incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: custom login in JSPWiki
Date Fri, 15 Jan 2010 20:30:30 GMT

That's a bit tricky, since the PageProvider interface does not support  
sending any information about the request through the interface  
itself. From the Provider's point of view, the engine is a complete  
black hole.

You *can* however do some trickery by creating a PageFilter or a  
ServletFilter which sits in front of every request, and stores the  
credentials inside a singleton, which contains a ThreadLocal to store  
the credentials, which can then be fetched by the Provider.

E.g.

class MyFilter implements Filter
{
	public static ThreadLocal<MyCredentials> c_credentials = new  
ThreadLocal<MyCredentials>();

	public void doFilter( ServletRequest request, ServletResponse  
response, FilterChain chain )
	{
		m_engine.getAuthenticationManager().login( httpRequest );
                 WikiSession wikiSession =  
SessionMonitor.getInstance( m_engine ).find( httpRequest.getSession() );

		c_credentials.set( new  
MyCredentials(wikiSession.getLoginPrincipal()) );

		chain.doFilter( httpRequest, response );
	}
}

...

class MyProvider implements WikiPageProvider
{
	public boolean pageExists( String page )
	{
		MyCredentials c = MyFilter.c_credentials.get();

		...
	}
}

Or something to that effect.  A bit complicated, but would work.  The  
ThreadLocal part is important.  You could also store the entire  
WikiSession in there, if you wanted to, but then you want to be  
careful as to make sure that it gets collected by setting it to null  
after using it. WikiSessions can be big.

/Janne

On Jan 15, 2010, at 15:36 , Schenk, Andre wrote:

> Hi developers,
>
> I thought my problem was solved with JSPWiki 2.8.3 but unfortunately  
> is isn't.
>
> What I like to do is to use an own WikiPageProvider which gets the  
> Wiki pages from an external repository. The access to this  
> repository is restricted so I need a login handle or at least a user/ 
> password information.
>
> Beginning with release 2.8.3 there is a WikiEngineCallback available  
> in the AbstractLoginModule.login(). Now I can do a custom login, get  
> a login handle from the given user/password and store it in the Wiki  
> engine object. Later on the page provider can pick that handle from  
> the Wiki engine and use it to get the Wiki pages from the repository.
>
> Now my problem is that the Wiki engine is not bound to a session so  
> if someone logs in then his login handle is globally visible.
>
> Is there a way to solve my problem?
>
> Thanks for your help!
>
> Best regards,
>
> André
>
> ---------------------------------------
> André Schenk
> ePublishing & eScience
> Development & Applied Research
> Phone +49 7247 808-215
> Fax +49 7247 808-133
> Andre.Schenk@fiz-karlsruhe.de
>
>
> FIZ Karlsruhe
> Hermann-von-Helmholtz-Platz 1
> 76344 Eggenstein-Leopoldshafen, Germany
>
> www.fiz-karlsruhe.de
> ---------------------------------------
>
>
> -------------------------------------------------------
>
> Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich- 
> technische Information mbH.
> Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht  
> Mannheim HRB 101892.
> Geschäftsführerin: Sabine Brünger-Weilandt.
> Vorsitzender des Aufsichtsrats: MinR Hermann Riehl.
>


Mime
View raw message