Hi guys, i really need help on this, i think the integration is correct since i can login with AD users... but i can't login with my admin user... isn't possible to use AD and the JSPWiki users at the same time?
PS: when i try to login with AD users i get the "Forbidden *Sorry, but you are not allowed to do that." page... i dont know why is this happening.. i already set the authorized role to have all permissions. But when i click the link "better luck next time" i go to the main page of wiki with the user authenticated! And when i try to edit some page i get the same "forbidden" page. * On Tue, May 12, 2009 at 4:11 PM, Kinicky <[email protected]> wrote: > tks guys, i think this solve my problem! > > but one more thing.. since now all the users from JSPWiki are from AD i > dont have my admin account on JSPWiki. > > what do i do? > > > On Tue, May 12, 2009 at 4:08 PM, Janne Jalkanen > <[email protected]>wrote: > >> >> It would be so cool to have a switch in jspwiki.properties or the admin >> UI. But that may be a bit challenging - unless we have login.jsp and >> loginsecure.jsp; and define the latter to have CONFIDENTIAL transport; then >> check the in the corresponding jsp file whether the bit is on in the >> property file. Would that work? >> >> /Janne >> >> >> On 12 May 2009, at 22:02, Andrew Jaquith wrote: >> >> Oh, naturally. The security creep wouldn't have it any other way. I'll >>> be sure to write something very stern and scary. >>> >>> On Tue, May 12, 2009 at 3:00 PM, Harry Metske <[email protected]> >>> wrote: >>> >>>> +1 >>>> >>>> and we should add a very strong warning with it in the web.xml >>>> >>>> >>>> >>>> 2009/5/12 Andrew Jaquith <[email protected]> >>>> >>>> Switched to the dev list: >>>>> >>>>> The security creep in me wants everything to be secure out of the box, >>>>> hence the default configuration of CONFIDENTIAL for container logins. >>>>> >>>>> However, the "make it just work out of the box" usability freak hates >>>>> stuff like this. >>>>> >>>>> The usability freak is currently beating up the security creep. I >>>>> think we should use a default NONE for transport-guarantee for 3.0. >>>>> >>>>> Thoughts? Can I get an amen? (that's Southern Baptist for "requesting a >>>>> +1"). >>>>> >>>>> Andrew >>>>> >>>>> >>>>> On Tue, May 12, 2009 at 2:41 PM, Harry Metske <[email protected]> >>>>> wrote: >>>>> >>>>>> what could be the case is that because you have >>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> tomcat >>>>>> redirects >>>>>> you to the port configured as redirectPort as defined on the Connector >>>>>> element in tomcat's server.xml >>>>>> >>>>>> You could verify that by using >>>>>> <transport-guarantee>NONE</transport-guarantee> >>>>>> >>>>>> regards, >>>>>> Harry >>>>>> >>>>>> 2009/5/12 Kinicky <[email protected]> >>>>>> >>>>>> Hi everyone! >>>>>>> >>>>>>> this is my scenery: i have users on AD and want them to use JSPWiki. >>>>>>> I >>>>>>> follow the pages above but didnt succeed: >>>>>>> http://www.jspwiki.org/wiki/ActiveDirectoryIntegration >>>>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>>>>> >>>>>>> it's odd, after i did these changes i'm able to navigate through the >>>>>>> >>>>>> pages >>>>> >>>>>> of wiki except the Login.jsp. When i try to go there to authenticate i >>>>>>> >>>>>> got >>>>> >>>>>> an error message saying Firefox failed in establishing a connection >>>>>>> with >>>>>>> >>>>>> my >>>>> >>>>>> server. >>>>>>> >>>>>>> i hope anyone can help me! >>>>>>> >>>>>>> here some information: >>>>>>> *server.xml* on Tomcat: >>>>>>> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" >>>>>>> connectionURL="ldap://server:389"; >>>>>>> connectionName="username" >>>>>>> connectionPassword="password" >>>>>>> referrals="follow" >>>>>>> userBase="OU=Usuarios, OU=Cit, DC=cit" >>>>>>> userSearch="(sAMAccountName={0})" >>>>>>> userRoleName="memberOf" >>>>>>> >>>>>>> userSubtree="true" >>>>>>> >>>>>>> /> >>>>>>> >>>>>>> *web.xml* of JSPWiki >>>>>>> <security-constraint> >>>>>>> <web-resource-collection> >>>>>>> <web-resource-name>Administrative Area</web-resource-name> >>>>>>> <url-pattern>/Delete.jsp</url-pattern> >>>>>>> </web-resource-collection> >>>>>>> <auth-constraint> >>>>>>> <role-name>Admin</role-name> >>>>>>> </auth-constraint> >>>>>>> <user-data-constraint> >>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>>>>> </user-data-constraint> >>>>>>> </security-constraint> >>>>>>> >>>>>>> <security-constraint> >>>>>>> <web-resource-collection> >>>>>>> <web-resource-name>Authenticated area</web-resource-name> >>>>>>> <url-pattern>/Edit.jsp</url-pattern> >>>>>>> <url-pattern>/Comment.jsp</url-pattern> >>>>>>> <url-pattern>/Login.jsp</url-pattern> >>>>>>> <url-pattern>/NewGroup.jsp</url-pattern> >>>>>>> <url-pattern>/Rename.jsp</url-pattern> >>>>>>> <url-pattern>/Upload.jsp</url-pattern> >>>>>>> <http-method>DELETE</http-method> >>>>>>> <http-method>GET</http-method> >>>>>>> <http-method>HEAD</http-method> >>>>>>> <http-method>POST</http-method> >>>>>>> <http-method>PUT</http-method> >>>>>>> </web-resource-collection> >>>>>>> >>>>>>> <web-resource-collection> >>>>>>> <web-resource-name>Read-only Area</web-resource-name> >>>>>>> <url-pattern>/attach</url-pattern> >>>>>>> <http-method>DELETE</http-method> >>>>>>> <http-method>POST</http-method> >>>>>>> <http-method>PUT</http-method> >>>>>>> </web-resource-collection> >>>>>>> >>>>>>> <auth-constraint> >>>>>>> <role-name>Admin</role-name> >>>>>>> <role-name>Authenticated</role-name> >>>>>>> </auth-constraint> >>>>>>> >>>>>>> <user-data-constraint> >>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>>>>> </user-data-constraint> >>>>>>> </security-constraint> >>>>>>> >>>>>>> <login-config> >>>>>>> <auth-method>FORM</auth-method> >>>>>>> <form-login-config> >>>>>>> <form-login-page>/LoginForm.jsp</form-login-page> >>>>>>> <form-error-page>/LoginForm.jsp</form-error-page> >>>>>>> </form-login-config> >>>>>>> </login-config> >>>>>>> >>>>>>> <security-role> >>>>>>> <description> >>>>>>> This logical role includes all authenticated users >>>>>>> </description> >>>>>>> <role-name>Authenticated</role-name> >>>>>>> </security-role> >>>>>>> >>>>>>> <security-role> >>>>>>> <description> >>>>>>> This logical role includes all administrative users >>>>>>> </description> >>>>>>> <role-name>Admin</role-name> >>>>>>> </security-role> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >> >
