You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/04/01 05:55:37 UTC
svn commit: r643266 - /incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
Author: ajaquith
Date: Mon Mar 31 20:55:36 2008
New Revision: 643266
URL: http://svn.apache.org/viewvc?rev=643266&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS configuration files. WEB-INF/jspwiki.jaas goes away, as does the need for PolicyLoader. Also, responsibilities for web authentication move to WikiServletFilter. Authentication is now configured via jspwiki.properties -- see that file for details. WikiSession API change: getLoginContext() vanishes.
Modified:
incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
Modified: incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl?rev=643266&r1=643265&r2=643266&view=diff
==============================================================================
--- incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl (original)
+++ incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl Mon Mar 31 20:55:36 2008
@@ -444,42 +444,66 @@
#
# For users looking to get started quickly, the default settings below
# should work fine. In addition to the properties below, you may also
-# want to set the following JRE runtime properties when running JSPWiki
-# or the servlet container it runs in:
+# want to modify the security policy file WEB-INF/jspwiki.policy. See
+# the policy file for more details.
#
-# java.security.auth.login.config==/path-to/jspwiki.jass
-# java.security.policy=/path-to/jspwiki.policy
-#
-# See the jspwiki.properties and jspwiki.jaas files for more details on
-# how to do this. These files contain addition configuration options
-# for the JSPWiki security policy and authentication, respectively, although
-# the defaults should work fine. If you don't set the JRE properties,
-# JSPWiki will use default versions from the WEB-INF directory.
-
# AUTHENTICATION
+#
# For authentication, JSPWiki uses JAAS (Java Authentication and Authorization
-# Service). The Authentication system is configured in the jspwiki.jaas
-# file; by default it will attempt to leverage your servlet container's
-# authentication services, if present. JSPWiki also can use its own
-# authentication system, which is separate from the container.
-#
-# JSPWiki will try to detect whether you are using container authentication
-# To use container authentication, you must uncomment
-# the <security-constraint> elements in WEB-INF/web.xml.
+# Service) in combination with a servlet filter that picks up any credentials
+# set by the servlet container. The Authentication system is configured below.
+#
+# You must choose either (A) Container or (B) Custom authentication. (B) is the default.
+#
+# A) CONTAINER AUTHENTICATION
+# JSPWiki will always (passively) collect credentials supplied by your servlet
+# container, via HttpServletRequest.getUserPrincipal/getRemote user. You do not
+# need to do anything to enable this. In addition, you can cause JSPWiki users
+# to log in to the web container by uncommenting the the <security-constraint>
+# elements in WEB-INF/web.xml.
+#
+# B) CUSTOM AUTHENTICATION
+# If you do not wish to use container-managed authentication, you can use JSPWiki's
+# own custom authentication system. This uses a JAAS LoginModule (supplied below)
+# to log in the user. You can use any JAAS LoginModule you want.
+# The default class is com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule,
+# which compares the supplied username and hashed password with the values stored
+# in the configured UserDatabase (see USER DATABASE below).
+#
+# Supply the JAAS LoginModule class used for custom authentication here.
+# The implementation MUST have a zero-argument constructor (as noted in the
+# javax.security.auth.spi.LoginModule Javadocs).
+jspwiki.loginModule.class = com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
+#
+# JAAS LoginContext parameters used to initialize the LoginModule. Note that 'param1'
+# etc. should be replaced with the actual parameter names. The parameter names and
+# values will be loaded to a Map and passed to the LoginModule as the 'options' parameter
+# when its initialize() method is called. The default UserDatabaseLoginModule class does
+# not need any options.
+#jspwiki.loginModule.options.param1 = value1
+#jspwiki.loginModule.options.param2 = value2
+#
+#
+# AUTHORIZATION
#
-# AUTHORIZATION (EXTERNAL)
# For authorization, JSPWiki has a two-tier system. When we want to
# determine whether a user has permission to perform a certain action,
-# we first consult an external "authorizer" to determine if the user
-# is a member of the required role. By default, JSPWiki uses the
-# servlet container's authorization service for this (that is, it
-# calls HttpServletRequest.isUserInRole(String) ).
-# However, you can use another Authorizer if you wish; specify that
-# class here.
+# we first consult (A) an external "authorizer" to determine if the user
+# is a member of the required role. In addition to checking its external
+# authorizer, it also checks (B) its GroupManager for wiki-managed groups.
+#
+# A) EXTERNAL AUTHORIZATION
+# By default, JSPWiki uses the servlet container's authorization service
+# for to check what roles the user belongs to (that is, it calls
+# HttpServletRequest.isUserInRole(String)). After the user authenticates,
+# the default Authorizer (WebContainerAuthorizer) checks to see if the user
+# belongs to the roles listed in web.xml using <security-role>/<role-name> or
+# <auth-constraint>/<role-name> elements. However, you can use another
+# Authorizer if you wish; specify that class here.
jspwiki.authorizer = com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
-# AUTHORIZATION (GROUPS)
+# B) GROUPS
# As an additional source of authorization, users can belong to discretionary
# "wiki groups" that the users manage themselves. Wiki groups are stored in a
# GroupDatabase. The default group database uses an XML file for persistent
@@ -542,7 +566,7 @@
# markup. For example: "[{ALLOW edit Charlie}]". If using a custom
# ACL manager, specify the AclManager implementation class here:
-jspwiki.aclManager = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
+jspwiki.aclManager = com.ecyrd.jspwiki.auth.acl.DefaultAclManager
#############################################################################
#