jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r643266 - /incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
Date Tue, 01 Apr 2008 03:55:37 GMT
Author: ajaquith
Date: Mon Mar 31 20:55:36 2008
New Revision: 643266

URL: http://svn.apache.org/viewvc?rev=643266&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS configuration files.
WEB-INF/jspwiki.jaas goes away, as does the need for PolicyLoader. Also, responsibilities
for web authentication move to WikiServletFilter. Authentication is now configured via jspwiki.properties
-- see that file for details. WikiSession API change: getLoginContext() vanishes.

Modified:
    incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl

Modified: incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl?rev=643266&r1=643265&r2=643266&view=diff
==============================================================================
--- incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl (original)
+++ incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl Mon Mar 31 20:55:36 2008
@@ -444,42 +444,66 @@
 #
 #  For users looking to get started quickly, the default settings below
 #  should work fine. In addition to the properties below, you may also
-#  want to set the following JRE runtime properties when running JSPWiki
-#  or the servlet container it runs in:
+#  want to modify the security policy file WEB-INF/jspwiki.policy. See
+#  the policy file for more details.
 #
-#     java.security.auth.login.config==/path-to/jspwiki.jass
-#     java.security.policy=/path-to/jspwiki.policy
-#
-#  See the jspwiki.properties and jspwiki.jaas files for more details on
-#  how to do this. These files contain addition configuration options
-#  for the JSPWiki security policy and authentication, respectively, although
-#  the defaults should work fine. If you don't set the JRE properties,
-#  JSPWiki will use default versions from the WEB-INF directory.
-
 #  AUTHENTICATION
+#
 #  For authentication, JSPWiki uses JAAS (Java Authentication and Authorization
-#  Service). The Authentication system is configured in the jspwiki.jaas
-#  file; by default it will attempt to leverage your servlet container's
-#  authentication services, if present. JSPWiki also can use its own
-#  authentication system, which is separate from the container.
-#
-#  JSPWiki will try to detect whether you are using container authentication
-#  To use container authentication, you must uncomment
-#  the <security-constraint> elements in WEB-INF/web.xml.
+#  Service) in combination with a servlet filter that picks up any credentials
+#  set by the servlet container. The Authentication system is configured below.
+#
+#  You must choose either (A) Container or (B) Custom authentication. (B) is the default.
+#
+#  A) CONTAINER AUTHENTICATION 
+#  JSPWiki will always (passively) collect credentials supplied by your servlet
+#  container, via HttpServletRequest.getUserPrincipal/getRemote user. You do not
+#  need to do anything to enable this. In addition, you can cause JSPWiki users
+#  to log in to the web container by uncommenting the the <security-constraint>
+#  elements in WEB-INF/web.xml.
+#
+#  B) CUSTOM AUTHENTICATION
+#  If you do not wish to use container-managed authentication, you can use JSPWiki's
+#  own custom authentication system. This uses a JAAS LoginModule (supplied below)
+#  to log in the user. You can use any JAAS LoginModule you want.
+#  The default class is com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule,
+#  which compares the supplied username and hashed password with the values stored
+#  in the configured UserDatabase (see USER DATABASE below).
+#
+#  Supply the JAAS LoginModule class used for custom authentication here.
+#  The implementation MUST have a zero-argument constructor (as noted in the
+#  javax.security.auth.spi.LoginModule Javadocs).
+jspwiki.loginModule.class = com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
+#
+# JAAS LoginContext parameters used to initialize the LoginModule. Note that 'param1'
+#  etc. should be replaced with the actual parameter names. The parameter names and
+# values will be loaded to a Map and passed to the LoginModule as the 'options' parameter
+# when its initialize() method is called. The default UserDatabaseLoginModule class does
+# not need any options.
+#jspwiki.loginModule.options.param1 = value1
+#jspwiki.loginModule.options.param2 = value2
+#
+#
+#  AUTHORIZATION
 #
-#  AUTHORIZATION (EXTERNAL)
 #  For authorization, JSPWiki has a two-tier system. When we want to
 #  determine whether a user has permission to perform a certain action,
-#  we first consult an external "authorizer" to determine if the user
-#  is a member of the required role. By default, JSPWiki uses the
-#  servlet container's authorization service for this (that is, it
-#  calls HttpServletRequest.isUserInRole(String) ).
-#  However, you can use another Authorizer if you wish; specify that
-#  class here.
+#  we first consult (A) an external "authorizer" to determine if the user
+#  is a member of the required role. In addition to checking its external
+#  authorizer, it also checks (B) its GroupManager for wiki-managed groups.
+#
+#  A) EXTERNAL AUTHORIZATION
+#  By default, JSPWiki uses the servlet container's authorization service
+#  for to check what roles the user belongs to (that is, it calls
+#  HttpServletRequest.isUserInRole(String)). After the user authenticates,
+#  the default Authorizer (WebContainerAuthorizer) checks to see if the user
+#  belongs to the roles listed in web.xml using <security-role>/<role-name> or
+#  <auth-constraint>/<role-name> elements. However, you can use another
+#  Authorizer if you wish; specify that class here.
 
 jspwiki.authorizer = com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
 
-#  AUTHORIZATION (GROUPS)
+#  B) GROUPS
 #  As an additional source of authorization, users can belong to discretionary
 #  "wiki groups" that the users manage themselves. Wiki groups are stored in a
 #  GroupDatabase. The default group database uses an XML file for persistent
@@ -542,7 +566,7 @@
 #  markup. For example: "[{ALLOW edit Charlie}]". If using a custom
 #  ACL manager, specify the AclManager implementation class here:
 
-jspwiki.aclManager          = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
+jspwiki.aclManager = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
 
 #############################################################################
 #



Mime
View raw message