You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Juergen Weber <we...@gmail.com> on 2010/02/15 13:02:33 UTC
RPC Authentication
Hi,
as I understand, currently all RPC calls go under an anonymous identity,
e.g.
public Vector getRecentChanges( Date since )
{
checkPermission( PagePermission.VIEW );
...
If you'd extend the method signature with user/pass, how'd you log in the
subject?
I tried
Subject subject = new Subject();
Principal p = new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME );
subject.getPrincipals().add( p );
PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
public String run() throws Exception
{
checkPermission( PagePermission.VIEW );
but still the check is against an anonymous user.
Thanks,
Juergen
--
View this message in context: http://old.nabble.com/RPC-Authentication-tp27592918p27592918.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: RPC Authentication
Posted by Juergen Weber <we...@gmail.com>.
Hi Andrew,
I had tried that:
AuthenticationManager authenticationManager =
m_engine.getAuthenticationManager();
WikiSession wikiSession = m_context.getWikiSession();
authenticationManager.login( wikiSession, null, username, password );
checkPermission( PagePermission.UPLOAD );
org.apache.xmlrpc.AuthenticationFailed: You have no access to this resource,
o master
at
com.ecyrd.jspwiki.xmlrpc.AbstractRPCHandler.checkPermission(AbstractRPCHandler.java:119)
at
com.ecyrd.jspwiki.xmlrpc.RPCHandler.storeAttachment(RPCHandler.java:175)
>From the usual wiki web gui I can upload with this user/pass.
I use container-managed auth with Tomcat 6.
Juergen
Andrew Jaquith-4 wrote:
>
> Juergen -- you need to use the AuthenticationManager.login() methods.
>
> Andrew
>
> On Mon, Feb 15, 2010 at 7:02 AM, Juergen Weber <we...@gmail.com> wrote:
>>
>> Hi,
>>
>> as I understand, currently all RPC calls go under an anonymous identity,
>> e.g.
>>
>> public Vector getRecentChanges( Date since )
>> {
>> checkPermission( PagePermission.VIEW );
>> ...
>>
>> If you'd extend the method signature with user/pass, how'd you log in the
>> subject?
>>
>> I tried
>>
>> Subject subject = new Subject();
>> Principal p = new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME );
>> subject.getPrincipals().add( p );
>>
>> PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
>> public String run() throws Exception
>> {
>> checkPermission( PagePermission.VIEW );
>>
>> but still the check is against an anonymous user.
>>
>> Thanks,
>> Juergen
>>
>> --
>> View this message in context:
>> http://old.nabble.com/RPC-Authentication-tp27592918p27592918.html
>> Sent from the JspWiki - User mailing list archive at Nabble.com.
>>
>>
>
>
--
View this message in context: http://old.nabble.com/RPC-Authentication-tp27592918p27652580.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: RPC Authentication
Posted by Andrew Jaquith <an...@gmail.com>.
Juergen -- you need to use the AuthenticationManager.login() methods.
Andrew
On Mon, Feb 15, 2010 at 7:02 AM, Juergen Weber <we...@gmail.com> wrote:
>
> Hi,
>
> as I understand, currently all RPC calls go under an anonymous identity,
> e.g.
>
> public Vector getRecentChanges( Date since )
> {
> checkPermission( PagePermission.VIEW );
> ...
>
> If you'd extend the method signature with user/pass, how'd you log in the
> subject?
>
> I tried
>
> Subject subject = new Subject();
> Principal p = new WikiPrincipal( username, WikiPrincipal.LOGIN_NAME );
> subject.getPrincipals().add( p );
>
> PrivilegedExceptionAction action = new PrivilegedExceptionAction() {
> public String run() throws Exception
> {
> checkPermission( PagePermission.VIEW );
>
> but still the check is against an anonymous user.
>
> Thanks,
> Juergen
>
> --
> View this message in context: http://old.nabble.com/RPC-Authentication-tp27592918p27592918.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>
>