incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Louis.Mast...@log-net.com
Subject Re: unsupported callbacks? - almost done?
Date Mon, 06 Apr 2009 15:48:10 GMT
Harry:
Thanks.

OK, I modified the source and created my own auth manager and callback 
handler.  I created an initial jsp page that calls the login:

            if ( mgr.login( request ) )
            {
                log.debug( "mgr login OK for principal return " + 
wikiSession.getUserPrincipal().getName() + " and session id " + 
request.getSession().getId());
            }
            else
            {
                log.info( "Failed to authenticate user " + 
request.getParameter( "user" ) );
            }

This seems to be working OK (I get the following message):

11:41:22,516 INFO  [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED 
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@18c2ccd, 
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal lmasters, 
target=com.ecyrd.jspwiki.WikiSession@1f05c75]

However, at the bottom of my jsp, there is same redirect from the 
loginform jsp:

        response.sendRedirect( viewUrl );

This generates an error with my security:

11:41:22,547 ERROR [AnyoneAuthenticationLoginModule] General exception - 
not logging in.
javax.security.auth.login.FailedLoginException: No user found to 
authenticate
        at 
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:96)
        at 
com.ecyrd.jspwiki.auth.AuthenticationManager.doJAASLogin(AuthenticationManager.java:621)
        at 
com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:271)
        at 
com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156)
        at 
com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111)

It looks like the "WikiServletFilter" login can't find the subject or the 
session is messed up.  I'm at a loss as to where I should even start 
looking.  I'm adding the principals just like the user db login module:

                m_principals.add( principal );
                m_principals.add(Role.AUTHENTICATED);
                m_principals.add(Role.ALL);  //added to debug
                m_principalsToRemove.add(Role.AUTHENTICATED);  //added to 
debug
                m_principalsToOverwrite.add(WikiPrincipal.GUEST);  //added 
to debug
                m_principalsToOverwrite.add(Role.ANONYMOUS);  //added to 
debug
                m_principalsToOverwrite.add(Role.ASSERTED);  //added to 
debug

Have I missed a step?

Thanks,
Lou





Harry Metske <harry.metske@gmail.com> 
04/01/2009 02:37 PM
Please respond to
jspwiki-user@incubator.apache.org


To
jspwiki-user@incubator.apache.org
cc

Subject
Re: unsupported callbacks?






eeuuhh, I wouldn't know how, the only way I can think of is modifying the
source and building it again. (AuthenticationManager has the reference to
WikiCallbackHandler)

(or I misunderstood your question...)
Harry


2009/4/1 <Louis.Masters@log-net.com>

> OK, thanks.  Is there any way to override/specify the CallbackHandler so 
I
> don't need to mess around with the one in the JAR?
>
>
>
>
>
> Harry Metske <harry.metske@gmail.com>
> 03/31/2009 03:18 PM
> Please respond to
> jspwiki-user@incubator.apache.org
>
>
> To
> jspwiki-user@incubator.apache.org
> cc
>
> Subject
> Re: unsupported callbacks?
>
>
>
>
>
>
> I think you should add handling to the WikiCallbackHandler, actually 
that
> already has been done for 3.0 to support TextOutput Callbacks.
> See also https://issues.apache.org/jira/browse/JSPWIKI-464
>
> Harry
>
> 2009/3/27 <Louis.Masters@log-net.com>
>
> > I'm in the process of implementing a custom LoginModule and I ran into
> an
> > issue (maybe).  I need to access the HTTPRequest and possibly the
> > WikiEngine so I included them as callbacks:
> >
> >
> > HttpRequestCallback hcb = new HttpRequestCallback();
> > WikiEngineCallback wcb = new WikiEngineCallback();
> >  Callback[] callbacks = new Callback[]{ hcb, wcb };
> >
> > The trouble is, when I try the "handle" call, it excepts with the
> > following:
> >
> > javax.security.auth.callback.UnsupportedCallbackException
> >        at
> >
> >
>
> 
com.ecyrd.jspwiki.auth.login.WikiCallbackHandler.handle(WikiCallbackHandler.java:89)
> >        at
> >
> >
>
> 
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:36)
> >
> > I noticed the WikiCallbackHandler.java only supports UserDatabase, 
Name
> > and Password callbacks - do I need to add handling for theHttpRequest
> and
> > WikiEngine or should I create a custom callback handler and use it?
> Sorry
> > if this is a simple question, but I am new to writing LoginModules and
> > callbacks.
> >
> > Thanks,
> > Lou
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > LOG-NET, Inc.
> > The Logistics Network Management System
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 230 Half Mile Road
> > Third Floor
> > Red Bank, NJ 07701
> > PH: 732-758-6800
> > FAX: 732-747-7497
> > http://www.LOG-NET.com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > CONFIDENTIAL & PRIVILEGED
> > Unless otherwise indicated or if obvious from the nature of the 
content,
> > the information contained herein is privileged and confidential
> > information/work product. The communication is intended for the use of
> the
> > individual or entity named above.  If the reader of this transmission 
is
> > not the intended recipient, you are  hereby notified that any
> > dissemination, distribution or copying of this communication is 
strictly
> > prohibited.  If you have received this communication in error, please
> > notify the sender immediately by telephone (732-758-6800) or by
> electronic
> > mail (postmaster@LOG-NET.com), and destroy any copies, electronic, 
paper
> > or otherwise, which you may have of this communication.  Thank you.
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message