incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wyllys Ingersoll <wyllys.ingers...@sun.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Wed, 25 Mar 2009 13:53:58 GMT

I'm not clear on the issue of roles and groups when authenticating to LDAP.

My LDAP server does not return that data for any users. I can query the
full LDAP record for myself and there are no "role" or "group" values of
any kind.

How to I force either the container or the application to map any authenticated
user to a "group" that JSPWiki will recognize?

-Wyllys


TruptiP wrote:
> Hi Wyllys,
> 
> I forgot to mention part from web.xml of JSPWIKI.
> 
> You have to use RoleName(which you extract from LDAP authentication. in my
> previous mail I have given example of groups (abc,pqr)).
> Now we consider abc as a group with admin rights. So in web.xml of JSPwiki, 
>  <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Administrative Area</web-resource-name>
>            <url-pattern>/Delete.jsp</url-pattern>
>        </web-resource-collection>
> 
>           <auth-constraint>
>    				<role-name>abc</role-name>
>        </auth-constraint>
> 
>  <!-- <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>  -->
>    </security-constraint>
> 
> We consider pqr group as authenticated then
>  <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Authenticated area</web-resource-name>
>            <url-pattern>/Edit.jsp</url-pattern>
>            <url-pattern>/Comment.jsp</url-pattern>
>            <url-pattern>/Login.jsp</url-pattern>
>            <url-pattern>/NewGroup.jsp</url-pattern>
>            <url-pattern>/Rename.jsp</url-pattern>
>            <url-pattern>/Upload.jsp</url-pattern>
> 		   <http-method>DELETE</http-method>
>            <http-method>GET</http-method>
>            <http-method>HEAD</http-method>
>            <http-method>POST</http-method>
>            <http-method>PUT</http-method>
>        </web-resource-collection>
> 
>        <web-resource-collection>
>            <web-resource-name>Read-only Area</web-resource-name>
>            <url-pattern>/attach</url-pattern>
>            <http-method>DELETE</http-method>
>            <http-method>POST</http-method>
>            <http-method>PUT</http-method>
>        </web-resource-collection>
> 
> 
>      <auth-constraint>
>    				<role-name>pqr</role-name>
>        </auth-constraint>
> 
>  <!-- <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>  
> -->
>    </security-constraint> 
> 
> 
> If you do not take care of extracting RoleName from LDAP and using properly
> in web.xml, then you will get that error.
> 
> Don't use Admin and Authenticated roles which are given by JSPwiki in
> web.xml.
> 
> Question - If you don't know connection name and password then how you
> implemented LDAp authentication currently? If you are able to do LDAP
> authentication then just try to retireve UserRoleName. It will solve your
> problem.
> 
> Regards,
> Trupti
> 
> 


Mime
View raw message