You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Florian Hopf <ho...@synyx.de> on 2008/01/04 18:15:06 UTC
Integrating JSPWiki in another webapp
Hi,
I'm currently in the process of integrating JSPWiki in a different
webapp and have some problems regarding authorization.
I want the wiki to be integrated completely in my webapp and use only
the login of my webapp. The wiki is not supposed to be visible at all
for anonymous users.
I developed a LoginModule that retrieves the user information from
session. The relevant section of the LoginModule:
WikiPrincipal userPrincipal = new
WikiPrincipal(user.getCmsUserName());
// If login succeeds, commit these principals/roles
m_principals.add(userPrincipal);
m_principals.add(Role.AUTHENTICATED);
m_principals.add(Role.ALL);
// If login succeeds, overwrite these principals/roles
m_principalsToOverwrite.add( WikiPrincipal.GUEST );
m_principalsToOverwrite.add(Role.ANONYMOUS);
m_principalsToOverwrite.add(Role.ASSERTED);
// If login fails, remove these roles
m_principalsToRemove.add(Role.AUTHENTICATED);
return true;
I adjusted the jspwiki.jaas configuration to look like this:
JSPWiki-container {
my.LoginModule SUFFICIENT;
com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
};
I still use the WebContainerAuthorizer, as long as I'm always logged in,
this shouldn't matter?
I adjusted jspwiki.policy to look like this (only Authenticated
permissions):
... keystore and code policies ...
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"rename";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};
Now when I access the main page everything seems to work fine (It
displays my user name on the left bar) but I can't click any links
because I don't have access to any page. (The log says: User hopf has no
access - forbidden
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:UndefinedPages","view"))
I ran a debugger session to find out, what's wrong. My session subject
contains all three principals (the WikiPrincipal and the two roles ALL
and AUTHENTICATED) but all security checks for PagePermissions fail. I
tried to include all PagePermissions (edit, view, ...) but this didn't
help either.
Am I on the right track trying to integrate the wiki in my user
management or am I doing something wrong?
Thanks for any help
Florian
Re: Integrating JSPWiki in another webapp
Posted by new2Jaas <ra...@gmail.com>.
Hi Florian,
We are trying the exact samething. We would like to know about sharing data
from one web application to LoginModule. In your comment you say that you
were able to get the user information from the "session".
Could you please throw more light on this. Is it a HttpSession or something
else.
Thanks for your quick reply!
new2Jaas
Florian Hopf-2 wrote:
>
> Hi,
> thanks for your quick response! I am doing this on 2.4, so this might be
> the case. I already checked the jar with jarsigner -verify but to me it
> seemed to be valid. I will try the upgrade as soon as possible and see if
> there is any change.
>
> Thanks
> Florian
>
>>
>> Hi!
>>
>> Are you doing this on 2.4 or 2.6? If 2.4, this kinda sounds like JAR
>> signing problems. In that case, I would strongly urge you to upgrade
>> to 2.6, since 2.6 does not require JAR signing anymore.
>>
>> /Janne
>>
>> On 4 Jan 2008, at 19:15, Florian Hopf wrote:
>>
>>> Hi,
>>> I'm currently in the process of integrating JSPWiki in a different
>>> webapp and have some problems regarding authorization.
>>>
>>> I want the wiki to be integrated completely in my webapp and use only
>>> the login of my webapp. The wiki is not supposed to be visible at all
>>> for anonymous users.
>>>
>>> I developed a LoginModule that retrieves the user information from
>>> session. The relevant section of the LoginModule:
>>>
>>> WikiPrincipal userPrincipal = new
>>> WikiPrincipal(user.getCmsUserName());
>>>
>>> // If login succeeds, commit these principals/roles
>>> m_principals.add(userPrincipal);
>>> m_principals.add(Role.AUTHENTICATED);
>>> m_principals.add(Role.ALL);
>>>
>>> // If login succeeds, overwrite these principals/roles
>>> m_principalsToOverwrite.add( WikiPrincipal.GUEST );
>>> m_principalsToOverwrite.add(Role.ANONYMOUS);
>>> m_principalsToOverwrite.add(Role.ASSERTED);
>>>
>>> // If login fails, remove these roles
>>> m_principalsToRemove.add(Role.AUTHENTICATED);
>>>
>>> return true;
>>>
>>> I adjusted the jspwiki.jaas configuration to look like this:
>>>
>>> JSPWiki-container {
>>> my.LoginModule SUFFICIENT;
>>> com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
>>> };
>>>
>>> I still use the WebContainerAuthorizer, as long as I'm always
>>> logged in,
>>> this shouldn't matter?
>>>
>>> I adjusted jspwiki.policy to look like this (only Authenticated
>>> permissions):
>>>
>>> ... keystore and code policies ...
>>>
>>> grant signedBy "jspwiki",
>>> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>>> "*:*",
>>> "rename";
>>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>>> "createPages";
>>> permission com.ecyrd.jspwiki.auth.permissions.AllPermission
>>> "JSPWiki";
>>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>>> "login";
>>> };
>>>
>>> Now when I access the main page everything seems to work fine (It
>>> displays my user name on the left bar) but I can't click any links
>>> because I don't have access to any page. (The log says: User hopf
>>> has no
>>> access - forbidden
>>> (permission=
>>> ("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Undefine
>>> dPages","view"))
>>>
>>> I ran a debugger session to find out, what's wrong. My session subject
>>> contains all three principals (the WikiPrincipal and the two roles ALL
>>> and AUTHENTICATED) but all security checks for PagePermissions fail. I
>>> tried to include all PagePermissions (edit, view, ...) but this didn't
>>> help either.
>>>
>>> Am I on the right track trying to integrate the wiki in my user
>>> management or am I doing something wrong?
>>>
>>> Thanks for any help
>>> Florian
>>
>>
>
>
>
>
--
View this message in context: http://www.nabble.com/Integrating-JSPWiki-in-another-webapp-tp14621031p17544739.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: Integrating JSPWiki in another webapp
Posted by ho...@synyx.de.
Hi,
thanks for your quick response! I am doing this on 2.4, so this might be
the case. I already checked the jar with jarsigner -verify but to me it
seemed to be valid. I will try the upgrade as soon as possible and see if
there is any change.
Thanks
Florian
>
> Hi!
>
> Are you doing this on 2.4 or 2.6? If 2.4, this kinda sounds like JAR
> signing problems. In that case, I would strongly urge you to upgrade
> to 2.6, since 2.6 does not require JAR signing anymore.
>
> /Janne
>
> On 4 Jan 2008, at 19:15, Florian Hopf wrote:
>
>> Hi,
>> I'm currently in the process of integrating JSPWiki in a different
>> webapp and have some problems regarding authorization.
>>
>> I want the wiki to be integrated completely in my webapp and use only
>> the login of my webapp. The wiki is not supposed to be visible at all
>> for anonymous users.
>>
>> I developed a LoginModule that retrieves the user information from
>> session. The relevant section of the LoginModule:
>>
>> WikiPrincipal userPrincipal = new
>> WikiPrincipal(user.getCmsUserName());
>>
>> // If login succeeds, commit these principals/roles
>> m_principals.add(userPrincipal);
>> m_principals.add(Role.AUTHENTICATED);
>> m_principals.add(Role.ALL);
>>
>> // If login succeeds, overwrite these principals/roles
>> m_principalsToOverwrite.add( WikiPrincipal.GUEST );
>> m_principalsToOverwrite.add(Role.ANONYMOUS);
>> m_principalsToOverwrite.add(Role.ASSERTED);
>>
>> // If login fails, remove these roles
>> m_principalsToRemove.add(Role.AUTHENTICATED);
>>
>> return true;
>>
>> I adjusted the jspwiki.jaas configuration to look like this:
>>
>> JSPWiki-container {
>> my.LoginModule SUFFICIENT;
>> com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
>> };
>>
>> I still use the WebContainerAuthorizer, as long as I'm always
>> logged in,
>> this shouldn't matter?
>>
>> I adjusted jspwiki.policy to look like this (only Authenticated
>> permissions):
>>
>> ... keystore and code policies ...
>>
>> grant signedBy "jspwiki",
>> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:*",
>> "rename";
>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "createPages";
>> permission com.ecyrd.jspwiki.auth.permissions.AllPermission
>> "JSPWiki";
>> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "login";
>> };
>>
>> Now when I access the main page everything seems to work fine (It
>> displays my user name on the left bar) but I can't click any links
>> because I don't have access to any page. (The log says: User hopf
>> has no
>> access - forbidden
>> (permission=
>> ("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Undefine
>> dPages","view"))
>>
>> I ran a debugger session to find out, what's wrong. My session subject
>> contains all three principals (the WikiPrincipal and the two roles ALL
>> and AUTHENTICATED) but all security checks for PagePermissions fail. I
>> tried to include all PagePermissions (edit, view, ...) but this didn't
>> help either.
>>
>> Am I on the right track trying to integrate the wiki in my user
>> management or am I doing something wrong?
>>
>> Thanks for any help
>> Florian
>
>
Re: Integrating JSPWiki in another webapp
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
Hi!
Are you doing this on 2.4 or 2.6? If 2.4, this kinda sounds like JAR
signing problems. In that case, I would strongly urge you to upgrade
to 2.6, since 2.6 does not require JAR signing anymore.
/Janne
On 4 Jan 2008, at 19:15, Florian Hopf wrote:
> Hi,
> I'm currently in the process of integrating JSPWiki in a different
> webapp and have some problems regarding authorization.
>
> I want the wiki to be integrated completely in my webapp and use only
> the login of my webapp. The wiki is not supposed to be visible at all
> for anonymous users.
>
> I developed a LoginModule that retrieves the user information from
> session. The relevant section of the LoginModule:
>
> WikiPrincipal userPrincipal = new
> WikiPrincipal(user.getCmsUserName());
>
> // If login succeeds, commit these principals/roles
> m_principals.add(userPrincipal);
> m_principals.add(Role.AUTHENTICATED);
> m_principals.add(Role.ALL);
>
> // If login succeeds, overwrite these principals/roles
> m_principalsToOverwrite.add( WikiPrincipal.GUEST );
> m_principalsToOverwrite.add(Role.ANONYMOUS);
> m_principalsToOverwrite.add(Role.ASSERTED);
>
> // If login fails, remove these roles
> m_principalsToRemove.add(Role.AUTHENTICATED);
>
> return true;
>
> I adjusted the jspwiki.jaas configuration to look like this:
>
> JSPWiki-container {
> my.LoginModule SUFFICIENT;
> com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
> };
>
> I still use the WebContainerAuthorizer, as long as I'm always
> logged in,
> this shouldn't matter?
>
> I adjusted jspwiki.policy to look like this (only Authenticated
> permissions):
>
> ... keystore and code policies ...
>
> grant signedBy "jspwiki",
> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission
> "*:*",
> "rename";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages";
> permission com.ecyrd.jspwiki.auth.permissions.AllPermission
> "JSPWiki";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
>
> Now when I access the main page everything seems to work fine (It
> displays my user name on the left bar) but I can't click any links
> because I don't have access to any page. (The log says: User hopf
> has no
> access - forbidden
> (permission=
> ("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Undefine
> dPages","view"))
>
> I ran a debugger session to find out, what's wrong. My session subject
> contains all three principals (the WikiPrincipal and the two roles ALL
> and AUTHENTICATED) but all security checks for PagePermissions fail. I
> tried to include all PagePermissions (edit, view, ...) but this didn't
> help either.
>
> Am I on the right track trying to integrate the wiki in my user
> management or am I doing something wrong?
>
> Thanks for any help
> Florian
Re: Integrating JSPWiki in another webapp
Posted by Ramya KGrama <ra...@gmail.com>.
The initialise() method is marked "Final" in the AbstractLoginModule class .
Hence, my LoginModule cannot override this method - to be able to initialise
my callBackHandler object as below:
MyLoginModule.initialise():
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
After authentication, I would like to create the appropriate WikiPrincipals.
and my understanding is that it can be done like below if my LoginModule
extends AbstractLoginModule:
MyLoginModule.login():
...................................
//userName comes from MyCallbackHandler
String principalString = userName;
if ( principalString == null )
throw new FailedLoginException( "No user Principal
found" );
if (userType == null) {
throw new FailedLoginException("User Type (Role)
not found:"+userType);
}
WikiPrincipal principal = new WikiPrincipal(
principalString );
m_principals.add( principal );
if ("C".equalsIgnoreCase(userType)) {
System.out.println("userType is C -
Authenticated role");
m_principals.add(Role.AUTHENTICATED);
m_principals.add( Role.ALL );
m_principalsToOverwrite.add( WikiPrincipal.GUEST
);
return true;
}
else if ("A".equalsIgnoreCase(userType) ||
"T".equalsIgnoreCase(userType)) {
m_principals.add( Role.ANONYMOUS );
//m_principals.add( Role.ALL );
}
else {
m_principals.add( Role.ANONYMOUS );
m_principalsToRemove.add( Role.ANONYMOUS );
}
On Fri, Jun 6, 2008 at 2:23 AM, Janne Jalkanen <Ja...@ecyrd.com>
wrote:
>
>> However, should MyLoginModule extend from AbstractLoginModule to be able
>> to
>> do that. If so, then I have an issue with initialising my callbackhandler
>> object in the loginmodule.
>>
>
> Exactly what issue do you have with initializing your callbackhandler in
> the loginmodule?
>
> /Janne
Re: Integrating JSPWiki in another webapp
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
>
> However, should MyLoginModule extend from AbstractLoginModule to be
> able to
> do that. If so, then I have an issue with initialising my
> callbackhandler
> object in the loginmodule.
Exactly what issue do you have with initializing your callbackhandler
in the loginmodule?
/Janne
Re: Integrating JSPWiki in another webapp
Posted by new2Jaas <ra...@gmail.com>.
Hi,
I tried a similar thing.
I am writing my own LoginModule (MyLoginModule) and MyCallbackHandler and
would want to "modifyPrincipals" as mentioned by Florian.
MyCallbackHandler is creating an array of callbacks[] with 2 Namecallback
objects (one for userName and one for userType). These two (userName and
userType) are got from request parameters that come from another web
application within the same Tomcat container.
However, should MyLoginModule extend from AbstractLoginModule to be able to
do that. If so, then I have an issue with initialising my callbackhandler
object in the loginmodule.
The earlier approach I tried was for MyLoginModule to implement LoginModule
interface - this let me implement initialise, commit, abort and logout
methods - but I didnt have access to the m_principals etc., collections to
be able to modifyPrincipals.
How do I do both - be able to initialise my callback handler AND have access
to m_principals etc., collections?
PLEASE HELP!!!
I am using Tomcat5.5. I set the jspwiki.security = jaas, set the policy to
use JSPWiki-Custom authentication. Using JSPWiki 2.6.2.
Florian Hopf-2 wrote:
>
> Hi,
> I'm currently in the process of integrating JSPWiki in a different
> webapp and have some problems regarding authorization.
>
> I want the wiki to be integrated completely in my webapp and use only
> the login of my webapp. The wiki is not supposed to be visible at all
> for anonymous users.
>
> I developed a LoginModule that retrieves the user information from
> session. The relevant section of the LoginModule:
>
> WikiPrincipal userPrincipal = new
> WikiPrincipal(user.getCmsUserName());
>
> // If login succeeds, commit these principals/roles
> m_principals.add(userPrincipal);
> m_principals.add(Role.AUTHENTICATED);
> m_principals.add(Role.ALL);
>
> // If login succeeds, overwrite these principals/roles
> m_principalsToOverwrite.add( WikiPrincipal.GUEST );
> m_principalsToOverwrite.add(Role.ANONYMOUS);
> m_principalsToOverwrite.add(Role.ASSERTED);
>
> // If login fails, remove these roles
> m_principalsToRemove.add(Role.AUTHENTICATED);
>
> return true;
>
> I adjusted the jspwiki.jaas configuration to look like this:
>
> JSPWiki-container {
> my.LoginModule SUFFICIENT;
> com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
> };
>
> I still use the WebContainerAuthorizer, as long as I'm always logged in,
> this shouldn't matter?
>
> I adjusted jspwiki.policy to look like this (only Authenticated
> permissions):
>
> ... keystore and code policies ...
>
> grant signedBy "jspwiki",
> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "rename";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages";
> permission com.ecyrd.jspwiki.auth.permissions.AllPermission "JSPWiki";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
>
> Now when I access the main page everything seems to work fine (It
> displays my user name on the left bar) but I can't click any links
> because I don't have access to any page. (The log says: User hopf has no
> access - forbidden
> (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:UndefinedPages","view"))
>
> I ran a debugger session to find out, what's wrong. My session subject
> contains all three principals (the WikiPrincipal and the two roles ALL
> and AUTHENTICATED) but all security checks for PagePermissions fail. I
> tried to include all PagePermissions (edit, view, ...) but this didn't
> help either.
>
> Am I on the right track trying to integrate the wiki in my user
> management or am I doing something wrong?
>
> Thanks for any help
> Florian
>
>
>
--
View this message in context: http://www.nabble.com/Integrating-JSPWiki-in-another-webapp-tp14621031p17655103.html
Sent from the JspWiki - User mailing list archive at Nabble.com.