incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <janne.jalka...@ecyrd.com>
Subject Re: trying to integrate JSPWiki 2.8 with MS-AD via Tomcat 6
Date Tue, 12 May 2009 18:59:14 GMT

+1, I think usability (or to be precise: "first use experience" should  
win in this case).

/Janne

On 12 May 2009, at 21:50, Andrew Jaquith wrote:

> Switched to the dev list:
>
> The security creep in me wants everything to be secure out of the box,
> hence the default configuration of CONFIDENTIAL for container logins.
>
> However, the "make it just work out of the box" usability freak hates
> stuff like this.
>
> The usability freak is currently beating up the security creep. I
> think we should use a default NONE for transport-guarantee for 3.0.
>
> Thoughts? Can I get an amen? (that's Southern Baptist for  
> "requesting a +1").
>
> Andrew
>
>
> On Tue, May 12, 2009 at 2:41 PM, Harry Metske  
> <harry.metske@gmail.com> wrote:
>> what could be the case is that because you have
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>  tomcat  
>> redirects
>> you to the port configured as redirectPort as defined on the  
>> Connector
>> element in tomcat's server.xml
>>
>> You could verify that by using
>> <transport-guarantee>NONE</transport-guarantee>
>>
>> regards,
>> Harry
>>
>> 2009/5/12 Kinicky <kinicky@gmail.com>
>>
>>> Hi everyone!
>>>
>>> this is my scenery: i have users on AD and want them to use  
>>> JSPWiki. I
>>> follow the pages above but didnt succeed:
>>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>>
>>> it's odd, after i did these changes i'm able to navigate through  
>>> the pages
>>> of wiki except the Login.jsp. When i try to go there to  
>>> authenticate i got
>>> an error message saying Firefox failed in establishing a  
>>> connection with my
>>> server.
>>>
>>> i hope anyone can help me!
>>>
>>> here some information:
>>> *server.xml* on Tomcat:
>>>      <Realm className="org.apache.catalina.realm.JNDIRealm"  
>>> debug="99"
>>>              connectionURL="ldap://server:389"
>>>              connectionName="username"
>>>              connectionPassword="password"
>>>              referrals="follow"
>>>              userBase="OU=Usuarios, OU=Cit, DC=cit"
>>>              userSearch="(sAMAccountName={0})"
>>>            userRoleName="memberOf"
>>>
>>> userSubtree="true"
>>>
>>>      />
>>>
>>> *web.xml* of JSPWiki
>>>   <security-constraint>
>>>       <web-resource-collection>
>>>           <web-resource-name>Administrative Area</web-resource-name>
>>>           <url-pattern>/Delete.jsp</url-pattern>
>>>       </web-resource-collection>
>>>       <auth-constraint>
>>>           <role-name>Admin</role-name>
>>>       </auth-constraint>
>>>       <user-data-constraint>
>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>       </user-data-constraint>
>>>   </security-constraint>
>>>
>>>   <security-constraint>
>>>       <web-resource-collection>
>>>           <web-resource-name>Authenticated area</web-resource-name>
>>>           <url-pattern>/Edit.jsp</url-pattern>
>>>           <url-pattern>/Comment.jsp</url-pattern>
>>>           <url-pattern>/Login.jsp</url-pattern>
>>>           <url-pattern>/NewGroup.jsp</url-pattern>
>>>           <url-pattern>/Rename.jsp</url-pattern>
>>>           <url-pattern>/Upload.jsp</url-pattern>
>>>           <http-method>DELETE</http-method>
>>>           <http-method>GET</http-method>
>>>           <http-method>HEAD</http-method>
>>>           <http-method>POST</http-method>
>>>           <http-method>PUT</http-method>
>>>       </web-resource-collection>
>>>
>>>       <web-resource-collection>
>>>           <web-resource-name>Read-only Area</web-resource-name>
>>>           <url-pattern>/attach</url-pattern>
>>>           <http-method>DELETE</http-method>
>>>           <http-method>POST</http-method>
>>>           <http-method>PUT</http-method>
>>>       </web-resource-collection>
>>>
>>>       <auth-constraint>
>>>           <role-name>Admin</role-name>
>>>           <role-name>Authenticated</role-name>
>>>       </auth-constraint>
>>>
>>>       <user-data-constraint>
>>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>       </user-data-constraint>
>>>   </security-constraint>
>>>
>>>   <login-config>
>>>       <auth-method>FORM</auth-method>
>>>       <form-login-config>
>>>           <form-login-page>/LoginForm.jsp</form-login-page>
>>>           <form-error-page>/LoginForm.jsp</form-error-page>
>>>       </form-login-config>
>>>   </login-config>
>>>
>>>   <security-role>
>>>       <description>
>>>           This logical role includes all authenticated users
>>>       </description>
>>>       <role-name>Authenticated</role-name>
>>>   </security-role>
>>>
>>>   <security-role>
>>>       <description>
>>>           This logical role includes all administrative users
>>>       </description>
>>>       <role-name>Admin</role-name>
>>>   </security-role>
>>>
>>


Mime
View raw message