incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milton Taylor <mcto...@gmail.com>
Subject Re: unable to login into jspwiki with jboss container authentication
Date Wed, 30 Jan 2008 07:57:05 GMT
Ahah! You've struck one of the limitations of using this form of 
container based authentication.

Basically, the JBoss users and roles files mechanism is really quite 
rudimentary and wasn't intended for anything serious I don't reckon. 
There is no mechanism at the jboss level that allows jspwiki to 
dynamically create new users or change passwords for authentication 
purposes. That only works if jspwiki is doing the authentication...but 
then that's not container based authentication.

(By the way, why exactly do you want to use container based 
authentication? The usual reasons are single signon between web apps, 
and access to single authentication mechanism that other apps are using, 
and possibly a slightly stronger security model overall)

In a way, there are two parallel universes still going on: jboss has its 
own idea of users and roles, (and whatever authentication mechanism is 
used). And then jspwiki has its own separate repository of users and 
roles, which is actually still used for certain things even if not 
authentication. It is the latter which potentially allows for dynamic 
user creation and password changes.

I think the only way to do what you are looking at is to set up a 
database table containing the users and roles, use the JBoss jdbc 
authenticator instead of the basic one so that JBoss looks in the db to 
authenticate, and then on top of that use the jspwiki jdbc plugin for 
users and roles. They can both work against the same database.

I have something like this set up, but I don't allow dynamic user setup 
or password changes so I'm not sure if that actually works, but the 
theory says it should.

Hope this helps!

KS Rogers wrote:
> Hi Milton,
>
> Thank you for a very very detailed answer. After turning on the detailed
> logging, as you suggested, I found that JBOSS is very case sensitive with
> the application name in security policy. After I fixed that, I was able to
> login.
>
> However - one question is for the users that I have manually created the
> names/passwords in users.properties and roles.properties, I am able to login
> but how do I allow new users to be created on their own? The 'create user'
> page is kind of disabled saying that only login is permitted. Am I missing
> something here?
>
> Regards.
>
> On Jan 28, 2008 12:29 AM, Milton Taylor <mctozzy@gmail.com> wrote:
>
>   
>> I have the current version of jspwiki running against JBoss 4.2.2, and
>> had earlier versions of both working together as well, so it does work!
>>
>> Have you also uncommented the relevant section in web.xml?
>>
>> What have you got in jboss-web.xml in your war's WEB-INF? Do you have a
>> specific security domain there? (That matches the domain in the jboss
>> security configuration?
>>
>> Lastly, where have you put the jspwiki.policy file? THings have changed
>> in 2.6.
>>
>> Also, did you  realise you have to delete log4j.jar and commons-logging
>> from your jspwiki WEB-INF folder? [Not related to security but can cause
>> problems]
>>
>> You can turn on detailed security logging in the log4j.xml
>> file....should tell you why jspwiki can't get happening.  Don't do it
>> from jspwiki.properties
>>
>>
>> KS Rogers wrote:
>>     
>>> Hi,
>>>
>>> I am unable to login to jspwiki with jboss container authentication.
>>>       
>> Below
>>     
>>> are the log messages that I get. I have enabled the container
>>>       
>> authentication
>>     
>>> in jspwiki.properties:
>>> jspwiki.authorizer =
>>>       
>> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
>>     
>>> The authentication in jboss seems to be working fine, but is failing in
>>> jspwiki. Someone please help...
>>>
>>> I have these lines in jboss->users.properties
>>> rk=Admin, Authenticated, extern, intern, User
>>> rr=Admin
>>> tt=Admin
>>> tt.roles=Admin
>>>
>>> I have these lines in jboss->roles.properties
>>> rk=Admin, Authenticated, extern, intern, User
>>> rr=Admin
>>> tt=Admin
>>> tt.roles=Admin
>>>
>>>
>>> ...
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.login.XMLLoginConfigImpl  - End
>>> getAppConfigurationEntry(JSPWiki-container),
>>> authInfo=AppConfigurationEntry[]:
>>> [0]
>>> LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
>>> ControlFlag: LoginModuleControlFlag: required
>>> Options:
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - initialize,
>>> instance=@16364317
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - Security domain:
>>>       
>> other
>>     
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - findResource: null
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - Properties
>>> file=file:/C:/install/Server/jboss-
>>> 4.0.5.GA/server/default/conf/users.properties, defaults=null
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] DEBUG
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - Loaded properties,
>>> users=[rr, tt, rk]
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - findResource: null
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - Properties
>>> file=file:/C:/install/Server/jboss-
>>> 4.0.5.GA/server/default/conf/roles.properties, defaults=null
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] DEBUG
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - Loaded properties,
>>> users=[tt.roles, rr, tt, rk]
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - login
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] TRACE
>>> org.jboss.security.auth.spi.UsersRolesLoginModule  - abort
>>> 2008-01-27 18:17:37,562 [http-0.0.0.0-8080-2] ERROR
>>> com.ecyrd.jspwiki.auth.AuthenticationManager  - Couldn't log in.
>>> Message=CallbackHandler does not support:
>>> javax.security.auth.callback.NameCallback@15e3b92
>>>
>>>
>>>       
>
>   

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message