David - your simple example works much better than my long-winded
explanation might have. :) Nice one.
Ryan - the important point here is that you can add container roles to
your security policy file using the syntax in David's example. You can
use container roles in wiki page ACLs, too. To make this work, you
need to make sure you have a "role" element in your web.xml for each
LDAP group you are referencing.
Andrew
On Mar 5, 2008, at 16:59, David Gao <[EMAIL PROTECTED]> wrote:
Hi,
I'm using LDAP (Web container authentication )for JSPWiki in my
environment.
I can successfully map LDAP groups (UniqueMember) to JSPWiki roles.
The
following is a security policy for this:
grant principal com.ecyrd.jspwiki.auth.authorize.Role "tomcat-admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
where "tomcat-admin" is a LDAP group.
I would be happy to share more information about this if you just
need.
2008/3/6, Milton Taylor <[EMAIL PROTECTED]>:
At the very least you have to have an LDAP group named
"Authenticated"...this seems to be a hard-wired expectation of
jspwiki.
We need to be careful about terminology here, because jspwiki
"groups"
and "roles" aren't the same thing. Here we're really talking about
the
jspwiki roles, because they're the things that underly security in
jspwiki. I'm not sure you can map the standard jspwiki role names to
(different) LDAP group names. Yes it is possible I think to change
the
default role names as used in the security policy file (and in
web.xml
to match), with the exception of the Authenticated role above.
Andrew J is the expert on this, hopefully he will chime in.
Ryan L Brissette wrote:
Is it possible to connect JSPWiki groups to my existing LDAP
groups? I
have already enabled LDAP authentication.
Thank you,
Ryan Brissette
