heya too!
The wiki page on container auth has been very, very helpful, yes. Upon
further investigation, I think my issues are currently more role-related
than UserDatabase related.
Container has been set up to authenticate to ldap, no roles have been
configured, web.xml is default container-managed config. As soon as I
log in, I end up getting a forbidden page (on Login.jsp?redirect=Main).
If I click "Better luck next time", I end up back on the main page,
"authenticated" (much like this problem:
http://www.mail-archive.com/[email protected]/msg01892.html
- except I'm using Tomcat 5.5.15).
If I look at my security log, I get the following entries only *after* I
click the "Better luck..." link on the Forbidden page:
2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=com.ecyrd.jspwiki.auth.authenticationmana...@e4245,
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec,
target=com.ecyrd.jspwiki.wikisess...@1f55105]
2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=com.ecyrd.jspwiki.auth.authenticationmana...@e4245,
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec,
target=com.ecyrd.jspwiki.wikisess...@1f55105]
2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD
[source=com.ecyrd.jspwiki.auth.authenticationmana...@e4245,
princpal=org.apache.catalina.realm.GenericPrincipal jengbrec,
target=com.ecyrd.jspwiki.wikisess...@1f55105]
2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD
[source=com.ecyrd.jspwiki.auth.authenticationmana...@e4245,
princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated,
target=com.ecyrd.jspwiki.wikisess...@1f55105]
It looks like I now should have the "Authenticated" role from the
container (though I don't seem to have it (according to the log, anyway)
immediately after clicking "login" which is strange). However, I still
get "Forbidden" if I try and go to Edit.jsp or similar (the
"Authenticated area" in web.xml).
After the initial "Forbidden", my wiki acls seem to work properly, but
the container-given Role ("Authenticated") doesn't seem to be working,
even though the logs appear to indicate that the role has been assigned.
Thoughts on where to go from here?
as always, many thanks,
jonathan.
Janne Jalkanen wrote:
Heya!
Does this help?
http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
/Janne
On 14 Jul 2009, at 21:37, jonathan wrote:
Has anyone successfully done this?
In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user
data, so I have no local userdatabse.xml file to fall back on. The
existing LDAPUserDatabase doesn't work with 2.8, of course.
If you've done this, how are you handling the userdatabase portion
under 2.8? We have a very large ldap database, but a relatively small
number of JSPWiki users, so migrating the ldap info into an xml (or
even mysql) userdatabase seems a bit like overkill (though this may be
the simplest route to take given my relative inability to recode the
LDAPUserDatabase stuff).
Any thoughts appreciated.
