Hi, yes Authenticated role is in built in jspwiki, but your container must return something to let jspwiki grant permissions, before jspwiki assigns Authenticated role. My <url-pattern> block is really minimal, only to activate container authentication, then security is configured in jspwiki.policy
my web.xml: <!-- to have container authentication: (from http://doc.jspwiki.org/2.4/wiki/Security ) When JSPWiki starts up, it parses the JSPWiki's web application descriptor (WEB-INF/web.xml) and identifies whether certain constraints exist. Specifically, it checks to see if a logical role is required to access /Delete.jsp and Login.jsp. If you have uncommented the <security-constraint> block, this will be true, and JSPWiki will conclude that is should use container authentication instead of custom. --> <security-constraint> <web-resource-collection> <web-resource-name>Administrative Area</web-resource-name> <url-pattern>/Delete.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ADMINISTRATORS</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated area</web-resource-name> <url-pattern>/Login.jsp</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>Read-only Area</web-resource-name> <http-method>DELETE</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>ADMINISTRATORS</role-name> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/LoginForm.jsp</form-login-page> <form-error-page>/LoginForm.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description> Administrators </description> <role-name>ADMINISTRATORS</role-name> </security-role> <security-role> <description> All users </description> <role-name>user</role-name> </security-role> Regards, Enrico "TruptiP" <[email protected]> scritto: > > Hi, > I tried it out. But this also doesnt work out. > > But the problem is same as it is. Even the user is authenticated. Forbidden > message comes. > > I think Authenticated role is in built in jspwiki so even though > Authenticated group is not present in LDAP it should work. > > The Authentication works as usual for group members addition and deletion. > > The problem is only with the pages which we mentioned in url-pattern of > web.xml. > > Thanks in advance. > > Regards, > Trupti Patil > > > > Enrico Maria Carmona wrote: >> >> Hi! >> >> I've 2.6.x but this may help you >> >> grant a login privilege to "all" role: >> >> my jspwiki.policy: >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", >> "view"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >> "editPreferences"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >> "editProfile"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >> "login"; >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", >> "modify"; >> }; >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" { >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", >> "modify"; >> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", >> "view"; >> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission >> "*:<groupmember>", "edit"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", >> "createPages,createGroups"; >> }; >> >> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" { >> permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*"; >> }; >> >> If you didn't have any role from LDAP you can (trick!) use a property of >> LDAP like a role. >> I use: userRoleName="objectClass". It returns 'user' as role. >> >> my server.xml: >> >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> debug="99" >> connectionURL="ldap://ldapserver:389"; >> connectionName="UserCanReadLDAP" >> connectionPassword="secret" >> referrals="follow" >> userBase="CN=Users,DC=example,DC=com" >> userSearch="(samaccountname={0})" >> userSubtree="true" >> roleBase="CN=Users,DC=example,DC=com" >> roleName="cn" >> roleSearch="(member={0})" >> roleSubtree="true" >> userRoleName="objectClass" >> /> >> >> Then map 'user' role in jspwiki (my web.xml): >> >> <auth-constraint> >> <role-name>user</role-name> >> </auth-constraint> >> >> <security-role> >> <description> >> All users >> </description> >> <role-name>user</role-name> >> </security-role> >> >> So, everyone has a role 'user' and can login (in my configuration not >> also) >> >> Hope this help, >> >> Enrico >> >> --------- >> "TruptiP" <[email protected]> scritto: >> >> Hi, >> >> I have installed JSPWiki 2.8.1 on my desktop machine. It works fine when I >> use default userdatabase for authentication and authorization. >> >> Now I am using LDAP authentication .... I used below specifications in >> server.xml >> >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> connectionURL="ldap://server:389"; >> connectionName="uid=admin,ou=Directory Administrators,dc=example,dc=com" >> connectionPassword="secret" >> userBase="ou=domain,dc=example,dc=com" >> userSubtree="true" >> userSearch="(uid={0})" >> /> >> >> In web.xml of JSPwiki >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Authenticated area</web-resource-name> >> <url-pattern>/Edit.jsp</url-pattern> >> <url-pattern>/Comment.jsp</url-pattern> >> <url-pattern>/Login.jsp</url-pattern> >> <url-pattern>/NewGroup.jsp</url-pattern> >> <url-pattern>/Rename.jsp</url-pattern> >> <url-pattern>/Upload.jsp</url-pattern> >> <url-pattern>/Delete.jsp</url-pattern> >> <http-method>DELETE</http-method> >> <http-method>GET</http-method> >> <http-method>HEAD</http-method> >> <http-method>POST</http-method> >> <http-method>PUT</http-method> >> </web-resource-collection> >> >> <web-resource-collection> >> <web-resource-name>Read-only Area</web-resource-name> >> <url-pattern>/attach</url-pattern> >> <http-method>DELETE</http-method> >> <http-method>POST</http-method> >> <http-method>PUT</http-method> >> </web-resource-collection> >> >> <auth-constraint> >> <role-name>Authenticated</role-name> >> </auth-constraint> >> >> When I login in jspwiki I get forbidden page and after pressing "back" tab >> and refresh my login is shown as authenticated.... But I am only able to >> view the pages when I go to edit the page >> >> G’day (anonymous guest) will be displayed at corner and it not >> authenticate >> me to update the page. I haven't use any ACL's in any page. I have given >> all >> authorization to authenticated user. >> >> One more important point is I dont have any group in LDAP. >> -- >> View this message in context: >> >> http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21473087.html >> Sent from the JspWiki - User mailing list archive at Nabble.com. >> >> >> >> > > -- > View this message in context: > http://www.nabble.com/LDAP-authentication-problem-for-jspwiki-2.8.1-on-windows-machine-tp21473087p21475881.html > Sent from the JspWiki - User mailing list archive at Nabble.com. > >
