Harry:
Thanks.
OK, I modified the source and created my own auth manager and callback
handler. I created an initial jsp page that calls the login:
if ( mgr.login( request ) )
{
log.debug( "mgr login OK for principal return " +
wikiSession.getUserPrincipal().getName() + " and session id " +
request.getSession().getId());
}
else
{
log.info( "Failed to authenticate user " +
request.getParameter( "user" ) );
}
This seems to be working OK (I get the following message):
11:41:22,516 INFO [SecurityLog] WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=com.ecyrd.jspwiki.auth.authenticationmana...@18c2ccd,
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal lmasters,
target=com.ecyrd.jspwiki.wikisess...@1f05c75]
However, at the bottom of my jsp, there is same redirect from the
loginform jsp:
response.sendRedirect( viewUrl );
This generates an error with my security:
11:41:22,547 ERROR [AnyoneAuthenticationLoginModule] General exception -
not logging in.
javax.security.auth.login.FailedLoginException: No user found to
authenticate
at
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:96)
at
com.ecyrd.jspwiki.auth.AuthenticationManager.doJAASLogin(AuthenticationManager.java:621)
at
com.ecyrd.jspwiki.auth.AuthenticationManager.login(AuthenticationManager.java:271)
at
com.ecyrd.jspwiki.ui.WikiServletFilter.doFilter(WikiServletFilter.java:156)
at
com.ecyrd.jspwiki.ui.WikiJSPFilter.doFilter(WikiJSPFilter.java:111)
It looks like the "WikiServletFilter" login can't find the subject or the
session is messed up. I'm at a loss as to where I should even start
looking. I'm adding the principals just like the user db login module:
m_principals.add( principal );
m_principals.add(Role.AUTHENTICATED);
m_principals.add(Role.ALL); //added to debug
m_principalsToRemove.add(Role.AUTHENTICATED); //added to
debug
m_principalsToOverwrite.add(WikiPrincipal.GUEST); //added
to debug
m_principalsToOverwrite.add(Role.ANONYMOUS); //added to
debug
m_principalsToOverwrite.add(Role.ASSERTED); //added to
debug
Have I missed a step?
Thanks,
Lou
Harry Metske <[email protected]>
04/01/2009 02:37 PM
Please respond to
[email protected]
To
[email protected]
cc
Subject
Re: unsupported callbacks?
eeuuhh, I wouldn't know how, the only way I can think of is modifying the
source and building it again. (AuthenticationManager has the reference to
WikiCallbackHandler)
(or I misunderstood your question...)
Harry
2009/4/1 <[email protected]>
> OK, thanks. Is there any way to override/specify the CallbackHandler so
I
> don't need to mess around with the one in the JAR?
>
>
>
>
>
> Harry Metske <[email protected]>
> 03/31/2009 03:18 PM
> Please respond to
> [email protected]
>
>
> To
> [email protected]
> cc
>
> Subject
> Re: unsupported callbacks?
>
>
>
>
>
>
> I think you should add handling to the WikiCallbackHandler, actually
that
> already has been done for 3.0 to support TextOutput Callbacks.
> See also https://issues.apache.org/jira/browse/JSPWIKI-464
>
> Harry
>
> 2009/3/27 <[email protected]>
>
> > I'm in the process of implementing a custom LoginModule and I ran into
> an
> > issue (maybe). I need to access the HTTPRequest and possibly the
> > WikiEngine so I included them as callbacks:
> >
> >
> > HttpRequestCallback hcb = new HttpRequestCallback();
> > WikiEngineCallback wcb = new WikiEngineCallback();
> > Callback[] callbacks = new Callback[]{ hcb, wcb };
> >
> > The trouble is, when I try the "handle" call, it excepts with the
> > following:
> >
> > javax.security.auth.callback.UnsupportedCallbackException
> > at
> >
> >
>
>
com.ecyrd.jspwiki.auth.login.WikiCallbackHandler.handle(WikiCallbackHandler.java:89)
> > at
> >
> >
>
>
com.lognet.wiki.auth.login.AnyoneAuthenticationLoginModule.login(AnyoneAuthenticationLoginModule.java:36)
> >
> > I noticed the WikiCallbackHandler.java only supports UserDatabase,
Name
> > and Password callbacks - do I need to add handling for theHttpRequest
> and
> > WikiEngine or should I create a custom callback handler and use it?
> Sorry
> > if this is a simple question, but I am new to writing LoginModules and
> > callbacks.
> >
> > Thanks,
> > Lou
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > LOG-NET, Inc.
> > The Logistics Network Management System
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 230 Half Mile Road
> > Third Floor
> > Red Bank, NJ 07701
> > PH: 732-758-6800
> > FAX: 732-747-7497
> > http://www.LOG-NET.com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > CONFIDENTIAL & PRIVILEGED
> > Unless otherwise indicated or if obvious from the nature of the
content,
> > the information contained herein is privileged and confidential
> > information/work product. The communication is intended for the use of
> the
> > individual or entity named above. If the reader of this transmission
is
> > not the intended recipient, you are hereby notified that any
> > dissemination, distribution or copying of this communication is
strictly
> > prohibited. If you have received this communication in error, please
> > notify the sender immediately by telephone (732-758-6800) or by
> electronic
> > mail ([email protected]), and destroy any copies, electronic,
paper
> > or otherwise, which you may have of this communication. Thank you.
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
