Hi developers, just a short message from me, that supplying the WikiEngine to a custom login module now works with JSPWiki 2.8.3. Many thanks for that!!!
Best regards, André -------------------------- André Schenk ePublishing & eScience Development & Applied Research Phone +49 7247 808-215 Fax +49 7247 808-133 [email protected] FIZ Karlsruhe Hermann-von-Helmholtz-Platz 1 76344 Eggenstein-Leopoldshafen, Germany www.fiz-karlsruhe.de --------------------------------------- > -----Original Message----- > From: Andrew Jaquith [mailto:[email protected]] > Sent: Thursday, March 26, 2009 4:39 AM > To: [email protected]; Schenk, Andre > Subject: Re: OpenID support in JSPWiki? > > Hi Tilman -- > > Your analysis is correct. You would need to get obtain the HttpRequest > from WikiCallbackHandler, which at the moment it does not know how to > supply. We have had some other questions about this recently, notably > Andre Schenk's desire to be able to obtain a reference to the > WikiEngine from inside his custom LoginModule. > > In both cases, the common thread is that we need to supply additional > callbacks to WikiCallbackHandler. I'm inclined to fix this in 2.8.2, > by simply adding in support for the HttpRequestCallback. That should > meet your needs, no? > > It should also meet Andre's, indirectly, in the sense that if you have > an HttpRequest you can fairly easily retrieve the WikiEngine also (by > passing getSession().getServletContext() to WikiEngine.getInstance()). > > Andrew > > On Wed, Mar 25, 2009 at 7:27 AM, Tilman Bender > <[email protected]> wrote: > > Hi Andrew, > > > > Thanks for your help! > > > > Let's see if I got it right: > > > > - My OpenidAssertionLoginModule need the data from the HttpPRequest > > - The way to obtain this data is via HttpReuqestCallback > > > > From what I can see so far, the HttpReuqest in HttpRequestCallBack is > only > > set in WebContainerCallbackHandler, which is used by: > > > > -WebContainerLoginModule > > -CookieAssertionLoginModule > > - AnonymousLoginModule > > > > So as I get it, I would have to either use this CallBackHandler, > instead of > > WikiCallBackHandler > > or to find a way to set the HttpRequest in HttpRequestCallBack from > within > > WikiCallBackHandler. > > > > Question is: How can I access the request from within, > WikiCallBackHandler? > > > > I agree on the attribute exchange on login, allthough I would see > that as a > > further improvement to the basic OpenID > > functionality. > > > > For the UI side, I attached some mocks. This is what my UI currenlty > looks > > like, but it is far from complete. Comments > > welcome :-) > > > > > > > > > > > > > > > > > > kind regards > > > > Tilman Bender > > Student des Software Engineering > > Hochschule Heilbronn > > [email protected] > > > > > > > > Am 20.03.2009 um 14:43 schrieb Andrew Jaquith: > > > >> Tilman-- > >> > >> Thanks for your e-mail, and for your good work. > >> > >> Your thought-process on this seems sound. Agreed, the first phase of > login > >> (OP discovery + redirect) should be handled by a custom JSP. The > second > >> phase (validation) should be handled by JAAS. > >> > >> To do this, you will need to get the HttpRequest object. JSPWiki > does have > >> an HttpRequestCallback that can supply this, at least in the custom > >> authentication case. You will need to check to see if > WikiCallbackHandler > >> passes that callback. If not, it is trivial to patch the code to do > this. > >> > >> So, I think this is basically in line with what you proposed. > >> > >> Some other thoughts: > >> > >> At login time, it would be highly desirable to use SREG or OpenID > >> attribute exchange to pull the user's name and e-mail address and > use the > >> returned values to update their profile, which would ensure that > their > >> information is always current. The login ID used to look up the > profile > >> should be the user's OpenID URL... I think. > >> > >> On the UI side, we will need a special OpenID login page (JSP). The > >> regular login page could include this if desired. > >> > >> Andrew > >> > >> On Mar 18, 2009, at 7:02, Tilman Bender <[email protected] > heilbronn.de> > >> wrote: > >> > >>> Hey guys, > >>> > >>> I am currently plaing with the 2.8.1 code and openid4java. > >>> > >>> But I am having a hard time trying to fiugre out where exactly to > hook in > >>> the OpenID stuff. > >>> The problem is (as also described in #JSPWIKI-94), that: > >>> > >>> 1. To me it seems you cannot do the whole thing in JAAS: > >>> OpenID as I understand it has two phases : > >>> > >>> Phase I: > >>> - The user just submitted his openid identifier to our > login/registration > >>> from. > >>> - We do discovery on the identifier to find the Endpoint of his > OpenID > >>> Provider (and check if the provider is in our whitelist) > >>> - We redirect the user to his OpenID provider > >>> > >>> So in this phase it makes no sense to me to use a JAAS-Module since > we > >>> wouldn't be able to complete the login mehtod > >>> as we do not know enough about the user yet (we do not know if his > >>> identity is asserted by the OpenID Provider). > >>> So I currently do this via JSP and Scriptlets (no custom tag yet). > >>> > >>> Phase II: > >>> - The user is redirected back to us by his OpenID Provider > >>> - We connect to the OpenID Provider to verify the assertion that > was > >>> passed along the request (be it a positive or negative assertion) > >>> - Now we know enough about the user to log them in. > >>> > >>> I currently try to use UserManager.setUserProfile in this > situation. Now > >>> here comes my Problem: > >>> > >>> I would like to do all the assertion verifiaction in a JAAS-Module, > but > >>> for that I need all the request > >>> data, which I do not have in the setUserProfile-Method. > >>> > >>> So currently I am stuck. Before I start to wildly mess the API: Am > I > >>> taking the right direction? > >>> > >>> > >>> Tilman Bender > >>> Student des Software Engineering > >>> Hochschule Heilbronn > >>> [email protected] > >>> > >>> > >>> > >>> Am 03.12.2008 um 21:50 schrieb Janne Jalkanen: > >>> > >>>> Hi! > >>>> > >>>> Thanks for the effort - sounds like a worthy project! > >>>> > >>>> I think you will save yourself a lot of grief if you work on the > 2.8.1 > >>>> branch, since the trunk is now the subject of a lot of changes - > but note > >>>> that we *will* be making some rather major changes for 3.0, so you > may face > >>>> a small porting effort towards the end. We certainly wouldn't > like to land > >>>> a major feature in 2.8 branch anymore, since it's rather stable. > >>>> > >>>> I think the first thing you could do is to outline your plan as to > how > >>>> exactly are you planning to hook into our structures - a good > place to start > >>>> is probably the Security documentation at > >>>> http://doc.jspwiki.org/2.8/wiki/Security, and then asking a lot of > questions > >>>> on this mailing list. > >>>> > >>>> Also, since we are talking about a fairly large project here, you > might > >>>> want to sign a contributor license agreement (CLA), and depending > on the > >>>> German copyright legislation, get also Heilbronn to sign a > corporate CLA. > >>>> That, or Heilbronn (or you) need to, at the end of the project, > give a > >>>> software grant (SGA) to Apache Software Foundation. But these are > not > >>>> biggies and can be tackled if/when we start merging ;-) > >>>> > >>>> /Janne > >>>> > >>>> On Dec 3, 2008, at 21:25 , Tilman Bender wrote: > >>>> > >>>>> Hi JSPWiki Devs, > >>>>> > >>>>> I am a student at Heilbronn University in Germany (Some of you > might > >>>>> know Christoph Sauer, who worked there.) > >>>>> As pre-thesis for my diploma I want to enhance JSPWiki with > OpenID. > >>>>> > >>>>> I am still pretty new to JSPWIki, OpenID and JAAS. > >>>>> I have worked my way through the official OpenID 2.0 > Authentication > >>>>> standard > >>>>> and will do as well for Attributes Exchange. > >>>>> > >>>>> I would like to base my work on the 2.8.1 tag and > >>>>> see to get it integrate into the trunk later. Is that the correct > way > >>>>> to do it? > >>>>> > >>>>> As I see Andrew already spent quite some time on OpenID and did > some > >>>>> preparations. > >>>>> Since I plan to get my diploma somday soon (say in 2009 ;-)), I > have a > >>>>> high personal interest > >>>>> in getting OpenID into JSPWiki. > >>>>> > >>>>> Summary: > >>>>> > >>>>> * I have time > >>>>> * I have motivation > >>>>> * I need some help to get started ;-) > >>>>> > >>>>> Any suggestions where to begin? I guess registration/profile > creation > >>>>> would be first. > >>>>> > >>>>> kind regards > >>>>> > >>>>> > >>>>> Tilman Bender > >>>>> Student des Software Engineering > >>>>> Hochschule Heilbronn > >>>>> [email protected] > >>>>> > >>>>> > >>>> > >>> > > > > > > ------------------------------------------------------- Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich-technische Information mbH. Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892. Geschäftsführerin: Sabine Brünger-Weilandt. Vorsitzender des Aufsichtsrats: MinR Hermann Riehl.
