incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <br...@PingToo.com>
Subject Re: LDAP Authentication?
Date Sun, 24 Apr 2011 18:58:42 GMT
On 24/04/11 17:23, jlist9 wrote:
> Brian,
>
> Thanks a lot for the instructions! I'm not familiar with container
> security so the list looks somewhat daunting to me :-)
>
> I was also looking at JForum's code - it does LDAP authentication.
> I suppose its security mechanism isn't implemented the same way
> as it uses some internal simple classes to verify user information
> via JNDI. Is it possible to implement something like this in jspwiki
> without having to do a lot of modifications?

Your question made me wonder... I've just checked my jspwiki.properties 
and am surprised to discover that I have left the default custom 
authentication definitions active IN ADDITION to my container-managed 
security-constraints. I have therefore got two layers of security: the 
container layer, and the default empty userdatabase.xml. Perhaps this 
goes some way to explaining why I had to do so much work defining the 
web-resource-collections for each role??? I'll have to look into that 
aspect when I have time to spare.

Anyway, to answer your question, I've written a lot of custom ldap java 
authentication and authorisation code over the years, so I have a lot of 
experience and useful source available. I decided the best approach was 
to use the existing container managed ldap security rather than invent 
my own. It is complex to deal with cases you might not care about. It 
might not even be an optimal solution. However, I strongly recommend 
sticking with the existing standards and reference implementations!

On the other hand, if you don't already have a commitment to use ldap, 
you should stick with the simple standalone default jspwiki 
implementation of authentication and authorisation.

Brian

Mime
View raw message