jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r643267 - /incubator/jspwiki/trunk/etc/web.xml
Date Tue, 01 Apr 2008 03:58:21 GMT
Author: ajaquith
Date: Mon Mar 31 20:58:21 2008
New Revision: 643267

URL: http://svn.apache.org/viewvc?rev=643267&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS configuration files.
WEB-INF/jspwiki.jaas goes away, as does the need for PolicyLoader. Also, responsibilities
for web authentication move to WikiServletFilter. Authentication is now configured via jspwiki.properties
-- see that file for details. WikiSession API change: getLoginContext() vanishes.

Modified:
    incubator/jspwiki/trunk/etc/web.xml

Modified: incubator/jspwiki/trunk/etc/web.xml
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/etc/web.xml?rev=643267&r1=643266&r2=643267&view=diff
==============================================================================
--- incubator/jspwiki/trunk/etc/web.xml (original)
+++ incubator/jspwiki/trunk/etc/web.xml Mon Mar 31 20:58:21 2008
@@ -21,7 +21,21 @@
    </context-param>
 
    <!--
-      This is new in 2.4.  This defines a servlet filter which filters all requests. 
+      WikiServletFilter defines a servlet filter which filters all requests. It was
+      introduced in JSPWiki 2.4.
+
+      In 2.7/2.8, the WikiServlet filter also performs an important security function:
+      it sets authentication status based on container credentials. It should generally
+      execute first. Note that if you configure a filter *before* this one that returns
+      non-null values for getUserPrincipal() or getRemoteUser(), WikiSecurityFilter
+      will pick the credentials up, and set the user's WikiSession state to
+      "authenticated." WikiServletFlter will also set the WikiSession's' state
+      to "authenticated" if jspwiki.properties property "jspwiki.cookieAuthentication"
+      is set to true, and the user possesses the correct authentication cookie.
+
+      Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is set to true,
+      WikiServletFilter will also set WikiSession state to "asserted" if the user
+      possesses the correct "assertion cookie."
    -->
 
    <filter>



Mime
View raw message