incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Louis.Mast...@log-net.com
Subject Re: unsupported callbacks? - almost done?
Date Tue, 07 Apr 2009 13:14:26 GMT
Andrew:

This is great!  Thanks.

I'll try it and let you know.

-Lou




Andrew Jaquith <andrew.r.jaquith@gmail.com> 
04/07/2009 09:00 AM
Please respond to
jspwiki-user@incubator.apache.org


To
jspwiki-user@incubator.apache.org
cc

Subject
Re: unsupported callbacks? - almost done?






Lou --

I've made some changes to the local 2.8.3 branch that should work. The
tweaks I've made add support for HttpRequestCallback and
WikiEngineCallback to the WikiCallbackHandler; that is, for custom
authentication. This should also help you, and anyone else who has
needed access to request attributes (and the WikiEngine) from inside
LoginModules used with custom auth.

It's in the trunk now. If you check out the latest code, please let me
know if this helps you.

Andrew

On Mon, Apr 6, 2009 at 12:32 PM,  <Louis.Masters@log-net.com> wrote:
> Andrew:
>
> I've got an external deadline for this, so I'll try to push back a bit.
>
> I'll send you the files after I have cleaned them up a bit.  The last 
day
> or so has resulted in quite a bit of "trial and error" in my files.
>
> So far I have the following:
>
> CustomCallbackHandler:  accepts WikiEngine engine, HttpServletRequest
> request, Authorizer authorizer - not sure if I am setting this up
> correctly, but it does set the engine and request OK.
> AnyoneAuthenticationLoginModule:  my custom login module
> AuthenticationManager:  a tweaked version that has:
>
>        public final boolean login( HttpServletRequest request ) throws
> WikiSecurityException
>
> method and uses my custom callbackhandler:
>
>        handler = new com.lognet.wiki.auth.login.CustomCallbackHandler(
> m_engine, request, authorizationMgr.getAuthorizer() );
>
> I just can't figure out where it is losing or not setting the
> subject/principals between the requests.
>
> -Lou
>
>
>
> Andrew Jaquith <andrew.r.jaquith@gmail.com>
> 04/06/2009 12:14 PM
> Please respond to
> jspwiki-user@incubator.apache.org
>
>
> To
> jspwiki-user@incubator.apache.org
> cc
>
> Subject
> Re: unsupported callbacks? - almost done?
>
>
>
>
>
>
> Lou -- can this wait until the 2.8.3 timeframe? I'd like to solve this
> issue for you, and for others.
>
> If you send me the patches (privately is ok), I'll use them as a 
starting
> point.
>
> BTW, the short answer to your earlier question is that the
> WikiCallbackHandler class needs to be able to support the
> HttpRequestCallback and the WikiEngineCallback. But it's not so
> simple, because it's instantiated via login(WikiSession,String,String)
> which does not contain an HttpServletRequest parameter. So ultimately
> the total set of tweaks we need are these:
>
> - New constructor in WikiCallbackHandler that accepts an
> HttpServletRequest, plus code that returns an HttpRequestCallback when
> requested by a LoginModule
> - New method in AuthenticationManager: login( HttpServletRequest,
> String String ) that constructs the WikiCallbackHander with the
> request
>
> Doing these things will open up a lot of possibilities, including
> writing an OpenID LoginModule (because it will be able to get access
> to the request).
>
> Andrew
>
> On Mon, Apr 6, 2009 at 11:48 AM,  <Louis.Masters@log-net.com> wrote:
>> Harry:
>> Thanks.
>>
>> OK, I modified the source and created my own auth manager and callback
>> handler.  I created an initial jsp page that calls the login:
>>
>>            if ( mgr.login( request ) )
>>            {
>>                log.debug( "mgr login OK for principal return " +
>> wikiSession.getUserPrincipal().getName() + " and session id " +
>> request.getSession().getId());
>>            }
>>            else
>>            {
>>                log.info( "Failed to authenticate user " +
>> request.getParameter( "user" ) );
>>            }
>>
>> This seems to be working OK (I get the following message):
>>
>> 11:41:22,516 INFO  [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@18c2ccd,
>> princpal=com.ecyrd.jspwiki.auth.WikiPrincipal lmasters,
>> target=com.ecyrd.jspwiki.WikiSession@1f05c75]
>>
>> However, at the bottom of my jsp, there is same redirect from the
>> loginform jsp:
>>
>>        response.sendRedirect( viewUrl );
>>
>> This generates an error with my security:
>>
>> 11:41:22,547 ERROR [AnyoneAuthenticationLoginModule] General exception 
-
>> not logging in.
>> javax.security.auth.login.FailedLoginException: No user found to
>> authenticate
>>        at
>>
> 
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:96)
>>        at
>>
> 
com.ecyrd.jspwiki.auth.AuthenticationManager.doJAASLogin(AuthenticationManager.java:621)
>>        at
>>
> 
com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:271)
>>        at
>>
> 
com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156)
>>        at
>> com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111)
>>
>> It looks like the "WikiServletFilter" login can't find the subject or
> the
>> session is messed up.  I'm at a loss as to where I should even start
>> looking.  I'm adding the principals just like the user db login module:
>>
>>                m_principals.add( principal );
>>                m_principals.add(Role.AUTHENTICATED);
>>                m_principals.add(Role.ALL);  //added to debug
>>                m_principalsToRemove.add(Role.AUTHENTICATED);  //added 
to
>> debug
>>                m_principalsToOverwrite.add(WikiPrincipal.GUEST);
>  //added
>> to debug
>>                m_principalsToOverwrite.add(Role.ANONYMOUS);  //added to
>> debug
>>                m_principalsToOverwrite.add(Role.ASSERTED);  //added to
>> debug
>>
>> Have I missed a step?
>>
>> Thanks,
>> Lou
>>
>>
>>
>>
>>
>> Harry Metske <harry.metske@gmail.com>
>> 04/01/2009 02:37 PM
>> Please respond to
>> jspwiki-user@incubator.apache.org
>>
>>
>> To
>> jspwiki-user@incubator.apache.org
>> cc
>>
>> Subject
>> Re: unsupported callbacks?
>>
>>
>>
>>
>>
>>
>> eeuuhh, I wouldn't know how, the only way I can think of is modifying
> the
>> source and building it again. (AuthenticationManager has the reference
> to
>> WikiCallbackHandler)
>>
>> (or I misunderstood your question...)
>> Harry
>>
>>
>> 2009/4/1 <Louis.Masters@log-net.com>
>>
>>> OK, thanks.  Is there any way to override/specify the CallbackHandler
> so
>> I
>>> don't need to mess around with the one in the JAR?
>>>
>>>
>>>
>>>
>>>
>>> Harry Metske <harry.metske@gmail.com>
>>> 03/31/2009 03:18 PM
>>> Please respond to
>>> jspwiki-user@incubator.apache.org
>>>
>>>
>>> To
>>> jspwiki-user@incubator.apache.org
>>> cc
>>>
>>> Subject
>>> Re: unsupported callbacks?
>>>
>>>
>>>
>>>
>>>
>>>
>>> I think you should add handling to the WikiCallbackHandler, actually
>> that
>>> already has been done for 3.0 to support TextOutput Callbacks.
>>> See also https://issues.apache.org/jira/browse/JSPWIKI-464
>>>
>>> Harry
>>>
>>> 2009/3/27 <Louis.Masters@log-net.com>
>>>
>>> > I'm in the process of implementing a custom LoginModule and I ran
> into
>>> an
>>> > issue (maybe).  I need to access the HTTPRequest and possibly the
>>> > WikiEngine so I included them as callbacks:
>>> >
>>> >
>>> > HttpRequestCallback hcb = new HttpRequestCallback();
>>> > WikiEngineCallback wcb = new WikiEngineCallback();
>>> >  Callback[] callbacks = new Callback[]{ hcb, wcb };
>>> >
>>> > The trouble is, when I try the "handle" call, it excepts with the
>>> > following:
>>> >
>>> > javax.security.auth.callback.UnsupportedCallbackException
>>> >        at
>>> >
>>> >
>>>
>>>
>>
> 
com.ecyrd.jspwiki.auth.login.WikiCallbackHandler.handle(WikiCallbackHandler.java:89)
>>> >        at
>>> >
>>> >
>>>
>>>
>>
> 
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:36)
>>> >
>>> > I noticed the WikiCallbackHandler.java only supports UserDatabase,
>> Name
>>> > and Password callbacks - do I need to add handling for 
theHttpRequest
>>> and
>>> > WikiEngine or should I create a custom callback handler and use it?
>>> Sorry
>>> > if this is a simple question, but I am new to writing LoginModules
> and
>>> > callbacks.
>>> >
>>> > Thanks,
>>> > Lou
>>> >
>>> >
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> > LOG-NET, Inc.
>>> > The Logistics Network Management System
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> > 230 Half Mile Road
>>> > Third Floor
>>> > Red Bank, NJ 07701
>>> > PH: 732-758-6800
>>> > FAX: 732-747-7497
>>> > http://www.LOG-NET.com
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> > CONFIDENTIAL & PRIVILEGED
>>> > Unless otherwise indicated or if obvious from the nature of the
>> content,
>>> > the information contained herein is privileged and confidential
>>> > information/work product. The communication is intended for the use
> of
>>> the
>>> > individual or entity named above.  If the reader of this 
transmission
>> is
>>> > not the intended recipient, you are  hereby notified that any
>>> > dissemination, distribution or copying of this communication is
>> strictly
>>> > prohibited.  If you have received this communication in error, 
please
>>> > notify the sender immediately by telephone (732-758-6800) or by
>>> electronic
>>> > mail (postmaster@LOG-NET.com), and destroy any copies, electronic,
>> paper
>>> > or otherwise, which you may have of this communication.  Thank you.
>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>>
>>
>>
>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message