Author: ajaquith
Date: Mon Mar 31 20:58:21 2008
New Revision: 643267
URL: http://svn.apache.org/viewvc?rev=643267&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS
configuration files. WEB-INF/jspwiki.jaas goes away, as does the need for
PolicyLoader. Also, responsibilities for web authentication move to
WikiServletFilter. Authentication is now configured via jspwiki.properties --
see that file for details. WikiSession API change: getLoginContext() vanishes.
Modified:
incubator/jspwiki/trunk/etc/web.xml
Modified: incubator/jspwiki/trunk/etc/web.xml
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/etc/web.xml?rev=643267&r1=643266&r2=643267&view=diff
==============================================================================
--- incubator/jspwiki/trunk/etc/web.xml (original)
+++ incubator/jspwiki/trunk/etc/web.xml Mon Mar 31 20:58:21 2008
@@ -21,7 +21,21 @@
</context-param>
<!--
- This is new in 2.4. This defines a servlet filter which filters all
requests.
+ WikiServletFilter defines a servlet filter which filters all requests.
It was
+ introduced in JSPWiki 2.4.
+
+ In 2.7/2.8, the WikiServlet filter also performs an important security
function:
+ it sets authentication status based on container credentials. It should
generally
+ execute first. Note that if you configure a filter *before* this one
that returns
+ non-null values for getUserPrincipal() or getRemoteUser(),
WikiSecurityFilter
+ will pick the credentials up, and set the user's WikiSession state to
+ "authenticated." WikiServletFlter will also set the WikiSession's' state
+ to "authenticated" if jspwiki.properties property
"jspwiki.cookieAuthentication"
+ is set to true, and the user possesses the correct authentication cookie.
+
+ Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is set
to true,
+ WikiServletFilter will also set WikiSession state to "asserted" if the
user
+ possesses the correct "assertion cookie."
-->
<filter>
