incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <h...@synyx.de>
Subject Re: Integrating JSPWiki in another webapp
Date Sat, 05 Jan 2008 13:12:37 GMT
Hi,
thanks for your quick response! I am doing this on 2.4, so this might be
the case. I already checked the jar with jarsigner -verify but to me it
seemed to be valid. I will try the upgrade as soon as possible and see if
there is any change.

Thanks
Florian

>
> Hi!
>
> Are you doing this on 2.4 or 2.6?  If 2.4, this kinda sounds like JAR
> signing problems.  In that case, I would strongly urge you to upgrade
> to 2.6, since 2.6 does not require JAR signing anymore.
>
> /Janne
>
> On 4 Jan 2008, at 19:15, Florian Hopf wrote:
>
>> Hi,
>> I'm currently in the process of integrating JSPWiki in a different
>> webapp and have some problems regarding authorization.
>>
>> I want the wiki to be integrated completely in my webapp and use only
>> the login of my webapp. The wiki is not supposed to be visible at all
>> for anonymous users.
>>
>> I developed a LoginModule that retrieves the user information from
>> session. The relevant section of the LoginModule:
>>
>>                 WikiPrincipal userPrincipal = new
>> WikiPrincipal(user.getCmsUserName());
>>
>>                 // If login succeeds, commit these principals/roles
>>                 m_principals.add(userPrincipal);
>>                 m_principals.add(Role.AUTHENTICATED);
>>                 m_principals.add(Role.ALL);
>>
>>                 // If login succeeds, overwrite these principals/roles
>>                 m_principalsToOverwrite.add( WikiPrincipal.GUEST );
>>                 m_principalsToOverwrite.add(Role.ANONYMOUS);
>>                 m_principalsToOverwrite.add(Role.ASSERTED);
>>
>>                 // If login fails, remove these roles
>>                 m_principalsToRemove.add(Role.AUTHENTICATED);
>>
>>                 return true;
>>
>> I adjusted the jspwiki.jaas configuration to look like this:
>>
>> JSPWiki-container {
>>    my.LoginModule       SUFFICIENT;
>>    com.ecyrd.jspwiki.auth.login.AnonymousLoginModule       SUFFICIENT;
>> };
>>
>> I still use the WebContainerAuthorizer, as long as I'm always
>> logged in,
>> this shouldn't matter?
>>
>> I adjusted jspwiki.policy to look like this (only Authenticated
>> permissions):
>>
>> ... keystore and code policies ...
>>
>> grant signedBy "jspwiki",
>>   principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:*",
>> "rename";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "createPages";
>>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission
>> "JSPWiki";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "login";
>> };
>>
>> Now when I access the main page everything seems to work fine (It
>> displays my user name on the left bar) but I can't click any links
>> because I don't have access to any page. (The log says: User hopf
>> has no
>> access - forbidden
>> (permission=
>> ("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Undefine
>> dPages","view"))
>>
>> I ran a debugger session to find out, what's wrong. My session subject
>> contains all three principals (the WikiPrincipal and the two roles ALL
>> and AUTHENTICATED) but all security checks for PagePermissions fail. I
>> tried to include all PagePermissions (edit, view, ...) but this didn't
>> help either.
>>
>> Am I on the right track trying to integrate the wiki in my user
>> management or am I doing something wrong?
>>
>> Thanks for any help
>> Florian
>
>



Mime
View raw message