incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From new2Jaas <>
Subject Re: Integrating JSPWiki in another webapp
Date Wed, 04 Jun 2008 19:48:10 GMT


I tried a similar thing.

I am writing my own LoginModule (MyLoginModule) and MyCallbackHandler and
would want to "modifyPrincipals" as mentioned by Florian.

MyCallbackHandler is creating an array of callbacks[] with 2 Namecallback
objects (one for userName and one for userType). These two (userName and
userType) are got from request parameters that come from another web
application within the same Tomcat container.

However, should MyLoginModule extend from AbstractLoginModule to be able to
do that. If so, then I have an issue with initialising my callbackhandler
object in the loginmodule.
The earlier approach I tried was for MyLoginModule to implement LoginModule
interface - this let me implement initialise, commit, abort and logout
methods - but I didnt have access to the m_principals etc., collections to
be able to modifyPrincipals.

How do I do both - be able to initialise my callback handler AND have access
to m_principals etc., collections?

I am  using Tomcat5.5. I set the = jaas, set the policy to
use JSPWiki-Custom authentication. Using JSPWiki 2.6.2.

Florian Hopf-2 wrote:
> Hi,
> I'm currently in the process of integrating JSPWiki in a different
> webapp and have some problems regarding authorization.
> I want the wiki to be integrated completely in my webapp and use only
> the login of my webapp. The wiki is not supposed to be visible at all
> for anonymous users.
> I developed a LoginModule that retrieves the user information from
> session. The relevant section of the LoginModule:
>                 WikiPrincipal userPrincipal = new
> WikiPrincipal(user.getCmsUserName());
>                 // If login succeeds, commit these principals/roles
>                 m_principals.add(userPrincipal);
>                 m_principals.add(Role.AUTHENTICATED);
>                 m_principals.add(Role.ALL);
>                 // If login succeeds, overwrite these principals/roles
>                 m_principalsToOverwrite.add( WikiPrincipal.GUEST );
>                 m_principalsToOverwrite.add(Role.ANONYMOUS);
>                 m_principalsToOverwrite.add(Role.ASSERTED);
>                 // If login fails, remove these roles
>                 m_principalsToRemove.add(Role.AUTHENTICATED);
>                 return true;
> I adjusted the jspwiki.jaas configuration to look like this:
> JSPWiki-container {
>    my.LoginModule       SUFFICIENT;
>    com.ecyrd.jspwiki.auth.login.AnonymousLoginModule       SUFFICIENT;
> };
> I still use the WebContainerAuthorizer, as long as I'm always logged in,
> this shouldn't matter?
> I adjusted jspwiki.policy to look like this (only Authenticated
> permissions):
> ... keystore and code policies ...
> grant signedBy "jspwiki",
>   principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "rename";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages";
>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
> Now when I access the main page everything seems to work fine (It
> displays my user name on the left bar) but I can't click any links
> because I don't have access to any page. (The log says: User hopf has no
> access - forbidden
> (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:UndefinedPages","view"))
> I ran a debugger session to find out, what's wrong. My session subject
> contains all three principals (the WikiPrincipal and the two roles ALL
> and AUTHENTICATED) but all security checks for PagePermissions fail. I
> tried to include all PagePermissions (edit, view, ...) but this didn't
> help either.
> Am I on the right track trying to integrate the wiki in my user
> management or am I doing something wrong?
> Thanks for any help
> Florian

View this message in context:
Sent from the JspWiki - User mailing list archive at

View raw message