tks guys, i think this solve my problem! but one more thing.. since now all the users from JSPWiki are from AD i dont have my admin account on JSPWiki.
what do i do? On Tue, May 12, 2009 at 4:08 PM, Janne Jalkanen <[email protected]>wrote: > > It would be so cool to have a switch in jspwiki.properties or the admin UI. > But that may be a bit challenging - unless we have login.jsp and > loginsecure.jsp; and define the latter to have CONFIDENTIAL transport; then > check the in the corresponding jsp file whether the bit is on in the > property file. Would that work? > > /Janne > > > On 12 May 2009, at 22:02, Andrew Jaquith wrote: > > Oh, naturally. The security creep wouldn't have it any other way. I'll >> be sure to write something very stern and scary. >> >> On Tue, May 12, 2009 at 3:00 PM, Harry Metske <[email protected]> >> wrote: >> >>> +1 >>> >>> and we should add a very strong warning with it in the web.xml >>> >>> >>> >>> 2009/5/12 Andrew Jaquith <[email protected]> >>> >>> Switched to the dev list: >>>> >>>> The security creep in me wants everything to be secure out of the box, >>>> hence the default configuration of CONFIDENTIAL for container logins. >>>> >>>> However, the "make it just work out of the box" usability freak hates >>>> stuff like this. >>>> >>>> The usability freak is currently beating up the security creep. I >>>> think we should use a default NONE for transport-guarantee for 3.0. >>>> >>>> Thoughts? Can I get an amen? (that's Southern Baptist for "requesting a >>>> +1"). >>>> >>>> Andrew >>>> >>>> >>>> On Tue, May 12, 2009 at 2:41 PM, Harry Metske <[email protected]> >>>> wrote: >>>> >>>>> what could be the case is that because you have >>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> tomcat >>>>> redirects >>>>> you to the port configured as redirectPort as defined on the Connector >>>>> element in tomcat's server.xml >>>>> >>>>> You could verify that by using >>>>> <transport-guarantee>NONE</transport-guarantee> >>>>> >>>>> regards, >>>>> Harry >>>>> >>>>> 2009/5/12 Kinicky <[email protected]> >>>>> >>>>> Hi everyone! >>>>>> >>>>>> this is my scenery: i have users on AD and want them to use JSPWiki. I >>>>>> follow the pages above but didnt succeed: >>>>>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration >>>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>>>> >>>>>> it's odd, after i did these changes i'm able to navigate through the >>>>>> >>>>> pages >>>> >>>>> of wiki except the Login.jsp. When i try to go there to authenticate i >>>>>> >>>>> got >>>> >>>>> an error message saying Firefox failed in establishing a connection >>>>>> with >>>>>> >>>>> my >>>> >>>>> server. >>>>>> >>>>>> i hope anyone can help me! >>>>>> >>>>>> here some information: >>>>>> *server.xml* on Tomcat: >>>>>> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" >>>>>> connectionURL="ldap://server:389"; >>>>>> connectionName="username" >>>>>> connectionPassword="password" >>>>>> referrals="follow" >>>>>> userBase="OU=Usuarios, OU=Cit, DC=cit" >>>>>> userSearch="(sAMAccountName={0})" >>>>>> userRoleName="memberOf" >>>>>> >>>>>> userSubtree="true" >>>>>> >>>>>> /> >>>>>> >>>>>> *web.xml* of JSPWiki >>>>>> <security-constraint> >>>>>> <web-resource-collection> >>>>>> <web-resource-name>Administrative Area</web-resource-name> >>>>>> <url-pattern>/Delete.jsp</url-pattern> >>>>>> </web-resource-collection> >>>>>> <auth-constraint> >>>>>> <role-name>Admin</role-name> >>>>>> </auth-constraint> >>>>>> <user-data-constraint> >>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>>>> </user-data-constraint> >>>>>> </security-constraint> >>>>>> >>>>>> <security-constraint> >>>>>> <web-resource-collection> >>>>>> <web-resource-name>Authenticated area</web-resource-name> >>>>>> <url-pattern>/Edit.jsp</url-pattern> >>>>>> <url-pattern>/Comment.jsp</url-pattern> >>>>>> <url-pattern>/Login.jsp</url-pattern> >>>>>> <url-pattern>/NewGroup.jsp</url-pattern> >>>>>> <url-pattern>/Rename.jsp</url-pattern> >>>>>> <url-pattern>/Upload.jsp</url-pattern> >>>>>> <http-method>DELETE</http-method> >>>>>> <http-method>GET</http-method> >>>>>> <http-method>HEAD</http-method> >>>>>> <http-method>POST</http-method> >>>>>> <http-method>PUT</http-method> >>>>>> </web-resource-collection> >>>>>> >>>>>> <web-resource-collection> >>>>>> <web-resource-name>Read-only Area</web-resource-name> >>>>>> <url-pattern>/attach</url-pattern> >>>>>> <http-method>DELETE</http-method> >>>>>> <http-method>POST</http-method> >>>>>> <http-method>PUT</http-method> >>>>>> </web-resource-collection> >>>>>> >>>>>> <auth-constraint> >>>>>> <role-name>Admin</role-name> >>>>>> <role-name>Authenticated</role-name> >>>>>> </auth-constraint> >>>>>> >>>>>> <user-data-constraint> >>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>>>> </user-data-constraint> >>>>>> </security-constraint> >>>>>> >>>>>> <login-config> >>>>>> <auth-method>FORM</auth-method> >>>>>> <form-login-config> >>>>>> <form-login-page>/LoginForm.jsp</form-login-page> >>>>>> <form-error-page>/LoginForm.jsp</form-error-page> >>>>>> </form-login-config> >>>>>> </login-config> >>>>>> >>>>>> <security-role> >>>>>> <description> >>>>>> This logical role includes all authenticated users >>>>>> </description> >>>>>> <role-name>Authenticated</role-name> >>>>>> </security-role> >>>>>> >>>>>> <security-role> >>>>>> <description> >>>>>> This logical role includes all administrative users >>>>>> </description> >>>>>> <role-name>Admin</role-name> >>>>>> </security-role> >>>>>> >>>>>> >>>>> >>>> >>> >
