incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: trying to integrate JSPWiki 2.8 with MS-AD via Tomcat 6
Date Tue, 12 May 2009 18:50:37 GMT
Switched to the dev list:

The security creep in me wants everything to be secure out of the box,
hence the default configuration of CONFIDENTIAL for container logins.

However, the "make it just work out of the box" usability freak hates
stuff like this.

The usability freak is currently beating up the security creep. I
think we should use a default NONE for transport-guarantee for 3.0.

Thoughts? Can I get an amen? (that's Southern Baptist for "requesting a +1").

Andrew


On Tue, May 12, 2009 at 2:41 PM, Harry Metske <harry.metske@gmail.com> wrote:
> what could be the case is that because you have
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>  tomcat redirects
> you to the port configured as redirectPort as defined on the Connector
> element in tomcat's server.xml
>
> You could verify that by using
> <transport-guarantee>NONE</transport-guarantee>
>
> regards,
> Harry
>
> 2009/5/12 Kinicky <kinicky@gmail.com>
>
>> Hi everyone!
>>
>> this is my scenery: i have users on AD and want them to use JSPWiki. I
>> follow the pages above but didnt succeed:
>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>
>> it's odd, after i did these changes i'm able to navigate through the pages
>> of wiki except the Login.jsp. When i try to go there to authenticate i got
>> an error message saying Firefox failed in establishing a connection with my
>> server.
>>
>> i hope anyone can help me!
>>
>> here some information:
>> *server.xml* on Tomcat:
>>      <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>              connectionURL="ldap://server:389"
>>              connectionName="username"
>>              connectionPassword="password"
>>              referrals="follow"
>>              userBase="OU=Usuarios, OU=Cit, DC=cit"
>>              userSearch="(sAMAccountName={0})"
>>            userRoleName="memberOf"
>>
>> userSubtree="true"
>>
>>      />
>>
>> *web.xml* of JSPWiki
>>   <security-constraint>
>>       <web-resource-collection>
>>           <web-resource-name>Administrative Area</web-resource-name>
>>           <url-pattern>/Delete.jsp</url-pattern>
>>       </web-resource-collection>
>>       <auth-constraint>
>>           <role-name>Admin</role-name>
>>       </auth-constraint>
>>       <user-data-constraint>
>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>       </user-data-constraint>
>>   </security-constraint>
>>
>>   <security-constraint>
>>       <web-resource-collection>
>>           <web-resource-name>Authenticated area</web-resource-name>
>>           <url-pattern>/Edit.jsp</url-pattern>
>>           <url-pattern>/Comment.jsp</url-pattern>
>>           <url-pattern>/Login.jsp</url-pattern>
>>           <url-pattern>/NewGroup.jsp</url-pattern>
>>           <url-pattern>/Rename.jsp</url-pattern>
>>           <url-pattern>/Upload.jsp</url-pattern>
>>           <http-method>DELETE</http-method>
>>           <http-method>GET</http-method>
>>           <http-method>HEAD</http-method>
>>           <http-method>POST</http-method>
>>           <http-method>PUT</http-method>
>>       </web-resource-collection>
>>
>>       <web-resource-collection>
>>           <web-resource-name>Read-only Area</web-resource-name>
>>           <url-pattern>/attach</url-pattern>
>>           <http-method>DELETE</http-method>
>>           <http-method>POST</http-method>
>>           <http-method>PUT</http-method>
>>       </web-resource-collection>
>>
>>       <auth-constraint>
>>           <role-name>Admin</role-name>
>>           <role-name>Authenticated</role-name>
>>       </auth-constraint>
>>
>>       <user-data-constraint>
>>           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>       </user-data-constraint>
>>   </security-constraint>
>>
>>   <login-config>
>>       <auth-method>FORM</auth-method>
>>       <form-login-config>
>>           <form-login-page>/LoginForm.jsp</form-login-page>
>>           <form-error-page>/LoginForm.jsp</form-error-page>
>>       </form-login-config>
>>   </login-config>
>>
>>   <security-role>
>>       <description>
>>           This logical role includes all authenticated users
>>       </description>
>>       <role-name>Authenticated</role-name>
>>   </security-role>
>>
>>   <security-role>
>>       <description>
>>           This logical role includes all administrative users
>>       </description>
>>       <role-name>Admin</role-name>
>>   </security-role>
>>
>

Mime
View raw message