incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <janne.jalka...@ecyrd.com>
Subject Re: trying to integrate JSPWiki 2.8 with MS-AD via Tomcat 6
Date Tue, 12 May 2009 19:08:31 GMT

It would be so cool to have a switch in jspwiki.properties or the  
admin UI.  But that may be a bit challenging - unless we have  
login.jsp and loginsecure.jsp; and define the latter to have  
CONFIDENTIAL transport; then check the in the corresponding jsp file  
whether the bit is on in the property file. Would that work?

/Janne

On 12 May 2009, at 22:02, Andrew Jaquith wrote:

> Oh, naturally. The security creep wouldn't have it any other way. I'll
> be sure to write something very stern and scary.
>
> On Tue, May 12, 2009 at 3:00 PM, Harry Metske  
> <harry.metske@gmail.com> wrote:
>> +1
>>
>> and we should add a very strong warning with it in the web.xml
>>
>>
>>
>> 2009/5/12 Andrew Jaquith <andrew.r.jaquith@gmail.com>
>>
>>> Switched to the dev list:
>>>
>>> The security creep in me wants everything to be secure out of the  
>>> box,
>>> hence the default configuration of CONFIDENTIAL for container  
>>> logins.
>>>
>>> However, the "make it just work out of the box" usability freak  
>>> hates
>>> stuff like this.
>>>
>>> The usability freak is currently beating up the security creep. I
>>> think we should use a default NONE for transport-guarantee for 3.0.
>>>
>>> Thoughts? Can I get an amen? (that's Southern Baptist for  
>>> "requesting a
>>> +1").
>>>
>>> Andrew
>>>
>>>
>>> On Tue, May 12, 2009 at 2:41 PM, Harry Metske <harry.metske@gmail.com 
>>> >
>>> wrote:
>>>> what could be the case is that because you have
>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>  tomcat
 
>>>> redirects
>>>> you to the port configured as redirectPort as defined on the  
>>>> Connector
>>>> element in tomcat's server.xml
>>>>
>>>> You could verify that by using
>>>> <transport-guarantee>NONE</transport-guarantee>
>>>>
>>>> regards,
>>>> Harry
>>>>
>>>> 2009/5/12 Kinicky <kinicky@gmail.com>
>>>>
>>>>> Hi everyone!
>>>>>
>>>>> this is my scenery: i have users on AD and want them to use  
>>>>> JSPWiki. I
>>>>> follow the pages above but didnt succeed:
>>>>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
>>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>>>>
>>>>> it's odd, after i did these changes i'm able to navigate through  
>>>>> the
>>> pages
>>>>> of wiki except the Login.jsp. When i try to go there to  
>>>>> authenticate i
>>> got
>>>>> an error message saying Firefox failed in establishing a  
>>>>> connection with
>>> my
>>>>> server.
>>>>>
>>>>> i hope anyone can help me!
>>>>>
>>>>> here some information:
>>>>> *server.xml* on Tomcat:
>>>>>      <Realm className="org.apache.catalina.realm.JNDIRealm"  
>>>>> debug="99"
>>>>>              connectionURL="ldap://server:389"
>>>>>              connectionName="username"
>>>>>              connectionPassword="password"
>>>>>              referrals="follow"
>>>>>              userBase="OU=Usuarios, OU=Cit, DC=cit"
>>>>>              userSearch="(sAMAccountName={0})"
>>>>>            userRoleName="memberOf"
>>>>>
>>>>> userSubtree="true"
>>>>>
>>>>>      />
>>>>>
>>>>> *web.xml* of JSPWiki
>>>>>   <security-constraint>
>>>>>       <web-resource-collection>
>>>>>           <web-resource-name>Administrative Area</web-resource-

>>>>> name>
>>>>>           <url-pattern>/Delete.jsp</url-pattern>
>>>>>       </web-resource-collection>
>>>>>       <auth-constraint>
>>>>>           <role-name>Admin</role-name>
>>>>>       </auth-constraint>
>>>>>       <user-data-constraint>
>>>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>       </user-data-constraint>
>>>>>   </security-constraint>
>>>>>
>>>>>   <security-constraint>
>>>>>       <web-resource-collection>
>>>>>           <web-resource-name>Authenticated area</web-resource-

>>>>> name>
>>>>>           <url-pattern>/Edit.jsp</url-pattern>
>>>>>           <url-pattern>/Comment.jsp</url-pattern>
>>>>>           <url-pattern>/Login.jsp</url-pattern>
>>>>>           <url-pattern>/NewGroup.jsp</url-pattern>
>>>>>           <url-pattern>/Rename.jsp</url-pattern>
>>>>>           <url-pattern>/Upload.jsp</url-pattern>
>>>>>           <http-method>DELETE</http-method>
>>>>>           <http-method>GET</http-method>
>>>>>           <http-method>HEAD</http-method>
>>>>>           <http-method>POST</http-method>
>>>>>           <http-method>PUT</http-method>
>>>>>       </web-resource-collection>
>>>>>
>>>>>       <web-resource-collection>
>>>>>           <web-resource-name>Read-only Area</web-resource-name>
>>>>>           <url-pattern>/attach</url-pattern>
>>>>>           <http-method>DELETE</http-method>
>>>>>           <http-method>POST</http-method>
>>>>>           <http-method>PUT</http-method>
>>>>>       </web-resource-collection>
>>>>>
>>>>>       <auth-constraint>
>>>>>           <role-name>Admin</role-name>
>>>>>           <role-name>Authenticated</role-name>
>>>>>       </auth-constraint>
>>>>>
>>>>>       <user-data-constraint>
>>>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>       </user-data-constraint>
>>>>>   </security-constraint>
>>>>>
>>>>>   <login-config>
>>>>>       <auth-method>FORM</auth-method>
>>>>>       <form-login-config>
>>>>>           <form-login-page>/LoginForm.jsp</form-login-page>
>>>>>           <form-error-page>/LoginForm.jsp</form-error-page>
>>>>>       </form-login-config>
>>>>>   </login-config>
>>>>>
>>>>>   <security-role>
>>>>>       <description>
>>>>>           This logical role includes all authenticated users
>>>>>       </description>
>>>>>       <role-name>Authenticated</role-name>
>>>>>   </security-role>
>>>>>
>>>>>   <security-role>
>>>>>       <description>
>>>>>           This logical role includes all administrative users
>>>>>       </description>
>>>>>       <role-name>Admin</role-name>
>>>>>   </security-role>
>>>>>
>>>>
>>>
>>


Mime
View raw message