Return-Path: Delivered-To: apmail-incubator-jspwiki-user-archive@locus.apache.org Received: (qmail 94080 invoked from network); 29 May 2008 20:10:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 May 2008 20:10:22 -0000 Received: (qmail 82846 invoked by uid 500); 29 May 2008 20:10:13 -0000 Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org Received: (qmail 82836 invoked by uid 500); 29 May 2008 20:10:13 -0000 Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-user@incubator.apache.org Delivered-To: mailing list jspwiki-user@incubator.apache.org Received: (qmail 82815 invoked by uid 99); 29 May 2008 20:10:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 May 2008 13:10:13 -0700 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 May 2008 20:09:18 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1K1oRP-00063E-Se for jspwiki-user@incubator.apache.org; Thu, 29 May 2008 13:09:39 -0700 Message-ID: <17544739.post@talk.nabble.com> Date: Thu, 29 May 2008 13:09:39 -0700 (PDT) From: new2Jaas To: jspwiki-user@incubator.apache.org Subject: Re: Integrating JSPWiki in another webapp In-Reply-To: <1360.88.66.38.36.1199538757.squirrel@mail.synyx.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: ramyakgrama@gmail.com References: <477E699A.7030607@synyx.de> <6878A08E-4E08-4A61-8E7F-9B5E51FF1CDA@ecyrd.com> <1360.88.66.38.36.1199538757.squirrel@mail.synyx.de> X-Virus-Checked: Checked by ClamAV on apache.org Hi Florian, We are trying the exact samething. We would like to know about sharing data from one web application to LoginModule. In your comment you say that you were able to get the user information from the "session". Could you please throw more light on this. Is it a HttpSession or something else. Thanks for your quick reply! new2Jaas Florian Hopf-2 wrote: > > Hi, > thanks for your quick response! I am doing this on 2.4, so this might be > the case. I already checked the jar with jarsigner -verify but to me it > seemed to be valid. I will try the upgrade as soon as possible and see if > there is any change. > > Thanks > Florian > >> >> Hi! >> >> Are you doing this on 2.4 or 2.6? If 2.4, this kinda sounds like JAR >> signing problems. In that case, I would strongly urge you to upgrade >> to 2.6, since 2.6 does not require JAR signing anymore. >> >> /Janne >> >> On 4 Jan 2008, at 19:15, Florian Hopf wrote: >> >>> Hi, >>> I'm currently in the process of integrating JSPWiki in a different >>> webapp and have some problems regarding authorization. >>> >>> I want the wiki to be integrated completely in my webapp and use only >>> the login of my webapp. The wiki is not supposed to be visible at all >>> for anonymous users. >>> >>> I developed a LoginModule that retrieves the user information from >>> session. The relevant section of the LoginModule: >>> >>> WikiPrincipal userPrincipal = new >>> WikiPrincipal(user.getCmsUserName()); >>> >>> // If login succeeds, commit these principals/roles >>> m_principals.add(userPrincipal); >>> m_principals.add(Role.AUTHENTICATED); >>> m_principals.add(Role.ALL); >>> >>> // If login succeeds, overwrite these principals/roles >>> m_principalsToOverwrite.add( WikiPrincipal.GUEST ); >>> m_principalsToOverwrite.add(Role.ANONYMOUS); >>> m_principalsToOverwrite.add(Role.ASSERTED); >>> >>> // If login fails, remove these roles >>> m_principalsToRemove.add(Role.AUTHENTICATED); >>> >>> return true; >>> >>> I adjusted the jspwiki.jaas configuration to look like this: >>> >>> JSPWiki-container { >>> my.LoginModule SUFFICIENT; >>> com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT; >>> }; >>> >>> I still use the WebContainerAuthorizer, as long as I'm always >>> logged in, >>> this shouldn't matter? >>> >>> I adjusted jspwiki.policy to look like this (only Authenticated >>> permissions): >>> >>> ... keystore and code policies ... >>> >>> grant signedBy "jspwiki", >>> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" { >>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission >>> "*:*", >>> "rename"; >>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >>> "createPages"; >>> permission com.ecyrd.jspwiki.auth.permissions.AllPermission >>> "JSPWiki"; >>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >>> "login"; >>> }; >>> >>> Now when I access the main page everything seems to work fine (It >>> displays my user name on the left bar) but I can't click any links >>> because I don't have access to any page. (The log says: User hopf >>> has no >>> access - forbidden >>> (permission= >>> ("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Undefine >>> dPages","view")) >>> >>> I ran a debugger session to find out, what's wrong. My session subject >>> contains all three principals (the WikiPrincipal and the two roles ALL >>> and AUTHENTICATED) but all security checks for PagePermissions fail. I >>> tried to include all PagePermissions (edit, view, ...) but this didn't >>> help either. >>> >>> Am I on the right track trying to integrate the wiki in my user >>> management or am I doing something wrong? >>> >>> Thanks for any help >>> Florian >> >> > > > > -- View this message in context: http://www.nabble.com/Integrating-JSPWiki-in-another-webapp-tp14621031p17544739.html Sent from the JspWiki - User mailing list archive at Nabble.com.