incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Louis Masters <louis.mast...@log-net.com>
Subject Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration
Date Thu, 16 Jul 2009 18:28:20 GMT
On 2.8.1, we have also been seeing the double login issue - I just 
thought it had something to do with Firefox, but I'll look into whether 
we have this property set.

 >curious point:  with jspwiki.cookieAssertions=true in 
jspwiki.properties, I'm forced to login twice (at which point everything 
works).  With it false, I get properly authenticated the first time. 
strange.


Andrew Jaquith wrote:
> Jonathan --
>
> Very interesting. I'll look into this. Thanks for investigating. --Andrew
>
> On Jul 16, 2009, at 10:10, jonathan <jengbrec@ryerson.ca> wrote:
>
>> update/fix:
>>
>> I've added a new role "person", via userRoleName="objectClass" in my 
>> server.xml realm configuration (as well as appropriate adds in 
>> web.xml).  I also had to add a connectionName and connectionPassword 
>> since we don't allow anonymous searches of the directory.
>>
>> I now get assigned the "person" role by the container, in addition to 
>> "Authenticated":
>>
>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, 
>> princpal=com.ecyrd.jspwiki.auth.authorize.Role person, 
>> target=com.ecyrd.jspwiki.WikiSession@6d06b0]
>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, 
>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, 
>> target=com.ecyrd.jspwiki.WikiSession@6d06b0]
>>
>> I no longer get "Forbidden".  I'm unsure why this manually configured 
>> role works differently than the default "Authenticated", but this is 
>> a workable solution.
>>
>> curious point:  with jspwiki.cookieAssertions=true in 
>> jspwiki.properties, I'm forced to login twice (at which point 
>> everything works).  With it false, I get properly authenticated the 
>> first time. strange.
>>
>> jonathan.
>>
>> jonathan wrote:
>>> heya too!
>>> The wiki page on container auth has been very, very helpful, yes.  
>>> Upon further investigation, I think my issues are currently more 
>>> role-related than UserDatabase related.
>>> Container has been set up to authenticate to ldap, no roles have 
>>> been configured, web.xml is default container-managed config.  As 
>>> soon as I log in, I end up getting a forbidden page (on 
>>> Login.jsp?redirect=Main).  If I click "Better luck next time", I end 
>>> up back on the main page, "authenticated" (much like this problem: 
>>> http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01892.html -

>>> except I'm using Tomcat 5.5.15).
>>> If I look at my security log, I get the following entries only 
>>> *after* I click the "Better luck..." link on the Forbidden page:
>>> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED 
>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
>>> target=com.ecyrd.jspwiki.WikiSession@1f55105]
>>> 2009-07-15 17:11:07,547 DEBUG - 
>>> WikiSecurityEvent.LOGIN_AUTHENTICATED 
>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
>>> target=com.ecyrd.jspwiki.WikiSession@1f55105]
>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, 
>>> target=com.ecyrd.jspwiki.WikiSession@1f55105]
>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD 
>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, 
>>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, 
>>> target=com.ecyrd.jspwiki.WikiSession@1f55105]
>>> It looks like I now should have the "Authenticated" role from the 
>>> container (though I don't seem to have it (according to the log, 
>>> anyway) immediately after clicking "login" which is strange).  
>>> However, I still get "Forbidden" if I try and go to Edit.jsp or 
>>> similar (the "Authenticated area" in web.xml).
>>> After the initial "Forbidden", my wiki acls seem to work properly, 
>>> but the container-given Role ("Authenticated") doesn't seem to be 
>>> working, even though the logs appear to indicate that the role has 
>>> been assigned.
>>> Thoughts on where to go from here?
>>> as always, many thanks,
>>> jonathan.
>>> Janne Jalkanen wrote:
>>>>
>>>> Heya!
>>>>
>>>> Does this help?
>>>>
>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>>>
>>>> /Janne
>>>>
>>>> On 14 Jul 2009, at 21:37, jonathan wrote:
>>>>
>>>>> Has anyone successfully done this?
>>>>>
>>>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get 
>>>>> user data, so I have no local userdatabse.xml file to fall back 
>>>>> on.  The existing LDAPUserDatabase doesn't work with 2.8, of course.
>>>>>
>>>>> If you've done this, how are you handling the userdatabase portion 
>>>>> under 2.8?  We have a very large ldap database, but a relatively 
>>>>> small number of JSPWiki users, so migrating the ldap info into an 
>>>>> xml (or even mysql) userdatabase seems a bit like overkill (though 
>>>>> this may be the simplest route to take given my relative inability 
>>>>> to recode the LDAPUserDatabase stuff).
>>>>>
>>>>> Any thoughts appreciated.
>>>>
>>>>
>
>


Mime
View raw message