You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Schenk, Andre" <An...@FIZ-Karlsruhe.DE> on 2010/01/15 14:36:41 UTC
custom login in JSPWiki
Hi developers,
I thought my problem was solved with JSPWiki 2.8.3 but unfortunately is isn't.
What I like to do is to use an own WikiPageProvider which gets the Wiki pages from an external repository. The access to this repository is restricted so I need a login handle or at least a user/password information.
Beginning with release 2.8.3 there is a WikiEngineCallback available in the AbstractLoginModule.login(). Now I can do a custom login, get a login handle from the given user/password and store it in the Wiki engine object. Later on the page provider can pick that handle from the Wiki engine and use it to get the Wiki pages from the repository.
Now my problem is that the Wiki engine is not bound to a session so if someone logs in then his login handle is globally visible.
Is there a way to solve my problem?
Thanks for your help!
Best regards,
André
---------------------------------------
André Schenk
ePublishing & eScience
Development & Applied Research
Phone +49 7247 808-215
Fax +49 7247 808-133
Andre.Schenk@fiz-karlsruhe.de
FIZ Karlsruhe
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen, Germany
www.fiz-karlsruhe.de
---------------------------------------
-------------------------------------------------------
Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich-technische Information mbH.
Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892.
Geschäftsführerin: Sabine Brünger-Weilandt.
Vorsitzender des Aufsichtsrats: MinR Hermann Riehl.
RE: custom login in JSPWiki
Posted by "Schenk, Andre" <An...@FIZ-Karlsruhe.DE>.
Janne,
> You *can* however do some trickery by creating a PageFilter or a
> ServletFilter which sits in front of every request, and stores the
> credentials inside a singleton, which contains a ThreadLocal to store
> the credentials, which can then be fetched by the Provider.
Thank you very much for that hint! It works! It took some time before I realized that I had to switch off the page cache from JSPWiki because it doesn't know that page access depends on the logged in user in my environment.
Best regards,
André
-------------------------------------------------------
Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich-technische Information mbH.
Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB 101892.
Geschäftsführerin: Sabine Brünger-Weilandt.
Vorsitzender des Aufsichtsrats: MinR Hermann Riehl.
Re: custom login in JSPWiki
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
That's a bit tricky, since the PageProvider interface does not support
sending any information about the request through the interface
itself. From the Provider's point of view, the engine is a complete
black hole.
You *can* however do some trickery by creating a PageFilter or a
ServletFilter which sits in front of every request, and stores the
credentials inside a singleton, which contains a ThreadLocal to store
the credentials, which can then be fetched by the Provider.
E.g.
class MyFilter implements Filter
{
public static ThreadLocal<MyCredentials> c_credentials = new
ThreadLocal<MyCredentials>();
public void doFilter( ServletRequest request, ServletResponse
response, FilterChain chain )
{
m_engine.getAuthenticationManager().login( httpRequest );
WikiSession wikiSession =
SessionMonitor.getInstance( m_engine ).find( httpRequest.getSession() );
c_credentials.set( new
MyCredentials(wikiSession.getLoginPrincipal()) );
chain.doFilter( httpRequest, response );
}
}
...
class MyProvider implements WikiPageProvider
{
public boolean pageExists( String page )
{
MyCredentials c = MyFilter.c_credentials.get();
...
}
}
Or something to that effect. A bit complicated, but would work. The
ThreadLocal part is important. You could also store the entire
WikiSession in there, if you wanted to, but then you want to be
careful as to make sure that it gets collected by setting it to null
after using it. WikiSessions can be big.
/Janne
On Jan 15, 2010, at 15:36 , Schenk, Andre wrote:
> Hi developers,
>
> I thought my problem was solved with JSPWiki 2.8.3 but unfortunately
> is isn't.
>
> What I like to do is to use an own WikiPageProvider which gets the
> Wiki pages from an external repository. The access to this
> repository is restricted so I need a login handle or at least a user/
> password information.
>
> Beginning with release 2.8.3 there is a WikiEngineCallback available
> in the AbstractLoginModule.login(). Now I can do a custom login, get
> a login handle from the given user/password and store it in the Wiki
> engine object. Later on the page provider can pick that handle from
> the Wiki engine and use it to get the Wiki pages from the repository.
>
> Now my problem is that the Wiki engine is not bound to a session so
> if someone logs in then his login handle is globally visible.
>
> Is there a way to solve my problem?
>
> Thanks for your help!
>
> Best regards,
>
> André
>
> ---------------------------------------
> André Schenk
> ePublishing & eScience
> Development & Applied Research
> Phone +49 7247 808-215
> Fax +49 7247 808-133
> Andre.Schenk@fiz-karlsruhe.de
>
>
> FIZ Karlsruhe
> Hermann-von-Helmholtz-Platz 1
> 76344 Eggenstein-Leopoldshafen, Germany
>
> www.fiz-karlsruhe.de
> ---------------------------------------
>
>
> -------------------------------------------------------
>
> Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich-
> technische Information mbH.
> Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht
> Mannheim HRB 101892.
> Geschäftsführerin: Sabine Brünger-Weilandt.
> Vorsitzender des Aufsichtsrats: MinR Hermann Riehl.
>