+1, I think usability (or to be precise: "first use experience" should
win in this case).
/Janne
On 12 May 2009, at 21:50, Andrew Jaquith wrote:
Switched to the dev list:
The security creep in me wants everything to be secure out of the box,
hence the default configuration of CONFIDENTIAL for container logins.
However, the "make it just work out of the box" usability freak hates
stuff like this.
The usability freak is currently beating up the security creep. I
think we should use a default NONE for transport-guarantee for 3.0.
Thoughts? Can I get an amen? (that's Southern Baptist for
"requesting a +1").
Andrew
On Tue, May 12, 2009 at 2:41 PM, Harry Metske
<[email protected]> wrote:
what could be the case is that because you have
<transport-guarantee>CONFIDENTIAL</transport-guarantee> tomcat
redirects
you to the port configured as redirectPort as defined on the
Connector
element in tomcat's server.xml
You could verify that by using
<transport-guarantee>NONE</transport-guarantee>
regards,
Harry
2009/5/12 Kinicky <[email protected]>
Hi everyone!
this is my scenery: i have users on AD and want them to use
JSPWiki. I
follow the pages above but didnt succeed:
http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
it's odd, after i did these changes i'm able to navigate through
the pages
of wiki except the Login.jsp. When i try to go there to
authenticate i got
an error message saying Firefox failed in establishing a
connection with my
server.
i hope anyone can help me!
here some information:
*server.xml* on Tomcat:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://server:389";
connectionName="username"
connectionPassword="password"
referrals="follow"
userBase="OU=Usuarios, OU=Cit, DC=cit"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
userSubtree="true"
/>
*web.xml* of JSPWiki
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
