incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <>
Subject Re: Is there possibility to implement custom automatic authentication? (not web-container based)
Date Tue, 28 Dec 2010 15:10:45 GMT


I think this is solely in Andrew's domain.  We have automatic login using CookieAuthenticationLoginModule;
do you need something else there?

For #2 I think we could use a patch, if you can write one. Sounds like a good addition.

#3 is an oversight; I don't think it should be declared as final. Can you open up a JIRA issue
and contribute a patch?

Actually, I've been using Apache Shiro lately, and it's a very well done AAA library which
does a lot of the same stuff as we do.  It would be a lot lighter for us to use that rather
than our own system (even though our system is pretty awesome).  Does anyone have (esp. Andrew)
an opinion on how well Shiro matches up with our stuff?


On 16 Dec 2010, at 05:13, Alex Tracer wrote:

> Greetings,
> I'm trying to link JSPWiki to an existing application. I need make a
> user automatically (i.e. without explicit login through Login page)
> logged in JSPWiki if he already logged in the another application. All I
> need to do on JSPWiki side is to get some cookies from request and pass
> them to my application.
> I've expected that my task will be quite simple because I knew that
> JSPWiki provides "jspwiki.loginModule.class" property that allows to use
> custom JAAS authentication. Also I've seen that
> WebContainerCallbackHandler is able to give me an HttpRequest (via
> HttpRequestCallback) so I can grab my cookies from the request and do my
> dark deeds with them...
> However I've met some serious obstacles:
> 1. "jspwiki.loginModule.class" property is used only for authentication
> thought Login.jsp. There no way to specify a custom JAAS LoginModule
> that will be used in the same place as WebContainerLoginModule in
> AuthenticationManager.login( HttpServletRequest request ). So I can't
> use my custom LoginModule here so I can't make "automatic" login.
> 2. Login.jsp uses AuthenticationManager.login( WikiSession session,
> HttpServletRequest request, String username, String password ) and
> supports customizable LoginModule but WikiCallbackHandler in this method
> is unable to handle HttpRequestCallback. So I can't use my custom
> LoginModule even for explicit login because I can't cookies from JSPWiki.
> 3. There is no way to replace AuthenticationManager with implementation
> that matches my needs because AuthenticationManager is final so I can't
> redefine it in classmappings.xml.
> I know that I can modify JSPWiki sources and build my own version of
> JSPWiki but I hope that there a way to avoid that because it will add a
> lot of extra work on merging with future versions of JSPWiki.
> Could anybody please advise on my problem? At least just point out where
> is right place to ask ;)
> Best regards,
> Alex Tracer.
> PS: Sorry for my bad English, I'm still not very good in it.

View raw message