like it could get messy
General
Content
Integrations