OpenSolaris Authentication and Authorisation System
###################################################

Overview
========

This repository contains the system used to manage opensolaris.org
authentication and authorisation, for both users and applications.

See http://auth.opensolaris.org

Getting started
===============

Auth webapp
-----------

Prerequisites
.............

1. A version of the Java 6 JDK (should be included with any recent ON build).

2. The unlimited strength JCE policy files - these give access to strong crypto
   ciphers, rather than the limited-strength defaults shipped with the JDK.
   These can be obtained from the 'Other Downloads' section of
   http://java.sun.com/javase/downloads/index.jsp

3. An installed copy of NetBeans 6.5, including the Tomcat server.  The version
   of NetBeans that ships with OpenSolaris does not include the bundled Tomcat
   server, and whilst it should be ossible to configure NetBeans to use the
   Tomcat bundled with Solaris, the Solaris version is an older version than
   the one that ships with NetBeans,  The recommendation  is therefore to
   install NetBeans from http://www.netbeans.org/downloads/index.html, the
   'Java' bundle.

Running
.......

1. Open the AuthWebapp project in NetBeans (File->Open Project).  Make sure the
   'Open as Main Project' and 'Open Required Projects' checkboxes are selected.

2. Press F6.  NetBeans will build the project and its dependencies, start
   Tomcat and deploy the app.  The app will then start up an embedded database
   server and create a new database under /tmp/auth.  The database will be
   populated with some test data.  When that is complete NetBeans will then open
   browser window containing the front page of the application.

3. There is also a test XMLRPC client in the AuthClientTest project.  To run it,
   right-click on the project in the Projects window and select 'Run Project'.

Cleanup
.......

You can safely delete everything under /tmp/auth when you are done, it will be
recreated the next time you run the application.

CA application
--------------

To build the application, run the Makefile in the CA directory, then run
CA/bin/ca to start the application.  This is a text menu application that can
be used to manage certificates.  See the application help menus help for more
details.

Other tips
==========

Auth database
-------------

If you want to poke around in the database, I can strongly recommend the
SQuirreL SQL client - http://www.squirrelsql.org/.  This is a Java-based GUI
application that lets you browse databases - anything you can get a JDBC driver
for.  To configure it:

1. Get the appropriate JDBC driver.  You can find a copy of the Derby one in
   the SVN repo at new_site/AuthDB/lib/derbyclient.jar.  I generally  create a
   drivers subdirectory in my SQuirreL install directory and put a copy in
   there.

2. Make sure the webapp is running, the database is embedded in the webapp, so
   the webapp needs to be active. (F6 in NetBeans)

3. Open the Drivers window (Windows->View Drivers) and click on the 'Apache
   Derby Client' entry.  Click on the 'Extra Class Path' tab, then 'Add' and
   browse to the derbyclient.jar file.

4. Open the Aliases window (Windows->View Aliases) and click on the '+' (Create
   new Alias).  Fill in the form as follows:

    Name: opensolaris
    Driver: Apache Derby Client
    URL: jdbc:derby://localhost/opensolaris;securityMechanism=8
    User Name: auth
    Password: auth
    Auto Logon: selected

5. Click on the 'Test' button to check the connection works, then on 'OK'.

6. In the Aliases window, double click on the 'opensolaris' alias to open the
   database.  The database tables are in the 'AUTH' schema.

Directory contents
==================

File LICENSES.txt
-----------------

Information on the licenses used by various components of the Auth application.

Subdirectory AuthClient
-----------------------

This NetBeans project provides a client library for applications that want to
make XMLRPC requests to the Auth service.

Subdirectory AuthClientTest
---------------------------

This NetBeans project provides a simple command-line client to test the basic
client functionality.

Subdirectory AuthCommon
-------------------------

This NetBeans project holds the Apache XMLRPC libraries, as well as common code
that is used by both the XMLRPC server and clients.  This code includes al the
POJO classes used to store data, classes for managing data pagination and the
xlasses used to provide the XMLRPC interface.

Subdirectory AuthDB
-----------------------

This NetBeans project contains the code used to create and manage the
opensolaris user database.  It uses the Derby database package, and runs
embedded within the Auth webapp.

Subdirectory AuthSSL
-----------------------

This NetBeans project provides a library that manages the creation of SSL
connections for either client or server use.  Rather than using the global JVM
keystore, this library allows a specific keystore to be used for the conections
it creates.  This project also contains the classses needed to manage the
keystores used by SSL connections, and the source of the keystore command-line
utility.

Subdirectory AuthWebapp
-----------------------

This NetBeans project contains the Auth service.  This consists of a web
application that manages users and services, using an embedded Derby database.
It also provides a XMLRPC server that provides authentication and authorisation
services to other applications.

Subdirectory AuthWebClientTest
------------------------------

Simple web application that acts as a test Auth client.

Subdirectory AuthXWiki
----------------------

Code for integrating Auth support into XWiki.

Subdirectory CA
---------------

This is a Certificate Authority, used to issue X509 certificates.  These
certificates are in turn used to secure and control the communications between
the Auth system and client applications.

Subdirectory DataMigration
--------------------------

This NetBeans project contains a utility to migrate data from the existing Tonic
database into the Auth database.  It is run from the command-line.

Subdirectory DevelCerts
-----------------------

Certificates for development and test purposes.

Subdirectory Documents
----------------------

Contains design documents for the Auth application.

Subdirectory Libraries
----------------------

Shared libraries used by the NetBeans projects.

Subdirectory Licenses
---------------------

Licenses used by various components of the Auth application.

Subdirectory XMLRPCTests
------------------------

This NetBeans project holds simple stand-alone test classes that can be used to
check the end-to-end SSL and XMLRPC functionality is working.

Indexes created Wed Nov 25 04:07:54 UTC 2009

Terms of Use | Privacy | Trademarks | Copyright Policy | Site Guidelines | Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.