I chose Apache Roller for the Toolserver blog. Roller is mature software, widely used on large sites (e.g. blogs.sun.com), it’s written in Java which makes it easy to deploy, and lastly it can be integrated with Atlassian Crowd, the centralised authentication software we use for Toolserver web properties.

Unfortunately, although Roller itself was easy to set up, making it work properly with Crowd took a bit more effort. Firstly, there are three ways to integrate Roller with Crowd: LDAP (if your Crowd directory is using LDAP), the Crowd connector for JAAS (a standardised security framework for Java), and the Crowd connector for Acegi Security, the security framework Roller itself uses. After a lot of trial and error, the easiest to set up of all of these appears to be Acegi. So, here is how I did it:

Firstly, make sure you’re using Crowd 1.4.2 or later. Earlier versions (at least 1.4, which I tried) have a bug in the Acegi connector that makes it unusable. You don’t need to upgrade Crowd itself, just make sure you have the 1.4.2 client libraries. Copy the Crowd connector to Roller’s WEB-INF/lib:

$ cp $CROWD_DIR/client/lib/* WEB-INF/lib/
$ cp $CROWD_DIR/client/crowd-integration-client-1.4.2.jar WEB-INF/lib/

The Crowd client libraries include newer versions of some libraries which Roller also includes. If you don’t remove these older versions, Crowd will try to use them, and things won’t work:

$ rm WEB-INF/lib/commons-httpclient-2.0.2.jar
$ rm WEB-INF/lib/ehcache-1.1.jar

Now you can follow the Crowd Acegi set up instructions. When it talks about your Acegi Security configuration, this is Roller’s WEB-INF/security.xml file.

After you’re done, a little bit more work is still needed. Firstly, the applicationContext-CrowdClient.xml from Crowd didn’t work for me; it needs a little bit of editing. Extract the file from the Crowd jar:

$ jar xvf lib/crowd-integration-client-1.4.2.jar applicationContext-CrowdClient.xml

The top of the file should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

Change that to read:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>

Then edit web.xml so it refers to /WEB-INF/applicationContext-CrowdClient.xml instead of the one in classpath:/. My web.xml looks like this:

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-CrowdClient.xml
/WEB-INF/security.xml
</param-value>
</context-param>

Finally, you need to map Crowd groups to Roller groups. Create two new groups (e.g. roller-editor and roller-admin) in Crowd. Then edit security.xml again, and find the “AUTHENTICATION” section. It should have several lines that look like this:

/roller-ui/login-redirect**=admin,editor

On each line, change “admin” to “ROLE_roller-admin“, and “editor” to “ROLE_roller-editor“.

That’s it! Hopefully, your Roller installation should now authenticate from Crowd. Easy, huh? (Remember to re-apply these customisations each time you upgrade Roller…)