You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ja...@apache.org on 2008/04/09 21:28:06 UTC
svn commit: r646491 - /incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
Author: jalkanen
Date: Wed Apr 9 12:28:04 2008
New Revision: 646491
URL: http://svn.apache.org/viewvc?rev=646491&view=rev
Log:
Added explanation about the new authentication options which are replacing the JAAS file.
Modified:
incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
Modified: incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl?rev=646491&r1=646490&r2=646491&view=diff
==============================================================================
--- incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl (original)
+++ incubator/jspwiki/trunk/etc/jspwiki.properties.tmpl Wed Apr 9 12:28:04 2008
@@ -475,6 +475,7 @@
# The implementation MUST have a zero-argument constructor (as noted in the
# javax.security.auth.spi.LoginModule Javadocs).
jspwiki.loginModule.class = com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
+
#
# JAAS LoginContext parameters used to initialize the LoginModule. Note that 'param1'
# etc. should be replaced with the actual parameter names. The parameter names and
@@ -483,6 +484,41 @@
# not need any options.
#jspwiki.loginModule.options.param1 = value1
#jspwiki.loginModule.options.param2 = value2
+
+#
+# Cookie authentication & assertion
+#
+# If this value is set to "true", then JSPWiki will allow you to "assert" an
+# identity using a cookie. It's still considered to be unsafe, just like no
+# login at all, but it is useful when you have no need to force everyone to login.
+#
+# By default, this is on.
+#
+#jspwiki.cookieAssertions=true
+
+#
+# If you would like to keep your users logged in for weeks at a time, you can
+# turn on "cookie authentication" feature. However, this comes with important
+# security caveats:
+# 1) User will stay logged in into your system for weeks. This means that if
+# someone manages to nab the cookie during this time, they can pretend to
+# be that user.
+# 2) The mappings between cookies and users are written in your filesystem,
+# in $jspwiki.workDir/logincookies. Access to this directory means that
+# the ability to fake anyone in the wiki, so please make sure that only
+# the proper admin has read access to this directory.
+#
+# By default, cookie authentication is off.
+#
+#jspwiki.cookieAuthentication=false
+
+#
+# Defines how many days the cookies are kept, and how often the people have to log in.
+# The default is two weeks, i.e. 14 days. If you need a shorter period than one day,
+# turn off cookie authorization, then tweak your web.xml to allow for longer sessions.
+#
+#jspwiki.cookieAuthorization.expiry=14
+
#
#
# AUTHORIZATION