incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kinicky <kini...@gmail.com>
Subject Re: trying to integrate JSPWiki 2.8 with MS-AD via Tomcat 6
Date Wed, 13 May 2009 13:44:55 GMT
Hi guys, i really need help on this,

i think the integration is correct since i can login with AD users... but i
can't login with my admin user... isn't possible to use AD and the JSPWiki
users at the same time?


PS: when i try to login with AD users i get the "Forbidden *Sorry, but you
are not allowed to do that." page... i dont know why is this happening.. i
already set the authorized role to have all permissions. But when i click
the link "better luck next time" i go to the main page of wiki with the user
authenticated! And when i try to edit some page i get the same "forbidden"
page.


*

On Tue, May 12, 2009 at 4:11 PM, Kinicky <kinicky@gmail.com> wrote:

> tks guys, i think this solve my problem!
>
> but one more thing.. since now all the users from JSPWiki are from AD i
> dont have my admin account on JSPWiki.
>
> what do i do?
>
>
> On Tue, May 12, 2009 at 4:08 PM, Janne Jalkanen <janne.jalkanen@ecyrd.com>wrote:
>
>>
>> It would be so cool to have a switch in jspwiki.properties or the admin
>> UI.  But that may be a bit challenging - unless we have login.jsp and
>> loginsecure.jsp; and define the latter to have CONFIDENTIAL transport; then
>> check the in the corresponding jsp file whether the bit is on in the
>> property file. Would that work?
>>
>> /Janne
>>
>>
>> On 12 May 2009, at 22:02, Andrew Jaquith wrote:
>>
>>  Oh, naturally. The security creep wouldn't have it any other way. I'll
>>> be sure to write something very stern and scary.
>>>
>>> On Tue, May 12, 2009 at 3:00 PM, Harry Metske <harry.metske@gmail.com>
>>> wrote:
>>>
>>>> +1
>>>>
>>>> and we should add a very strong warning with it in the web.xml
>>>>
>>>>
>>>>
>>>> 2009/5/12 Andrew Jaquith <andrew.r.jaquith@gmail.com>
>>>>
>>>>  Switched to the dev list:
>>>>>
>>>>> The security creep in me wants everything to be secure out of the box,
>>>>> hence the default configuration of CONFIDENTIAL for container logins.
>>>>>
>>>>> However, the "make it just work out of the box" usability freak hates
>>>>> stuff like this.
>>>>>
>>>>> The usability freak is currently beating up the security creep. I
>>>>> think we should use a default NONE for transport-guarantee for 3.0.
>>>>>
>>>>> Thoughts? Can I get an amen? (that's Southern Baptist for "requesting
a
>>>>> +1").
>>>>>
>>>>> Andrew
>>>>>
>>>>>
>>>>> On Tue, May 12, 2009 at 2:41 PM, Harry Metske <harry.metske@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> what could be the case is that because you have
>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 tomcat
>>>>>> redirects
>>>>>> you to the port configured as redirectPort as defined on the Connector
>>>>>> element in tomcat's server.xml
>>>>>>
>>>>>> You could verify that by using
>>>>>> <transport-guarantee>NONE</transport-guarantee>
>>>>>>
>>>>>> regards,
>>>>>> Harry
>>>>>>
>>>>>> 2009/5/12 Kinicky <kinicky@gmail.com>
>>>>>>
>>>>>>  Hi everyone!
>>>>>>>
>>>>>>> this is my scenery: i have users on AD and want them to use JSPWiki.
>>>>>>> I
>>>>>>> follow the pages above but didnt succeed:
>>>>>>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
>>>>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>>>>>>
>>>>>>> it's odd, after i did these changes i'm able to navigate through
the
>>>>>>>
>>>>>> pages
>>>>>
>>>>>> of wiki except the Login.jsp. When i try to go there to authenticate
i
>>>>>>>
>>>>>> got
>>>>>
>>>>>> an error message saying Firefox failed in establishing a connection
>>>>>>> with
>>>>>>>
>>>>>> my
>>>>>
>>>>>> server.
>>>>>>>
>>>>>>> i hope anyone can help me!
>>>>>>>
>>>>>>> here some information:
>>>>>>> *server.xml* on Tomcat:
>>>>>>>     <Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
>>>>>>>             connectionURL="ldap://server:389"
>>>>>>>             connectionName="username"
>>>>>>>             connectionPassword="password"
>>>>>>>             referrals="follow"
>>>>>>>             userBase="OU=Usuarios, OU=Cit, DC=cit"
>>>>>>>             userSearch="(sAMAccountName={0})"
>>>>>>>           userRoleName="memberOf"
>>>>>>>
>>>>>>> userSubtree="true"
>>>>>>>
>>>>>>>     />
>>>>>>>
>>>>>>> *web.xml* of JSPWiki
>>>>>>>  <security-constraint>
>>>>>>>      <web-resource-collection>
>>>>>>>          <web-resource-name>Administrative Area</web-resource-name>
>>>>>>>          <url-pattern>/Delete.jsp</url-pattern>
>>>>>>>      </web-resource-collection>
>>>>>>>      <auth-constraint>
>>>>>>>          <role-name>Admin</role-name>
>>>>>>>      </auth-constraint>
>>>>>>>      <user-data-constraint>
>>>>>>>          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>>>      </user-data-constraint>
>>>>>>>  </security-constraint>
>>>>>>>
>>>>>>>  <security-constraint>
>>>>>>>      <web-resource-collection>
>>>>>>>          <web-resource-name>Authenticated area</web-resource-name>
>>>>>>>          <url-pattern>/Edit.jsp</url-pattern>
>>>>>>>          <url-pattern>/Comment.jsp</url-pattern>
>>>>>>>          <url-pattern>/Login.jsp</url-pattern>
>>>>>>>          <url-pattern>/NewGroup.jsp</url-pattern>
>>>>>>>          <url-pattern>/Rename.jsp</url-pattern>
>>>>>>>          <url-pattern>/Upload.jsp</url-pattern>
>>>>>>>          <http-method>DELETE</http-method>
>>>>>>>          <http-method>GET</http-method>
>>>>>>>          <http-method>HEAD</http-method>
>>>>>>>          <http-method>POST</http-method>
>>>>>>>          <http-method>PUT</http-method>
>>>>>>>      </web-resource-collection>
>>>>>>>
>>>>>>>      <web-resource-collection>
>>>>>>>          <web-resource-name>Read-only Area</web-resource-name>
>>>>>>>          <url-pattern>/attach</url-pattern>
>>>>>>>          <http-method>DELETE</http-method>
>>>>>>>          <http-method>POST</http-method>
>>>>>>>          <http-method>PUT</http-method>
>>>>>>>      </web-resource-collection>
>>>>>>>
>>>>>>>      <auth-constraint>
>>>>>>>          <role-name>Admin</role-name>
>>>>>>>          <role-name>Authenticated</role-name>
>>>>>>>      </auth-constraint>
>>>>>>>
>>>>>>>      <user-data-constraint>
>>>>>>>          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>>>      </user-data-constraint>
>>>>>>>  </security-constraint>
>>>>>>>
>>>>>>>  <login-config>
>>>>>>>      <auth-method>FORM</auth-method>
>>>>>>>      <form-login-config>
>>>>>>>          <form-login-page>/LoginForm.jsp</form-login-page>
>>>>>>>          <form-error-page>/LoginForm.jsp</form-error-page>
>>>>>>>      </form-login-config>
>>>>>>>  </login-config>
>>>>>>>
>>>>>>>  <security-role>
>>>>>>>      <description>
>>>>>>>          This logical role includes all authenticated users
>>>>>>>      </description>
>>>>>>>      <role-name>Authenticated</role-name>
>>>>>>>  </security-role>
>>>>>>>
>>>>>>>  <security-role>
>>>>>>>      <description>
>>>>>>>          This logical role includes all administrative users
>>>>>>>      </description>
>>>>>>>      <role-name>Admin</role-name>
>>>>>>>  </security-role>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message