incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: Hints for Integrating Custom Authentication?
Date Sat, 09 Jan 2010 03:36:23 GMT
Hi Tom --

You didn't mention what version of JSPWiki you are using, but I assume
it's 2.8, right?

I don't know the specifics of your setup, but one way to solve this
might be use container authentication. If you authenticate users via
the container, JSPWiki will "pick up" those credentials and know that
the user authenticated successfully.

The other approach might be write a custom Filter that intercepts the
request before JSPWiki does. The filter would look in the user request
and extract whatever proof of authentication is in there, for example
a special cookie. The HTTP request would then be re-wrapped so that
the wrapped request's getUserPrincipal() method returned the
credential. That, too, would give JSPWiki what it needed.

Andrew

On Fri, Jan 8, 2010 at 6:03 PM, Tom Wheeler <tomwheel@gmail.com> wrote:
> I'd like to integrate JSPWiki with our company's Web-based single sign
> on system (SSO).  I've figured out how I can plug in a custom
> authenticator to validate the username/password specified on the
> JSPWiki login page, but this won't work with our SSO.
>
> To be more specific, our SSO is implemented somewhat like Kerberos,
> where the application does not have access to the credientials but
> simply delegates to another server for authentication.  Thus, I  won't
> have a login page on JSPWiki at all -- I just want to plug in some
> code that will provide whatever user information JSPWiki might need
> (and redirect unauthenticated requests to the remote server).
>
> It's not clear to me what I should subclass and how to configure
> JSPWiki to use it.  Any hints about how to do this would be greatly
> appreciated.
>
> --
> Tom Wheeler
> http://www.tomwheeler.com/
>

Mime
View raw message