incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Gao <>
Subject Re: LDAP groups
Date Thu, 06 Mar 2008 01:45:14 GMT
Hi Milton,

I did not change the policy for "Authenticated" as I think jspwiki may 
need that internally. Hope my configuration below may help

Tomcat server.xml (only JNDIRealm enabled) (LDAP server is Sun One 
Directory Server)
      <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
           connectionName="cn=Directory Manager"
           userPattern="uid={0}, ou=People,dc=example,dc=com"
JSPWiki web.xml Security constraint


           This logical role includes all administrative users
Security policy: (added the following as a new entry, no new policy 
added for other LDAP groups)

grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";

-------- Original Message --------
> Can I just clarify that it is not possible to "rename" the 
> Authenticated role in the policy file in order to map it to something 
> else in the LDAP directory?
> Last time I investigated this, it seemed that jspwiki expected there 
> to be a role named "Authenticated" that the user was a member of, 
> regardless of what the policy file might call this role.
> Andrew Jaquith wrote:
>> David - your simple example works much better than my long-winded 
>> explanation might have. :) Nice one.
>> Ryan - the important point here is that you can add container roles 
>> to your security policy file using the syntax in David's example. You 
>> can use container roles in wiki page ACLs, too. To make this work, 
>> you need to make sure you have a "role" element in your web.xml for 
>> each LDAP group you are referencing.
>> Andrew
>> On Mar 5, 2008, at 16:59, David Gao <> wrote:

David Gao (

View raw message