Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/userdatabase.xml URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/userdatabase.xml?rev=627281&view=auto ============================================================================== --- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/userdatabase.xml (added) +++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/userdatabase.xml Tue Feb 12 22:35:48 2008 @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<users> +</users> \ No newline at end of file
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/web.xml URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/web.xml?rev=627281&view=auto ============================================================================== --- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/web.xml (added) +++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/etc/web.xml Tue Feb 12 22:35:48 2008 @@ -0,0 +1,479 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> + +<web-app xmlns="http://java.sun.com/xml/ns/j2ee"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; + version="2.4"> + + <description> + JSPWiki is a free JSP-based WikiClone. It is licenced + under the Lesser GNU General Public License. + + JSPWiki is maintained by Janne Jalkanen (+others), + [EMAIL PROTECTED] + </description> + <display-name>JSPWiki</display-name> + + <!-- Resource bundle default location --> + <context-param> + <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name> + <param-value>templates.default</param-value> + </context-param> + + <!-- All JSPs need to be checked for proper user access. --> + <filter> + <filter-name>WikiServletFilter</filter-name> + <filter-class>com.ecyrd.jspwiki.ui.WikiServletFilter</filter-class> + </filter> + + <!-- Configuration of the Stripes Filter. The Stripes MVC framework provides + essential request routing, form processing and type conversion services + for JSPWiki. --> + <filter> + <description> + Configures the Stripes framework. + </description> + <display-name>Stripes Filter</display-name> + <filter-name>StripesFilter</filter-name> + <filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class> + <!-- WikiRuntimeConfiguration replaces the default Stripes RuntimeConfiguration. + It starts up the WikiEngine and the WikiTypeConverterFactory that + marshals request parameters into properly resolved WikiPage and Group objects.--> + <init-param> + <param-name>Configuration.Class</param-name> + <param-value>com.ecyrd.jspwiki.ui.WikiRuntimeConfiguration</param-value> + </init-param> + <!-- Look for ActionBean implementations in the JSPWiki JAR. If you have custom + ActionBeans you want JSPWiki to use, specify them here (comma-delimited). --> + <init-param> + <param-name>ActionResolver.UrlFilters</param-name> + <param-value>WEB-INF/lib/JSPWiki.jar</param-value> + </init-param> + <!-- WikiActionBeanContext replaces the default Stripes ActionBeanContext. This class + contains references to the WikiEngine and WikiSesion. A new instance of + WikiActionBeanContext is automatically injected into every ActionBean. --> + <init-param> + <param-name>ActionBeanContext.Class</param-name> + <param-value>com.ecyrd.jspwiki.action.WikiActionBeanContext</param-value> + </init-param> + <!-- In addition to the normal Stripes BeforeAfterMethodInterceptor, we add the + WikiInterceptor, which fires after the ActionBean is resolved. The interceptor + checks that the WikiEngine is initialized correctly, and that the user has + correct access to the ActionBean.--> + <init-param> + <param-name>Interceptor.Classes</param-name> + <param-value>com.ecyrd.jspwiki.ui.WikiInterceptor, + net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor</param-value> + </init-param> + <!-- We override Stripes' normal resource bundle to use ours instead. --> + <init-param> + <param-name>LocalizationBundleFactory.FieldNameBundle</param-name> + <param-value>templates.default</param-value> + </init-param> + <init-param> + <param-name>LocalizationBundleFactory.ErrorMessageBundle</param-name> + <param-value>templates.default</param-value> + </init-param> + <!-- Lastly, we define a set of custom ExceptionHandlers that deal with any + custom exceptions caught by Stripes. --> + <init-param> + <param-name>ExceptionHandler.Class</param-name> + <param-value>net.sourceforge.stripes.exception.DefaultExceptionHandler</param-value> + </init-param> + </filter> + + <!-- + This is new in 2.4. This defines a servlet filter which filters all requests. + --> + + <!-- + <filter> + <filter-name>WikiJSPFilter</filter-name> + <filter-class>com.ecyrd.jspwiki.ui.WikiJSPFilter</filter-class> + </filter> + --> + + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/attach/*</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/atom/*</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/dav/*</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/RPCU/</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/RPC2/</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiServletFilter</filter-name> + <url-pattern>/JSON-RPC</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>StripesFilter</filter-name> + <url-pattern>*.jsp</url-pattern> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> + + <filter-mapping> + <filter-name>StripesFilter</filter-name> + <servlet-name>StripesDispatcher</servlet-name> + <dispatcher>REQUEST</dispatcher> + </filter-mapping> + + <!-- + <filter-mapping> + <filter-name>WikiJSPFilter</filter-name> + <url-pattern>/wiki/*</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>WikiJSPFilter</filter-name> + <url-pattern>*.jsp</url-pattern> + </filter-mapping> + --> + + <!-- + HttpSessionListener used for managing WikiSession's. + --> + <listener> + <listener-class>com.ecyrd.jspwiki.auth.SessionMonitor</listener-class> + </listener> + + <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> + <!-- Configuration of the Stripes dispatcher Servlet. --> + <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> + <servlet> + <servlet-name>StripesDispatcher</servlet-name> + <servlet-class>net.sourceforge.stripes.controller.DispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <!-- + Now, let's define the XML-RPC interfaces. You probably don't have to + touch these. + + First, we'll define the standard XML-RPC interface. + --> + <servlet> + <servlet-name>XMLRPC</servlet-name> + <servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class> + <init-param> + <param-name>handler</param-name> + <param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandler</param-value> + </init-param> + + <init-param> + <param-name>prefix</param-name> + <param-value>wiki</param-value> + </init-param> + </servlet> + + <!-- + OK, this then defines that our UTF-8 -capable server. + --> + + <servlet> + <servlet-name>XMLRPC-UTF8</servlet-name> + <servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class> + <init-param> + <param-name>handler</param-name> + <param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandlerUTF8</param-value> + </init-param> + + <init-param> + <param-name>prefix</param-name> + <param-value>wiki</param-value> + </init-param> + </servlet> + + <!-- JSON AJAX API --> + <servlet> + <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name> + <servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class> + </servlet> + + <!-- Atom Publishing Protocol --> + <servlet> + <servlet-name>ATOM</servlet-name> + <servlet-class>com.ecyrd.jspwiki.rpc.atom.AtomAPIServlet</servlet-class> + </servlet> + + <!-- Maps short URLS to JSPs; also, detects webapp shutdown. --> + <servlet> + <servlet-name>WikiServlet</servlet-name> + <servlet-class>com.ecyrd.jspwiki.WikiServlet</servlet-class> + <!-- + <load-on-startup>1</load-on-startup> + --> + </servlet> + + <servlet> + <servlet-name>DAVServlet</servlet-name> + <servlet-class>com.ecyrd.jspwiki.dav.WikiDavServlet</servlet-class> + </servlet> + + <!-- + Attachment exchange handler. + --> + + <servlet> + <servlet-name>AttachmentServlet</servlet-name> + <servlet-class>com.ecyrd.jspwiki.attachment.AttachmentServlet</servlet-class> + </servlet> + + <servlet-mapping> + <servlet-name>StripesDispatcher</servlet-name> + <url-pattern>/dispatcher</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>StripesDispatcher</servlet-name> + <url-pattern>/action/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>StripesDispatcher</servlet-name> + <url-pattern>*.action</url-pattern> + </servlet-mapping> + + <!-- PLACEHOLDER FOR PRE-COMPILED JSP SERVLETS --> + + <!-- + And finally, let us tell the servlet container which + URLs should correspond to which XML RPC servlet. + --> + + <!-- By default, this is disabled. If you want to enabled it, + just uncomment the whole section. --> + + <!-- REMOVE ME TO ENABLE XML-RPC + + <servlet-mapping> + <servlet-name>XMLRPC</servlet-name> + <url-pattern>/RPC2/</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>XMLRPC-UTF8</servlet-name> + <url-pattern>/RPCU/</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>ATOM</servlet-name> + <url-pattern>/atom/*</url-pattern> + </servlet-mapping> + + AND REMOVE ME TOO --> + + <servlet-mapping> + <servlet-name>AttachmentServlet</servlet-name> + <url-pattern>/attach/*</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>WikiServlet</servlet-name> + <url-pattern>/wiki/*</url-pattern> + </servlet-mapping> + + <!-- Remove to enable WebDav. EXPERIMENTAL FEATURE! + <servlet-mapping> + <servlet-name>DAVServlet</servlet-name> + <url-pattern>/dav/*</url-pattern> + </servlet-mapping> + --> + + <servlet-mapping> + <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name> + <url-pattern>/JSON-RPC</url-pattern> + </servlet-mapping> + + <!-- This means that we don't have to use redirection + from index.html anymore. Yay! --> + <welcome-file-list> + <welcome-file>Wiki.jsp</welcome-file> + </welcome-file-list> + + <!-- Error pages --> + <error-page> + <error-code>403</error-code> + <location>/error/Forbidden.html</location> + </error-page> + + <!-- Taglibs --> + <!-- + <taglib> + <taglib-location>/WEB-INF/jstl-core.tld</taglib-location> + <taglib-uri>http://java.sun.com/jstl/core</taglib-uri> + </taglib> + <taglib> + <taglib-location>/WEB-INF/jstl-fmt.tld</taglib-location> + <taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri> + </taglib> + --> + <taglib> + <taglib-location>/WEB-INF/stripes.tld</taglib-location> + <taglib-uri>http://stripes.sourceforge.net/stripes.tld</taglib-uri> + </taglib> + + <!-- REMOVE ME TO ENABLE JDBC DATABASE + <resource-ref> + <description> + Resource reference to JNDI factory for the JDBCUserDatabase. + </description> + <res-ref-name> + jdbc/UserDatabase + </res-ref-name> + <res-type> + javax.sql.DataSource + </res-type> + <res-auth> + Container + </res-auth> + </resource-ref> + <resource-ref> + <description> + Resource reference to JNDI factory for the JDBCGroupDatabase. + </description> + <res-ref-name> + jdbc/GroupDatabase + </res-ref-name> + <res-type> + javax.sql.DataSource + </res-type> + <res-auth> + Container + </res-auth> + </resource-ref> + REMOVE ME TO ENABLE JDBC DATABASE --> + + <!-- REMOVE ME TO ENABLE JAVAMAIL + <resource-ref> + <description>Resource reference to a container-managed JNDI JavaMail factory for sending e-mails.</description> + <res-ref-name>mail/Session</res-ref-name> + <res-type>javax.mail.Session</res-type> + <res-auth>Container</res-auth> + </resource-ref> + REMOVE ME TO ENABLE JAVAMAIL --> + + <!-- + CONTAINER-MANAGED AUTHENTICATION & AUTHORIZATION + + Here we define the users which are allowed to access JSPWiki. + These restrictions cause the web container to apply further + contraints to the default security policy in jspwiki.policy, + and should be suitable for a corporate intranet or public wiki. + + In particular, the restrictions below allow all users to + read documents, but only Authenticated users can comment + on or edit them (i.e., access the Edit.jsp page). + Users with the role Admin are the only persons who can + delete pages. + + To implement this policy, the container enforces two web + resource constraints: one for the Administrator resources, + and one for Authenticated users. Note that the "role-name" + values are significant and should match the role names + retrieved by your web container's security realm. The roles + of "Admin" and "Authenticated" are assigned by the web + container at login time. + + For example, if you are using Tomcat's built-in "memory realm", + you should edit the $CATALINA_HOME/conf/tomcat-users.xml file + and add the desired actual user accounts. Each user must possess + one or both of the Admin or Authenticated roles. For other realm + types, consult your web container's documentation. + + Alternatively, you could also replace all references to + "Authenticated" and "Admin" with role names that match those + returned by your container's security realm. We don't care + either way, as long as they match. + + Note that accessing protected resources will cause your + container to try to use SSL to secure the web session. + This, of course, assumes your web container (or web server) + is configured with SSL support. If you do not wish to use SSL, + remove the "user-data-constraint" elements. + --> + + <!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH + + <security-constraint> + <web-resource-collection> + <web-resource-name>Administrative Area</web-resource-name> + <url-pattern>/Delete.jsp</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>Admin</role-name> + </auth-constraint> + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <security-constraint> + <web-resource-collection> + <web-resource-name>Authenticated area</web-resource-name> + <url-pattern>/Edit.jsp</url-pattern> + <url-pattern>/Comment.jsp</url-pattern> + <url-pattern>/Login.jsp</url-pattern> + <url-pattern>/NewGroup.jsp</url-pattern> + <url-pattern>/Rename.jsp</url-pattern> + <url-pattern>/Upload.jsp</url-pattern> + <http-method>DELETE</http-method> + <http-method>GET</http-method> + <http-method>HEAD</http-method> + <http-method>POST</http-method> + <http-method>PUT</http-method> + </web-resource-collection> + + <web-resource-collection> + <web-resource-name>Read-only Area</web-resource-name> + <url-pattern>/attach</url-pattern> + <http-method>DELETE</http-method> + <http-method>POST</http-method> + <http-method>PUT</http-method> + </web-resource-collection> + + <auth-constraint> + <role-name>Admin</role-name> + <role-name>Authenticated</role-name> + </auth-constraint> + + <user-data-constraint> + <transport-guarantee>CONFIDENTIAL</transport-guarantee> + </user-data-constraint> + </security-constraint> + + <login-config> + <auth-method>FORM</auth-method> + <form-login-config> + <form-login-page>/LoginForm.jsp</form-login-page> + <form-error-page>/LoginForm.jsp</form-error-page> + </form-login-config> + </login-config> + + <security-role> + <description> + This logical role includes all authenticated users + </description> + <role-name>Authenticated</role-name> + </security-role> + + <security-role> + <description> + This logical role includes all administrative users + </description> + <role-name>Admin</role-name> + </security-role> + + REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH --> + +</web-app>
