svn commit: r683492 - /incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp

[aj...@apache.org]

Author: ajaquith
Date: Wed Aug  6 20:26:09 2008
New Revision: 683492

URL: http://svn.apache.org/viewvc?rev=683492&view=rev
Log:
JSPWIKI-316: fixed SecurityConfig.jsp so that it compiles, and added some sensible checks for the new JAAS scheme.

Modified:
    incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp

Modified: incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp?rev=683492&r1=683491&r2=683492&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp (original)
+++ incubator/jspwiki/trunk/src/webdocs/admin/SecurityConfig.jsp Wed Aug  6 20:26:09 2008
@@ -123,42 +123,19 @@
 <h3>JAAS Login Configuration</h3>
 
 <!-- Notify users which JAAS configs we need to find -->
-<p>JSPWiki uses JAAS to define the authentication process. We need to be able to locate a JAAS configuration file. The default location is <code>WEB-INF/jspwiki.jaas</code>), and its location is specified by the <code>java.security.auth.login.config</code> system property.</p>
+<p>JSPWiki wires up its own JAAS to define the authentication process, and does not rely on the JRE configuration. By default, JSPWiki configures its JAAS login stack to use the UserDatabaseLoginModule. You can specify a custom login module by setting the <code>jspwiki.loginModule.class</code> property in <code>jspwiki.properties</code>.</p>
 
 <wiki:Messages div="information" topic="<%=SecurityVerifier.INFO+"java.security.auth.login.config"%>" prefix="Good news: "/>
 <wiki:Messages div="warning" topic="<%=SecurityVerifier.WARNING+"java.security.auth.login.config"%>" prefix="We found some potential problems with your configuration: "/>
 <wiki:Messages div="error" topic="<%=SecurityVerifier.ERROR+"java.security.auth.login.config"%>" prefix="We found some errors with your configuration: " />
 
-<!-- Let the admin know if something other than JSPWiki set the config property first -->
-<%
-  if ( verifier.isJaasConfiguredAtStartup() )
-  {
-%>
-    <div class="warning">Note: some other application set the JAAS <code>java.security.auth.login.config</code> system property before JSPWiki started up. It could have been done by a prior installation of JSPWiki, or possibly by your web container's startup script. This is not necessary a bad thing, but we thought you should be aware of it in case you are seeing behavior you don't expect. You can ignore this message if we find the JAAS login configurations (below).</div>
-<%
-  }
-  else
-  {
-%>
-    <div class="information">Note: this instance of JSPWiki set the system property at startup.</div>
-<%
-  }
-%>
-
 <!-- Print JAAS configuration status -->
-<p>Inside the JAAS config file, we must be able to find two login configurations: <code>JSPWiki-container</code> and <code>JSPWiki-custom</code>.</p>
+<p>The JAAS login configuration is correctly configured if the <code>jspwiki.loginModule.class</code> property specifies
+a class we can find on the classpath. This class must also be a LoginModule implementation. We will check for both conditions.</p>
 
 <wiki:Messages div="information" topic="<%=SecurityVerifier.INFO_JAAS%>" prefix="Good news: "/>
 <wiki:Messages div="warning" topic="<%=SecurityVerifier.WARNING_JAAS%>" prefix="We found some potential problems with your configuration: "/>
 <wiki:Messages div="error" topic="<%=SecurityVerifier.ERROR_JAAS%>" prefix="We found some errors with your configuration: " />
-<%
-  if ( !verifier.isJaasConfigured() )
-  {
-%>
-    <div class="error">The JAAS configuration looks broken. Users may not be able to log in. You should be able to fix this by locating the JAAS configuration file and appending the contents of <code>WEB-INF/jspwiki.jaas</code>.</div>
-<%
-  }
-%>
 
 <!-- 
   *********************************************