+1 and we should add a very strong warning with it in the web.xml
2009/5/12 Andrew Jaquith <[email protected]> > Switched to the dev list: > > The security creep in me wants everything to be secure out of the box, > hence the default configuration of CONFIDENTIAL for container logins. > > However, the "make it just work out of the box" usability freak hates > stuff like this. > > The usability freak is currently beating up the security creep. I > think we should use a default NONE for transport-guarantee for 3.0. > > Thoughts? Can I get an amen? (that's Southern Baptist for "requesting a > +1"). > > Andrew > > > On Tue, May 12, 2009 at 2:41 PM, Harry Metske <[email protected]> > wrote: > > what could be the case is that because you have > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> tomcat redirects > > you to the port configured as redirectPort as defined on the Connector > > element in tomcat's server.xml > > > > You could verify that by using > > <transport-guarantee>NONE</transport-guarantee> > > > > regards, > > Harry > > > > 2009/5/12 Kinicky <[email protected]> > > > >> Hi everyone! > >> > >> this is my scenery: i have users on AD and want them to use JSPWiki. I > >> follow the pages above but didnt succeed: > >> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration > >> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP > >> > >> it's odd, after i did these changes i'm able to navigate through the > pages > >> of wiki except the Login.jsp. When i try to go there to authenticate i > got > >> an error message saying Firefox failed in establishing a connection with > my > >> server. > >> > >> i hope anyone can help me! > >> > >> here some information: > >> *server.xml* on Tomcat: > >> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > >> connectionURL="ldap://server:389"; > >> connectionName="username" > >> connectionPassword="password" > >> referrals="follow" > >> userBase="OU=Usuarios, OU=Cit, DC=cit" > >> userSearch="(sAMAccountName={0})" > >> userRoleName="memberOf" > >> > >> userSubtree="true" > >> > >> /> > >> > >> *web.xml* of JSPWiki > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Administrative Area</web-resource-name> > >> <url-pattern>/Delete.jsp</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>Admin</role-name> > >> </auth-constraint> > >> <user-data-constraint> > >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > >> </user-data-constraint> > >> </security-constraint> > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Authenticated area</web-resource-name> > >> <url-pattern>/Edit.jsp</url-pattern> > >> <url-pattern>/Comment.jsp</url-pattern> > >> <url-pattern>/Login.jsp</url-pattern> > >> <url-pattern>/NewGroup.jsp</url-pattern> > >> <url-pattern>/Rename.jsp</url-pattern> > >> <url-pattern>/Upload.jsp</url-pattern> > >> <http-method>DELETE</http-method> > >> <http-method>GET</http-method> > >> <http-method>HEAD</http-method> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> </web-resource-collection> > >> > >> <web-resource-collection> > >> <web-resource-name>Read-only Area</web-resource-name> > >> <url-pattern>/attach</url-pattern> > >> <http-method>DELETE</http-method> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> </web-resource-collection> > >> > >> <auth-constraint> > >> <role-name>Admin</role-name> > >> <role-name>Authenticated</role-name> > >> </auth-constraint> > >> > >> <user-data-constraint> > >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > >> </user-data-constraint> > >> </security-constraint> > >> > >> <login-config> > >> <auth-method>FORM</auth-method> > >> <form-login-config> > >> <form-login-page>/LoginForm.jsp</form-login-page> > >> <form-error-page>/LoginForm.jsp</form-error-page> > >> </form-login-config> > >> </login-config> > >> > >> <security-role> > >> <description> > >> This logical role includes all authenticated users > >> </description> > >> <role-name>Authenticated</role-name> > >> </security-role> > >> > >> <security-role> > >> <description> > >> This logical role includes all administrative users > >> </description> > >> <role-name>Admin</role-name> > >> </security-role> > >> > > >
