incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ENRICO CARMONA <e.carm...@hsgerardo.org>
Subject Re: LDAP authentication problem for jspwiki 2.8.1 on windows machine
Date Thu, 15 Jan 2009 10:15:58 GMT
Hi!

I've 2.6.x but this may help you

grant a login privilege to "all" role:

my jspwiki.policy:

grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
};

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};

If you didn't have any role from LDAP you can (trick!) use a property of
LDAP like a role. 
I use: userRoleName="objectClass". It returns 'user' as role.

my server.xml:

     <Realm className="org.apache.catalina.realm.JNDIRealm"
          debug="99"
         connectionURL="ldap://ldapserver:389"
     connectionName="UserCanReadLDAP"
     connectionPassword="secret"
     referrals="follow"
         userBase="CN=Users,DC=example,DC=com"
     userSearch="(samaccountname={0})"
         userSubtree="true"
         roleBase="CN=Users,DC=example,DC=com"
         roleName="cn"
         roleSearch="(member={0})" 
         roleSubtree="true"
     userRoleName="objectClass"
       />

Then map 'user' role in jspwiki (my web.xml):

       <auth-constraint>
       <role-name>user</role-name>
       </auth-constraint>

   <security-role>
       <description>
           All users
       </description>
       <role-name>user</role-name>
   </security-role>

So, everyone has a role 'user' and can login (in my configuration not also)

Hope this help,

Enrico

---------
"TruptiP" <trupti.p27@gmail.com> scritto:

Hi,

I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I
use default userdatabase for authentication and authorization.

Now I am using LDAP authentication .... I used below specifications in
server.xml

<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://server:389"
connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com"
connectionPassword="secret"
userBase="ou=domain,dc=example,dc=com"
userSubtree="true"
userSearch="(uid={0})"
/>

In web.xml of JSPwiki

<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/Delete.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>

<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>

When I login in jspwiki I get forbidden page and after pressing "back" tab
and refresh my login is shown as authenticated.... But I am only able to
view the pages when I go to edit the page

G’day (anonymous guest) will be displayed at corner and it not
authenticate
me to update the page. I haven't use any ACL's in any page. I have given
all
authorization to authenticated user.

One more important point is I dont have any group in LDAP.
-- 
View this message in context:
http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html
Sent from the JspWiki - User mailing list archive at Nabble.com.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message