incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jonathan <jengb...@ryerson.ca>
Subject Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration
Date Wed, 15 Jul 2009 21:30:31 GMT
heya too!

The wiki page on container auth has been very, very helpful, yes.  Upon 
further investigation, I think my issues are currently more role-related 
than UserDatabase related.

Container has been set up to authenticate to ldap, no roles have been 
configured, web.xml is default container-managed config.  As soon as I 
log in, I end up getting a forbidden page (on Login.jsp?redirect=Main). 
  If I click "Better luck next time", I end up back on the main page, 
"authenticated" (much like this problem: 
http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01892.html 
- except I'm using Tomcat 5.5.15).

If I look at my security log, I get the following entries only *after* I 
click the "Better luck..." link on the Forbidden page:

2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED 
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
target=com.ecyrd.jspwiki.WikiSession@1f55105]
2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED 
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
target=com.ecyrd.jspwiki.WikiSession@1f55105]
2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
target=com.ecyrd.jspwiki.WikiSession@1f55105]
2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, 
target=com.ecyrd.jspwiki.WikiSession@1f55105]


It looks like I now should have the "Authenticated" role from the 
container (though I don't seem to have it (according to the log, anyway) 
immediately after clicking "login" which is strange).  However, I still 
get "Forbidden" if I try and go to Edit.jsp or similar (the 
"Authenticated area" in web.xml).

After the initial "Forbidden", my wiki acls seem to work properly, but 
the container-given Role ("Authenticated") doesn't seem to be working, 
even though the logs appear to indicate that the role has been assigned.

Thoughts on where to go from here?

as always, many thanks,
jonathan.


Janne Jalkanen wrote:
> 
> Heya!
> 
> Does this help?
> 
> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
> 
> /Janne
> 
> On 14 Jul 2009, at 21:37, jonathan wrote:
> 
>> Has anyone successfully done this?
>>
>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user 
>> data, so I have no local userdatabse.xml file to fall back on.  The 
>> existing LDAPUserDatabase doesn't work with 2.8, of course.
>>
>> If you've done this, how are you handling the userdatabase portion 
>> under 2.8?  We have a very large ldap database, but a relatively small 
>> number of JSPWiki users, so migrating the ldap info into an xml (or 
>> even mysql) userdatabase seems a bit like overkill (though this may be 
>> the simplest route to take given my relative inability to recode the 
>> LDAPUserDatabase stuff).
>>
>> Any thoughts appreciated.
> 
> 

Mime
View raw message