Return-Path: Delivered-To: apmail-incubator-jspwiki-user-archive@minotaur.apache.org Received: (qmail 7422 invoked from network); 6 Apr 2009 16:32:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Apr 2009 16:32:37 -0000 Received: (qmail 91245 invoked by uid 500); 6 Apr 2009 16:32:36 -0000 Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org Received: (qmail 91217 invoked by uid 500); 6 Apr 2009 16:32:36 -0000 Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-user@incubator.apache.org Delivered-To: mailing list jspwiki-user@incubator.apache.org Received: (qmail 91164 invoked by uid 99); 6 Apr 2009 16:32:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Apr 2009 16:32:36 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [63.104.202.5] (HELO rbkmail.log-net.com) (63.104.202.5) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Apr 2009 16:32:28 +0000 In-Reply-To: To: jspwiki-user@incubator.apache.org Subject: Re: unsupported callbacks? - almost done? MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006 Message-ID: From: Louis.Masters@log-net.com Date: Mon, 6 Apr 2009 12:32:03 -0400 X-MIMETrack: Serialize by Router on RBKMAIL01/LOG-NET(Release 7.0.1|January 17, 2006) at 04/06/2009 12:32:26 PM, Serialize complete at 04/06/2009 12:32:26 PM Content-Type: multipart/alternative; boundary="=_alternative 005AD3F885257590_=" X-Virus-Checked: Checked by ClamAV on apache.org --=_alternative 005AD3F885257590_= Content-Type: text/plain; charset="US-ASCII" Andrew: I've got an external deadline for this, so I'll try to push back a bit. I'll send you the files after I have cleaned them up a bit. The last day or so has resulted in quite a bit of "trial and error" in my files. So far I have the following: CustomCallbackHandler: accepts WikiEngine engine, HttpServletRequest request, Authorizer authorizer - not sure if I am setting this up correctly, but it does set the engine and request OK. AnyoneAuthenticationLoginModule: my custom login module AuthenticationManager: a tweaked version that has: public final boolean login( HttpServletRequest request ) throws WikiSecurityException method and uses my custom callbackhandler: handler = new com.lognet.wiki.auth.login.CustomCallbackHandler( m_engine, request, authorizationMgr.getAuthorizer() ); I just can't figure out where it is losing or not setting the subject/principals between the requests. -Lou Andrew Jaquith 04/06/2009 12:14 PM Please respond to jspwiki-user@incubator.apache.org To jspwiki-user@incubator.apache.org cc Subject Re: unsupported callbacks? - almost done? Lou -- can this wait until the 2.8.3 timeframe? I'd like to solve this issue for you, and for others. If you send me the patches (privately is ok), I'll use them as a starting point. BTW, the short answer to your earlier question is that the WikiCallbackHandler class needs to be able to support the HttpRequestCallback and the WikiEngineCallback. But it's not so simple, because it's instantiated via login(WikiSession,String,String) which does not contain an HttpServletRequest parameter. So ultimately the total set of tweaks we need are these: - New constructor in WikiCallbackHandler that accepts an HttpServletRequest, plus code that returns an HttpRequestCallback when requested by a LoginModule - New method in AuthenticationManager: login( HttpServletRequest, String String ) that constructs the WikiCallbackHander with the request Doing these things will open up a lot of possibilities, including writing an OpenID LoginModule (because it will be able to get access to the request). Andrew On Mon, Apr 6, 2009 at 11:48 AM, wrote: > Harry: > Thanks. > > OK, I modified the source and created my own auth manager and callback > handler. I created an initial jsp page that calls the login: > > if ( mgr.login( request ) ) > { > log.debug( "mgr login OK for principal return " + > wikiSession.getUserPrincipal().getName() + " and session id " + > request.getSession().getId()); > } > else > { > log.info( "Failed to authenticate user " + > request.getParameter( "user" ) ); > } > > This seems to be working OK (I get the following message): > > 11:41:22,516 INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@18c2ccd, > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal lmasters, > target=com.ecyrd.jspwiki.WikiSession@1f05c75] > > However, at the bottom of my jsp, there is same redirect from the > loginform jsp: > > response.sendRedirect( viewUrl ); > > This generates an error with my security: > > 11:41:22,547 ERROR [AnyoneAuthenticationLoginModule] General exception - > not logging in. > javax.security.auth.login.FailedLoginException: No user found to > authenticate > at > com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:96) > at > com.ecyrd.jspwiki.auth.AuthenticationManager.doJAASLogin(AuthenticationManager.java:621) > at > com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:271) > at > com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156) > at > com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111) > > It looks like the "WikiServletFilter" login can't find the subject or the > session is messed up. I'm at a loss as to where I should even start > looking. I'm adding the principals just like the user db login module: > > m_principals.add( principal ); > m_principals.add(Role.AUTHENTICATED); > m_principals.add(Role.ALL); //added to debug > m_principalsToRemove.add(Role.AUTHENTICATED); //added to > debug > m_principalsToOverwrite.add(WikiPrincipal.GUEST); //added > to debug > m_principalsToOverwrite.add(Role.ANONYMOUS); //added to > debug > m_principalsToOverwrite.add(Role.ASSERTED); //added to > debug > > Have I missed a step? > > Thanks, > Lou > > > > > > Harry Metske > 04/01/2009 02:37 PM > Please respond to > jspwiki-user@incubator.apache.org > > > To > jspwiki-user@incubator.apache.org > cc > > Subject > Re: unsupported callbacks? > > > > > > > eeuuhh, I wouldn't know how, the only way I can think of is modifying the > source and building it again. (AuthenticationManager has the reference to > WikiCallbackHandler) > > (or I misunderstood your question...) > Harry > > > 2009/4/1 > >> OK, thanks. Is there any way to override/specify the CallbackHandler so > I >> don't need to mess around with the one in the JAR? >> >> >> >> >> >> Harry Metske >> 03/31/2009 03:18 PM >> Please respond to >> jspwiki-user@incubator.apache.org >> >> >> To >> jspwiki-user@incubator.apache.org >> cc >> >> Subject >> Re: unsupported callbacks? >> >> >> >> >> >> >> I think you should add handling to the WikiCallbackHandler, actually > that >> already has been done for 3.0 to support TextOutput Callbacks. >> See also https://issues.apache.org/jira/browse/JSPWIKI-464 >> >> Harry >> >> 2009/3/27 >> >> > I'm in the process of implementing a custom LoginModule and I ran into >> an >> > issue (maybe). I need to access the HTTPRequest and possibly the >> > WikiEngine so I included them as callbacks: >> > >> > >> > HttpRequestCallback hcb = new HttpRequestCallback(); >> > WikiEngineCallback wcb = new WikiEngineCallback(); >> > Callback[] callbacks = new Callback[]{ hcb, wcb }; >> > >> > The trouble is, when I try the "handle" call, it excepts with the >> > following: >> > >> > javax.security.auth.callback.UnsupportedCallbackException >> > at >> > >> > >> >> > com.ecyrd.jspwiki.auth.login.WikiCallbackHandler.handle(WikiCallbackHandler.java:89) >> > at >> > >> > >> >> > com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:36) >> > >> > I noticed the WikiCallbackHandler.java only supports UserDatabase, > Name >> > and Password callbacks - do I need to add handling for theHttpRequest >> and >> > WikiEngine or should I create a custom callback handler and use it? >> Sorry >> > if this is a simple question, but I am new to writing LoginModules and >> > callbacks. >> > >> > Thanks, >> > Lou >> > >> > >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > LOG-NET, Inc. >> > The Logistics Network Management System >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > 230 Half Mile Road >> > Third Floor >> > Red Bank, NJ 07701 >> > PH: 732-758-6800 >> > FAX: 732-747-7497 >> > http://www.LOG-NET.com >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> > CONFIDENTIAL & PRIVILEGED >> > Unless otherwise indicated or if obvious from the nature of the > content, >> > the information contained herein is privileged and confidential >> > information/work product. The communication is intended for the use of >> the >> > individual or entity named above. If the reader of this transmission > is >> > not the intended recipient, you are hereby notified that any >> > dissemination, distribution or copying of this communication is > strictly >> > prohibited. If you have received this communication in error, please >> > notify the sender immediately by telephone (732-758-6800) or by >> electronic >> > mail (postmaster@LOG-NET.com), and destroy any copies, electronic, > paper >> > or otherwise, which you may have of this communication. Thank you. >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >> > > --=_alternative 005AD3F885257590_=--