Re: User Preferences not getting saved

View: New views

20 Messages — Rating Filter: Alert me

< Prev | 1 - 2 | Next >

	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Can you please let me know if there is a workaround to fix this issue or if there is some configuration I am missing .. Thanks, Bhanu .. --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: From: Bhavani <bhanu0608@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Saturday, June 27, 2009, 12:04 AM I tried deleting my browser cookies, opened the browser session again and tried changing the name. But it still does not work. -Bhanu --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: From: Harry Metske <harry.metske@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Friday, June 26, 2009, 11:37 PM I think this can be solved by removing your old JSPWiki cookies. /Harry 2009/6/26 Bhavani <bhanu0608@...> > Hi, > > We installed jspwiki (version 2.8.3) and started working on it. > Works great but recently noticed that when I change the name in the 'User > Preferences' tab and try to save it, it seems like it is saving it and > redirects me to the wiki page. But when I go back to the 'User preferences' > page, I see the old value. > > I tried this both on Firefox and IE. Please let me know if there is > resolution for this issue. > > Thanks, > Bhanu:-) > > > > >
	Re: User Preferences not getting saved by Janne Jalkanen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: > > From: Bhavani <bhanu0608@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: > > From: Harry Metske <harry.metske@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@...> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes it happens on IE and Firefox and for other users as well. -Bhanu --- On Wed, 7/8/09, Janne Jalkanen <janne.jalkanen@...> wrote: From: Janne Jalkanen <janne.jalkanen@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Wednesday, July 8, 2009, 12:27 AM Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: > > From: Bhavani <bhanu0608@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: > > From: Harry Metske <harry.metske@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@...> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Table Plug In by Robert Forbes-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert
	RE: Table Plug In by Hobbs, Joseph :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message It's available as an attachment to that page. Did you check the attachment tab? Joseph Hobbs Email : Joseph.Hobbs@... -----Original Message----- From: Robert Forbes [mailto:rforbes@...] Sent: Thursday, July 09, 2009 3:39 PM To: jspwiki-user@... Subject: Table Plug In http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
	RE: Table Plug In by Robert Forbes-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message D'oh! Too obvious The dumb-user error that I usually catch my customers in. Thank you -----Original Message----- From: Hobbs, Joseph [mailto:Joseph.Hobbs@...] Sent: July-09-09 12:42 PM To: jspwiki-user@... Subject: RE: Table Plug In It's available as an attachment to that page. Did you check the attachment tab? Joseph Hobbs Email : Joseph.Hobbs@... -----Original Message----- From: Robert Forbes [mailto:rforbes@...] Sent: Thursday, July 09, 2009 3:39 PM To: jspwiki-user@... Subject: Table Plug In http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil Bhavani-8 wrote: Yes it happens on IE and Firefox and for other users as well. -Bhanu --- On Wed, 7/8/09, Janne Jalkanen <janne.jalkanen@ecyrd.com> wrote: From: Janne Jalkanen <janne.jalkanen@ecyrd.com> Subject: Re: User Preferences not getting saved To: jspwiki-user@incubator.apache.org Date: Wednesday, July 8, 2009, 12:27 AM Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@yahoo.com> wrote: > > From: Bhavani <bhanu0608@yahoo.com> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@incubator.apache.org > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@gmail.com> wrote: > > From: Harry Metske <harry.metske@gmail.com> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@incubator.apache.org > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@yahoo.com> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The baseURL we have is: jspwiki.baseURL=http://Servername.com/wiki/ Yet the preferences do not seem to work. I tried analyzing the cookie and this is how it looks before and after updating the preferences: Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki After: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%2C%22SkinName%22%3Anull%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7DHostw3int.hitachigst.comPath/wiki Thanks, Bhanu :) --- On Fri, 7/10/09, TruptiP <trupti.p27@...> wrote: From: TruptiP <trupti.p27@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Friday, July 10, 2009, 12:14 PM Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi After observing cookies I found that the word Path comes in wiki baseURL Is it part of baseURL or it is something different. Please check and try to find out what it is? If your baseURL is Hostw3int.hitachigst.com/wiki then it should come as it is. Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki Thanks, Trupti Patil Bhavani-8 wrote: The baseURL we have is: jspwiki.baseURL=http://Servername.com/wiki/ Yet the preferences do not seem to work. I tried analyzing the cookie and this is how it looks before and after updating the preferences: Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki After: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%2C%22SkinName%22%3Anull%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7DHostw3int.hitachigst.comPath/wiki Thanks, Bhanu :) --- On Fri, 7/10/09, TruptiP <trupti.p27@gmail.com> wrote: From: TruptiP <trupti.p27@gmail.com> Subject: Re: User Preferences not getting saved To: jspwiki-user@incubator.apache.org Date: Friday, July 10, 2009, 12:14 PM Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Thanks for the response. I pasted the Cookie information from the browser and maybe it didnot come out properly formatted. Here is how the information looks: Before: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki After: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki Thanks, Bhanu:)
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I observed my cookies and I am getting fullpath in one line i.e. ServerName.com/Wiki Please check with your tomcat settings and search on google about cookies. Thanks, Trupti Bhavani-8 wrote: Hi, Thanks for the response. I pasted the Cookie information from the browser and maybe it didnot come out properly formatted. Here is how the information looks: Before: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki After: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki Thanks, Bhanu:)
	2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Has anyone successfully done this? In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user data, so I have no local userdatabse.xml file to fall back on. The existing LDAPUserDatabase doesn't work with 2.8, of course. If you've done this, how are you handling the userdatabase portion under 2.8? We have a very large ldap database, but a relatively small number of JSPWiki users, so migrating the ldap info into an xml (or even mysql) userdatabase seems a bit like overkill (though this may be the simplest route to take given my relative inability to recode the LDAPUserDatabase stuff). Any thoughts appreciated.
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Janne Jalkanen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Heya! Does this help? http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP /Janne On 14 Jul 2009, at 21:37, jonathan wrote: > Has anyone successfully done this? > > In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user > data, so I have no local userdatabse.xml file to fall back on. The > existing LDAPUserDatabase doesn't work with 2.8, of course. > > If you've done this, how are you handling the userdatabase portion > under 2.8? We have a very large ldap database, but a relatively > small number of JSPWiki users, so migrating the ldap info into an > xml (or even mysql) userdatabase seems a bit like overkill (though > this may be the simplest route to take given my relative inability > to recode the LDAPUserDatabase stuff). > > Any thoughts appreciated.
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message heya too! The wiki page on container auth has been very, very helpful, yes. Upon further investigation, I think my issues are currently more role-related than UserDatabase related. Container has been set up to authenticate to ldap, no roles have been configured, web.xml is default container-managed config. As soon as I log in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I click "Better luck next time", I end up back on the main page, "authenticated" (much like this problem: http://www.mail-archive.com/jspwiki-user@.../msg01892.html - except I'm using Tomcat 5.5.15). If I look at my security log, I get the following entries only after I click the "Better luck..." link on the Forbidden page: 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, target=com.ecyrd.jspwiki.WikiSession@1f55105] It looks like I now should have the "Authenticated" role from the container (though I don't seem to have it (according to the log, anyway) immediately after clicking "login" which is strange). However, I still get "Forbidden" if I try and go to Edit.jsp or similar (the "Authenticated area" in web.xml). After the initial "Forbidden", my wiki acls seem to work properly, but the container-given Role ("Authenticated") doesn't seem to be working, even though the logs appear to indicate that the role has been assigned. Thoughts on where to go from here? as always, many thanks, jonathan. Janne Jalkanen wrote: > > Heya! > > Does this help? > > http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP > > /Janne > > On 14 Jul 2009, at 21:37, jonathan wrote: > >> Has anyone successfully done this? >> >> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >> data, so I have no local userdatabse.xml file to fall back on. The >> existing LDAPUserDatabase doesn't work with 2.8, of course. >> >> If you've done this, how are you handling the userdatabase portion >> under 2.8? We have a very large ldap database, but a relatively small >> number of JSPWiki users, so migrating the ldap info into an xml (or >> even mysql) userdatabase seems a bit like overkill (though this may be >> the simplest route to take given my relative inability to recode the >> LDAPUserDatabase stuff). >> >> Any thoughts appreciated. > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message update/fix: I've added a new role "person", via userRoleName="objectClass" in my server.xml realm configuration (as well as appropriate adds in web.xml). I also had to add a connectionName and connectionPassword since we don't allow anonymous searches of the directory. I now get assigned the "person" role by the container, in addition to "Authenticated": 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, princpal=com.ecyrd.jspwiki.auth.authorize.Role person, target=com.ecyrd.jspwiki.WikiSession@6d06b0] 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, target=com.ecyrd.jspwiki.WikiSession@6d06b0] I no longer get "Forbidden". I'm unsure why this manually configured role works differently than the default "Authenticated", but this is a workable solution. curious point: with jspwiki.cookieAssertions=true in jspwiki.properties, I'm forced to login twice (at which point everything works). With it false, I get properly authenticated the first time. strange. jonathan. jonathan wrote: > heya too! > > The wiki page on container auth has been very, very helpful, yes. Upon > further investigation, I think my issues are currently more role-related > than UserDatabase related. > > Container has been set up to authenticate to ldap, no roles have been > configured, web.xml is default container-managed config. As soon as I > log in, I end up getting a forbidden page (on Login.jsp?redirect=Main). > If I click "Better luck next time", I end up back on the main page, > "authenticated" (much like this problem: > http://www.mail-archive.com/jspwiki-user@.../msg01892.html > - except I'm using Tomcat 5.5.15). > > If I look at my security log, I get the following entries only after I > click the "Better luck..." link on the Forbidden page: > > 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > > > It looks like I now should have the "Authenticated" role from the > container (though I don't seem to have it (according to the log, anyway) > immediately after clicking "login" which is strange). However, I still > get "Forbidden" if I try and go to Edit.jsp or similar (the > "Authenticated area" in web.xml). > > After the initial "Forbidden", my wiki acls seem to work properly, but > the container-given Role ("Authenticated") doesn't seem to be working, > even though the logs appear to indicate that the role has been assigned. > > Thoughts on where to go from here? > > as always, many thanks, > jonathan. > > > Janne Jalkanen wrote: >> >> Heya! >> >> Does this help? >> >> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >> >> /Janne >> >> On 14 Jul 2009, at 21:37, jonathan wrote: >> >>> Has anyone successfully done this? >>> >>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>> data, so I have no local userdatabse.xml file to fall back on. The >>> existing LDAPUserDatabase doesn't work with 2.8, of course. >>> >>> If you've done this, how are you handling the userdatabase portion >>> under 2.8? We have a very large ldap database, but a relatively >>> small number of JSPWiki users, so migrating the ldap info into an xml >>> (or even mysql) userdatabase seems a bit like overkill (though this >>> may be the simplest route to take given my relative inability to >>> recode the LDAPUserDatabase stuff). >>> >>> Any thoughts appreciated. >> >> >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Andrew Jaquith-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jonathan -- Very interesting. I'll look into this. Thanks for investigating. -- Andrew On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: > update/fix: > > I've added a new role "person", via userRoleName="objectClass" in my > server.xml realm configuration (as well as appropriate adds in > web.xml). I also had to add a connectionName and connectionPassword > since we don't allow anonymous searches of the directory. > > I now get assigned the "person" role by the container, in addition > to "Authenticated": > > 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, > princpal=com.ecyrd.jspwiki.auth.authorize.Role person, > target=com.ecyrd.jspwiki.WikiSession@6d06b0] > 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@6d06b0] > > I no longer get "Forbidden". I'm unsure why this manually > configured role works differently than the default "Authenticated", > but this is a workable solution. > > curious point: with jspwiki.cookieAssertions=true in > jspwiki.properties, I'm forced to login twice (at which point > everything works). With it false, I get properly authenticated the > first time. strange. > > jonathan. > > jonathan wrote: >> heya too! >> The wiki page on container auth has been very, very helpful, yes. >> Upon further investigation, I think my issues are currently more >> role-related than UserDatabase related. >> Container has been set up to authenticate to ldap, no roles have >> been configured, web.xml is default container-managed config. As >> soon as I log in, I end up getting a forbidden page (on Login.jsp? >> redirect=Main). If I click "Better luck next time", I end up back >> on the main page, "authenticated" (much like this problem: http://www.mail-archive.com/jspwiki-user@.../msg01892.html >> - except I'm using Tomcat 5.5.15). >> If I look at my security log, I get the following entries only >> after I click the "Better luck..." link on the Forbidden page: >> 2009-07-15 17:11:07,547 INFO - >> WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,547 DEBUG - >> WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> It looks like I now should have the "Authenticated" role from the >> container (though I don't seem to have it (according to the log, >> anyway) immediately after clicking "login" which is strange). >> However, I still get "Forbidden" if I try and go to Edit.jsp or >> similar (the "Authenticated area" in web.xml). >> After the initial "Forbidden", my wiki acls seem to work properly, >> but the container-given Role ("Authenticated") doesn't seem to be >> working, even though the logs appear to indicate that the role has >> been assigned. >> Thoughts on where to go from here? >> as always, many thanks, >> jonathan. >> Janne Jalkanen wrote: >>> >>> Heya! >>> >>> Does this help? >>> >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>> >>> /Janne >>> >>> On 14 Jul 2009, at 21:37, jonathan wrote: >>> >>>> Has anyone successfully done this? >>>> >>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>> user data, so I have no local userdatabse.xml file to fall back >>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of >>>> course. >>>> >>>> If you've done this, how are you handling the userdatabase >>>> portion under 2.8? We have a very large ldap database, but a >>>> relatively small number of JSPWiki users, so migrating the ldap >>>> info into an xml (or even mysql) userdatabase seems a bit like >>>> overkill (though this may be the simplest route to take given my >>>> relative inability to recode the LDAPUserDatabase stuff). >>>> >>>> Any thoughts appreciated. >>> >>>
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Louis Masters :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 2.8.1, we have also been seeing the double login issue - I just thought it had something to do with Firefox, but I'll look into whether we have this property set. >curious point: with jspwiki.cookieAssertions=true in jspwiki.properties, I'm forced to login twice (at which point everything works). With it false, I get properly authenticated the first time. strange. Andrew Jaquith wrote: > Jonathan -- > > Very interesting. I'll look into this. Thanks for investigating. --Andrew > > On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: > >> update/fix: >> >> I've added a new role "person", via userRoleName="objectClass" in my >> server.xml realm configuration (as well as appropriate adds in >> web.xml). I also had to add a connectionName and connectionPassword >> since we don't allow anonymous searches of the directory. >> >> I now get assigned the "person" role by the container, in addition to >> "Authenticated": >> >> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role person, >> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >> >> I no longer get "Forbidden". I'm unsure why this manually configured >> role works differently than the default "Authenticated", but this is >> a workable solution. >> >> curious point: with jspwiki.cookieAssertions=true in >> jspwiki.properties, I'm forced to login twice (at which point >> everything works). With it false, I get properly authenticated the >> first time. strange. >> >> jonathan. >> >> jonathan wrote: >>> heya too! >>> The wiki page on container auth has been very, very helpful, yes. >>> Upon further investigation, I think my issues are currently more >>> role-related than UserDatabase related. >>> Container has been set up to authenticate to ldap, no roles have >>> been configured, web.xml is default container-managed config. As >>> soon as I log in, I end up getting a forbidden page (on >>> Login.jsp?redirect=Main). If I click "Better luck next time", I end >>> up back on the main page, "authenticated" (much like this problem: >>> http://www.mail-archive.com/jspwiki-user@.../msg01892.html - >>> except I'm using Tomcat 5.5.15). >>> If I look at my security log, I get the following entries only >>> after I click the "Better luck..." link on the Forbidden page: >>> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,547 DEBUG - >>> WikiSecurityEvent.LOGIN_AUTHENTICATED >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> It looks like I now should have the "Authenticated" role from the >>> container (though I don't seem to have it (according to the log, >>> anyway) immediately after clicking "login" which is strange). >>> However, I still get "Forbidden" if I try and go to Edit.jsp or >>> similar (the "Authenticated area" in web.xml). >>> After the initial "Forbidden", my wiki acls seem to work properly, >>> but the container-given Role ("Authenticated") doesn't seem to be >>> working, even though the logs appear to indicate that the role has >>> been assigned. >>> Thoughts on where to go from here? >>> as always, many thanks, >>> jonathan. >>> Janne Jalkanen wrote: >>>> >>>> Heya! >>>> >>>> Does this help? >>>> >>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>> >>>> /Janne >>>> >>>> On 14 Jul 2009, at 21:37, jonathan wrote: >>>> >>>>> Has anyone successfully done this? >>>>> >>>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>>> user data, so I have no local userdatabse.xml file to fall back >>>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of course. >>>>> >>>>> If you've done this, how are you handling the userdatabase portion >>>>> under 2.8? We have a very large ldap database, but a relatively >>>>> small number of JSPWiki users, so migrating the ldap info into an >>>>> xml (or even mysql) userdatabase seems a bit like overkill (though >>>>> this may be the simplest route to take given my relative inability >>>>> to recode the LDAPUserDatabase stuff). >>>>> >>>>> Any thoughts appreciated. >>>> >>>> > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message re: double-login It's not a cookieAssertion issue. I've done more testing, and it's definitely still occurring even with cookieAssertion set to false (drat). Double-login issue also happens in Chrome. I haven't replicated it in IE, but I haven't done a lot of IE testing either. jonathan. Louis Masters wrote: > On 2.8.1, we have also been seeing the double login issue - I just > thought it had something to do with Firefox, but I'll look into whether > we have this property set. > > >curious point: with jspwiki.cookieAssertions=true in > jspwiki.properties, I'm forced to login twice (at which point everything > works). With it false, I get properly authenticated the first time. > strange. > > > Andrew Jaquith wrote: >> Jonathan -- >> >> Very interesting. I'll look into this. Thanks for investigating. --Andrew >> >> On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: >> >>> update/fix: >>> >>> I've added a new role "person", via userRoleName="objectClass" in my >>> server.xml realm configuration (as well as appropriate adds in >>> web.xml). I also had to add a connectionName and connectionPassword >>> since we don't allow anonymous searches of the directory. >>> >>> I now get assigned the "person" role by the container, in addition to >>> "Authenticated": >>> >>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role person, >>> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >>> >>> I no longer get "Forbidden". I'm unsure why this manually configured >>> role works differently than the default "Authenticated", but this is >>> a workable solution. >>> >>> curious point: with jspwiki.cookieAssertions=true in >>> jspwiki.properties, I'm forced to login twice (at which point >>> everything works). With it false, I get properly authenticated the >>> first time. strange. >>> >>> jonathan. >>> >>> jonathan wrote: >>>> heya too! >>>> The wiki page on container auth has been very, very helpful, yes. >>>> Upon further investigation, I think my issues are currently more >>>> role-related than UserDatabase related. >>>> Container has been set up to authenticate to ldap, no roles have >>>> been configured, web.xml is default container-managed config. As >>>> soon as I log in, I end up getting a forbidden page (on >>>> Login.jsp?redirect=Main). If I click "Better luck next time", I end >>>> up back on the main page, "authenticated" (much like this problem: >>>> http://www.mail-archive.com/jspwiki-user@.../msg01892.html >>>> - except I'm using Tomcat 5.5.15). >>>> If I look at my security log, I get the following entries only >>>> after I click the "Better luck..." link on the Forbidden page: >>>> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,547 DEBUG - >>>> WikiSecurityEvent.LOGIN_AUTHENTICATED >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> It looks like I now should have the "Authenticated" role from the >>>> container (though I don't seem to have it (according to the log, >>>> anyway) immediately after clicking "login" which is strange). >>>> However, I still get "Forbidden" if I try and go to Edit.jsp or >>>> similar (the "Authenticated area" in web.xml). >>>> After the initial "Forbidden", my wiki acls seem to work properly, >>>> but the container-given Role ("Authenticated") doesn't seem to be >>>> working, even though the logs appear to indicate that the role has >>>> been assigned. >>>> Thoughts on where to go from here? >>>> as always, many thanks, >>>> jonathan. >>>> Janne Jalkanen wrote: >>>>> >>>>> Heya! >>>>> >>>>> Does this help? >>>>> >>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>>> >>>>> /Janne >>>>> >>>>> On 14 Jul 2009, at 21:37, jonathan wrote: >>>>> >>>>>> Has anyone successfully done this? >>>>>> >>>>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>>>> user data, so I have no local userdatabse.xml file to fall back >>>>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of course. >>>>>> >>>>>> If you've done this, how are you handling the userdatabase portion >>>>>> under 2.8? We have a very large ldap database, but a relatively >>>>>> small number of JSPWiki users, so migrating the ldap info into an >>>>>> xml (or even mysql) userdatabase seems a bit like overkill (though >>>>>> this may be the simplest route to take given my relative inability >>>>>> to recode the LDAPUserDatabase stuff). >>>>>> >>>>>> Any thoughts appreciated. >>>>> >>>>> >> >> > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Andrew Jaquith-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jonathan, I did some tests and determined that the cause of the problem is probably on your end. Here's the deal: - Container-managed authentication and authorization works by protecting a set of resources with auth-constraints - Each auth-constraint lists one or more roles that are allowed to access those resources. Now here's the important point: these are CONTAINER roles, not JSPWiki roles. - The default auth-constraint that protects Login.jsp (and thus triggers authentication) is protected by a sample container role called Authenticated. This is NOT the same as the JSPWiki role called Authenticated. - Thus, if your container is not configured to return any roles, the container will NOT let you access Login.jsp and returns a 403 (Forbidden), which directs you to Forbidden.html. This is exactly how the container is supposed to behave when a user is "unauthorized", which you are if you don't possess any container roles. - However, even though you did not receive the proper container role to access Login.jsp, your session is STILL authenticated, and as such your HttpServletRequest possesses a UserPrincipal. JSPWiki sniffs this principal during the next request and says, "Aha! The user is container-authenticated" and prints out the G'day (authenticated) message. Got it? Essentially, the container authenticates you, and JSPWiki figures that out. In between those two events, the fact that the user doesn't possess any container roles is what produces the 403. The fix is simple. Just make sure that the role named in the auth-constraint is the same as one returned by your container. In our default web.xml, we assume that this role is called "Authenticated." If your default container role is different (for example, "person"), make sure the one in web.xml matches that role name. I don't know what the root cause of your cookie authentication issue is. I could not reproduce it. Andrew On Wed, Jul 15, 2009 at 5:30 PM, jonathan<jengbrec@...> wrote: > heya too! > > The wiki page on container auth has been very, very helpful, yes. Upon > further investigation, I think my issues are currently more role-related > than UserDatabase related. > > Container has been set up to authenticate to ldap, no roles have been > configured, web.xml is default container-managed config. As soon as I log > in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I > click "Better luck next time", I end up back on the main page, > "authenticated" (much like this problem: > http://www.mail-archive.com/jspwiki-user@.../msg01892.html > - except I'm using Tomcat 5.5.15). > > If I look at my security log, I get the following entries only after I > click the "Better luck..." link on the Forbidden page: > > 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > > > It looks like I now should have the "Authenticated" role from the container > (though I don't seem to have it (according to the log, anyway) immediately > after clicking "login" which is strange). However, I still get "Forbidden" > if I try and go to Edit.jsp or similar (the "Authenticated area" in > web.xml). > > After the initial "Forbidden", my wiki acls seem to work properly, but the > container-given Role ("Authenticated") doesn't seem to be working, even > though the logs appear to indicate that the role has been assigned. > > Thoughts on where to go from here? > > as always, many thanks, > jonathan. > > > Janne Jalkanen wrote: >> >> Heya! >> >> Does this help? >> >> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >> >> /Janne >> >> On 14 Jul 2009, at 21:37, jonathan wrote: >> >>> Has anyone successfully done this? >>> >>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>> data, so I have no local userdatabse.xml file to fall back on. The existing >>> LDAPUserDatabase doesn't work with 2.8, of course. >>> >>> If you've done this, how are you handling the userdatabase portion under >>> 2.8? We have a very large ldap database, but a relatively small number of >>> JSPWiki users, so migrating the ldap info into an xml (or even mysql) >>> userdatabase seems a bit like overkill (though this may be the simplest >>> route to take given my relative inability to recode the LDAPUserDatabase >>> stuff). >>> >>> Any thoughts appreciated. >> >> >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message thanks a lot Andrew, I figured it was something like this - the security logs are a bit confusing on this point. The cookie assertion issue isn't a cookie assertion issue (contrary to my initial report). There's something about Firefox/Chrome that often requires you to log-in twice. I haven't done any further investigation into this, but the problem doesn't seem to manifest (so far) in IE. thanks again for all your help, Jonathan. Andrew Jaquith wrote: > Jonathan, > > I did some tests and determined that the cause of the problem is > probably on your end. Here's the deal: > > - Container-managed authentication and authorization works by > protecting a set of resources with auth-constraints > > - Each auth-constraint lists one or more roles that are allowed to > access those resources. Now here's the important point: these are > CONTAINER roles, not JSPWiki roles. > > - The default auth-constraint that protects Login.jsp (and thus > triggers authentication) is protected by a sample container role > called Authenticated. This is NOT the same as the JSPWiki role called > Authenticated. > > - Thus, if your container is not configured to return any roles, the > container will NOT let you access Login.jsp and returns a 403 > (Forbidden), which directs you to Forbidden.html. This is exactly how > the container is supposed to behave when a user is "unauthorized", > which you are if you don't possess any container roles. > > - However, even though you did not receive the proper container role > to access Login.jsp, your session is STILL authenticated, and as such > your HttpServletRequest possesses a UserPrincipal. JSPWiki sniffs this > principal during the next request and says, "Aha! The user is > container-authenticated" and prints out the G'day (authenticated) > message. > > Got it? Essentially, the container authenticates you, and JSPWiki > figures that out. In between those two events, the fact that the user > doesn't possess any container roles is what produces the 403. > > The fix is simple. Just make sure that the role named in the > auth-constraint is the same as one returned by your container. In our > default web.xml, we assume that this role is called "Authenticated." > If your default container role is different (for example, "person"), > make sure the one in web.xml matches that role name. > > I don't know what the root cause of your cookie authentication issue > is. I could not reproduce it. > > Andrew > > On Wed, Jul 15, 2009 at 5:30 PM, jonathan<jengbrec@...> wrote: >> heya too! >> >> The wiki page on container auth has been very, very helpful, yes. Upon >> further investigation, I think my issues are currently more role-related >> than UserDatabase related. >> >> Container has been set up to authenticate to ldap, no roles have been >> configured, web.xml is default container-managed config. As soon as I log >> in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I >> click "Better luck next time", I end up back on the main page, >> "authenticated" (much like this problem: >> http://www.mail-archive.com/jspwiki-user@.../msg01892.html >> - except I'm using Tomcat 5.5.15). >> >> If I look at my security log, I get the following entries only after I >> click the "Better luck..." link on the Forbidden page: >> >> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> >> >> It looks like I now should have the "Authenticated" role from the container >> (though I don't seem to have it (according to the log, anyway) immediately >> after clicking "login" which is strange). However, I still get "Forbidden" >> if I try and go to Edit.jsp or similar (the "Authenticated area" in >> web.xml). >> >> After the initial "Forbidden", my wiki acls seem to work properly, but the >> container-given Role ("Authenticated") doesn't seem to be working, even >> though the logs appear to indicate that the role has been assigned. >> >> Thoughts on where to go from here? >> >> as always, many thanks, >> jonathan. >> >> >> Janne Jalkanen wrote: >>> Heya! >>> >>> Does this help? >>> >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>> >>> /Janne >>> >>> On 14 Jul 2009, at 21:37, jonathan wrote: >>> >>>> Has anyone successfully done this? >>>> >>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>>> data, so I have no local userdatabse.xml file to fall back on. The existing >>>> LDAPUserDatabase doesn't work with 2.8, of course. >>>> >>>> If you've done this, how are you handling the userdatabase portion under >>>> 2.8? We have a very large ldap database, but a relatively small number of >>>> JSPWiki users, so migrating the ldap info into an xml (or even mysql) >>>> userdatabase seems a bit like overkill (though this may be the simplest >>>> route to take given my relative inability to recode the LDAPUserDatabase >>>> stuff). >>>> >>>> Any thoughts appreciated. >>> >

< Prev | 1 - 2 | Next >

	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Can you please let me know if there is a workaround to fix this issue or if there is some configuration I am missing .. Thanks, Bhanu .. --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: From: Bhavani <bhanu0608@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Saturday, June 27, 2009, 12:04 AM I tried deleting my browser cookies, opened the browser session again and tried changing the name. But it still does not work. -Bhanu --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: From: Harry Metske <harry.metske@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Friday, June 26, 2009, 11:37 PM I think this can be solved by removing your old JSPWiki cookies. /Harry 2009/6/26 Bhavani <bhanu0608@...> > Hi, > > We installed jspwiki (version 2.8.3) and started working on it. > Works great but recently noticed that when I change the name in the 'User > Preferences' tab and try to save it, it seems like it is saving it and > redirects me to the wiki page. But when I go back to the 'User preferences' > page, I see the old value. > > I tried this both on Firefox and IE. Please let me know if there is > resolution for this issue. > > Thanks, > Bhanu:-) > > > > >
	Re: User Preferences not getting saved by Janne Jalkanen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: > > From: Bhavani <bhanu0608@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: > > From: Harry Metske <harry.metske@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@...> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes it happens on IE and Firefox and for other users as well. -Bhanu --- On Wed, 7/8/09, Janne Jalkanen <janne.jalkanen@...> wrote: From: Janne Jalkanen <janne.jalkanen@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Wednesday, July 8, 2009, 12:27 AM Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@...> wrote: > > From: Bhavani <bhanu0608@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@...> wrote: > > From: Harry Metske <harry.metske@...> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@... > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@...> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Table Plug In by Robert Forbes-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert
	RE: Table Plug In by Hobbs, Joseph :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message It's available as an attachment to that page. Did you check the attachment tab? Joseph Hobbs Email : Joseph.Hobbs@... -----Original Message----- From: Robert Forbes [mailto:rforbes@...] Sent: Thursday, July 09, 2009 3:39 PM To: jspwiki-user@... Subject: Table Plug In http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
	RE: Table Plug In by Robert Forbes-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message D'oh! Too obvious The dumb-user error that I usually catch my customers in. Thank you -----Original Message----- From: Hobbs, Joseph [mailto:Joseph.Hobbs@...] Sent: July-09-09 12:42 PM To: jspwiki-user@... Subject: RE: Table Plug In It's available as an attachment to that page. Did you check the attachment tab? Joseph Hobbs Email : Joseph.Hobbs@... -----Original Message----- From: Robert Forbes [mailto:rforbes@...] Sent: Thursday, July 09, 2009 3:39 PM To: jspwiki-user@... Subject: Table Plug In http://www.jspwiki.org/wiki/TablePlugin Regarding the Table plugin that this page references ... Where do I find the plugin code. I have been looking (but obviously not in the right place) Robert This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil Bhavani-8 wrote: Yes it happens on IE and Firefox and for other users as well. -Bhanu --- On Wed, 7/8/09, Janne Jalkanen <janne.jalkanen@ecyrd.com> wrote: From: Janne Jalkanen <janne.jalkanen@ecyrd.com> Subject: Re: User Preferences not getting saved To: jspwiki-user@incubator.apache.org Date: Wednesday, July 8, 2009, 12:27 AM Does this happen on other browsers or other users as well? /Janne On 7 Jul 2009, at 21:14, Bhavani wrote: > Hi, > > Can you please let me know if there is a workaround to fix this > issue or if there is some configuration I am missing .. > > Thanks, > Bhanu .. > > --- On Sat, 6/27/09, Bhavani <bhanu0608@yahoo.com> wrote: > > From: Bhavani <bhanu0608@yahoo.com> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@incubator.apache.org > Date: Saturday, June 27, 2009, 12:04 AM > > I tried deleting my browser cookies, opened the browser session > again and tried changing the name. But it still does not work. > > -Bhanu > > --- On Fri, 6/26/09, Harry Metske <harry.metske@gmail.com> wrote: > > From: Harry Metske <harry.metske@gmail.com> > Subject: Re: User Preferences not getting saved > To: jspwiki-user@incubator.apache.org > Date: Friday, June 26, 2009, 11:37 PM > > I think this can be solved by removing your old JSPWiki cookies. > > /Harry > > > 2009/6/26 Bhavani <bhanu0608@yahoo.com> > >> Hi, >> >> We installed jspwiki (version 2.8.3) and started working on it. >> Works great but recently noticed that when I change the name in the >> 'User >> Preferences' tab and try to save it, it seems like it is saving it >> and >> redirects me to the wiki page. But when I go back to the 'User >> preferences' >> page, I see the old value. >> >> I tried this both on Firefox and IE. Please let me know if there is >> resolution for this issue. >> >> Thanks, >> Bhanu:-) >> >> >> >> >> > > > > > >
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The baseURL we have is: jspwiki.baseURL=http://Servername.com/wiki/ Yet the preferences do not seem to work. I tried analyzing the cookie and this is how it looks before and after updating the preferences: Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki After: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%2C%22SkinName%22%3Anull%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7DHostw3int.hitachigst.comPath/wiki Thanks, Bhanu :) --- On Fri, 7/10/09, TruptiP <trupti.p27@...> wrote: From: TruptiP <trupti.p27@...> Subject: Re: User Preferences not getting saved To: jspwiki-user@... Date: Friday, July 10, 2009, 12:14 PM Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi After observing cookies I found that the word Path comes in wiki baseURL Is it part of baseURL or it is something different. Please check and try to find out what it is? If your baseURL is Hostw3int.hitachigst.com/wiki then it should come as it is. Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki Thanks, Trupti Patil Bhavani-8 wrote: The baseURL we have is: jspwiki.baseURL=http://Servername.com/wiki/ Yet the preferences do not seem to work. I tried analyzing the cookie and this is how it looks before and after updating the preferences: Before: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%7DHostw3int.hitachigst.comPath/wiki After: NameJSPWikiUserPrefsValue%7B%22PrevQuery%22%3A%22%22%2C%22SkinName%22%3Anull%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7DHostw3int.hitachigst.comPath/wiki Thanks, Bhanu :) --- On Fri, 7/10/09, TruptiP <trupti.p27@gmail.com> wrote: From: TruptiP <trupti.p27@gmail.com> Subject: Re: User Preferences not getting saved To: jspwiki-user@incubator.apache.org Date: Friday, July 10, 2009, 12:14 PM Hi, I faced same issue for my JSPWiki instance. Reason for my problem is ===== BaseURL of JSPWiki is -> http://ServerName.com:8080/JSPWiki/ But when we access JSPWiki it is referred as -> http://ServerName.com/JSPWiki I have setup redirects in Apache configuration so that Redirect /index.htm http://ServerName.com/JSPWiki and again http://ServerName.com/JSPWiki -> http://ServerName.com:8080/JSPwiki So even people access http://ServerName.com/JSPWiki it must redirect to JSPWiki base URL So cookies are stored with the domain name ServerName.com However, JSPWiki try to access preferences from cookie with domain name ServerName.com:8080. To overcome this problem , I updated apache configuration. And then user preferences started working for me. Redirect /index.htm http://ServerName.com:8080/JSPWiki Please check with your configurations. I hope this will help you. Regards, Trupti Patil
	Re: User Preferences not getting saved by Bhavani-8 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Thanks for the response. I pasted the Cookie information from the browser and maybe it didnot come out properly formatted. Here is how the information looks: Before: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki After: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki Thanks, Bhanu:)
	Re: User Preferences not getting saved by TruptiP :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I observed my cookies and I am getting fullpath in one line i.e. ServerName.com/Wiki Please check with your tomcat settings and search on google about cookies. Thanks, Trupti Bhavani-8 wrote: Hi, Thanks for the response. I pasted the Cookie information from the browser and maybe it didnot come out properly formatted. Here is how the information looks: Before: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki After: Name JSPWikiUserPrefs Value %7B%22PrevQuery%22%3A%22%22%2C%22autopreview%22%3Afalse%2C%22TimeZone%22%3A%22America%2FDenver%22%2C%22DateFormat%22%3A%22dd-MMM-yyyy%20HH%3Amm%22%2C%22Orientation%22%3A%22fav-left%22%2C%22editor%22%3A%22plain%22%2C%22Language%22%3A%22en%22%2C%22SectionEditing%22%3Afalse%7D Host w3dev.hitachigst.com Path /wiki Thanks, Bhanu:)
	2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Has anyone successfully done this? In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user data, so I have no local userdatabse.xml file to fall back on. The existing LDAPUserDatabase doesn't work with 2.8, of course. If you've done this, how are you handling the userdatabase portion under 2.8? We have a very large ldap database, but a relatively small number of JSPWiki users, so migrating the ldap info into an xml (or even mysql) userdatabase seems a bit like overkill (though this may be the simplest route to take given my relative inability to recode the LDAPUserDatabase stuff). Any thoughts appreciated.
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Janne Jalkanen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Heya! Does this help? http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP /Janne On 14 Jul 2009, at 21:37, jonathan wrote: > Has anyone successfully done this? > > In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user > data, so I have no local userdatabse.xml file to fall back on. The > existing LDAPUserDatabase doesn't work with 2.8, of course. > > If you've done this, how are you handling the userdatabase portion > under 2.8? We have a very large ldap database, but a relatively > small number of JSPWiki users, so migrating the ldap info into an > xml (or even mysql) userdatabase seems a bit like overkill (though > this may be the simplest route to take given my relative inability > to recode the LDAPUserDatabase stuff). > > Any thoughts appreciated.
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message heya too! The wiki page on container auth has been very, very helpful, yes. Upon further investigation, I think my issues are currently more role-related than UserDatabase related. Container has been set up to authenticate to ldap, no roles have been configured, web.xml is default container-managed config. As soon as I log in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I click "Better luck next time", I end up back on the main page, "authenticated" (much like this problem: http://www.mail-archive.com/jspwiki-user@.../msg01892.html - except I'm using Tomcat 5.5.15). If I look at my security log, I get the following entries only after I click the "Better luck..." link on the Forbidden page: 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, target=com.ecyrd.jspwiki.WikiSession@1f55105] 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, target=com.ecyrd.jspwiki.WikiSession@1f55105] It looks like I now should have the "Authenticated" role from the container (though I don't seem to have it (according to the log, anyway) immediately after clicking "login" which is strange). However, I still get "Forbidden" if I try and go to Edit.jsp or similar (the "Authenticated area" in web.xml). After the initial "Forbidden", my wiki acls seem to work properly, but the container-given Role ("Authenticated") doesn't seem to be working, even though the logs appear to indicate that the role has been assigned. Thoughts on where to go from here? as always, many thanks, jonathan. Janne Jalkanen wrote: > > Heya! > > Does this help? > > http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP > > /Janne > > On 14 Jul 2009, at 21:37, jonathan wrote: > >> Has anyone successfully done this? >> >> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >> data, so I have no local userdatabse.xml file to fall back on. The >> existing LDAPUserDatabase doesn't work with 2.8, of course. >> >> If you've done this, how are you handling the userdatabase portion >> under 2.8? We have a very large ldap database, but a relatively small >> number of JSPWiki users, so migrating the ldap info into an xml (or >> even mysql) userdatabase seems a bit like overkill (though this may be >> the simplest route to take given my relative inability to recode the >> LDAPUserDatabase stuff). >> >> Any thoughts appreciated. > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message update/fix: I've added a new role "person", via userRoleName="objectClass" in my server.xml realm configuration (as well as appropriate adds in web.xml). I also had to add a connectionName and connectionPassword since we don't allow anonymous searches of the directory. I now get assigned the "person" role by the container, in addition to "Authenticated": 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, princpal=com.ecyrd.jspwiki.auth.authorize.Role person, target=com.ecyrd.jspwiki.WikiSession@6d06b0] 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, target=com.ecyrd.jspwiki.WikiSession@6d06b0] I no longer get "Forbidden". I'm unsure why this manually configured role works differently than the default "Authenticated", but this is a workable solution. curious point: with jspwiki.cookieAssertions=true in jspwiki.properties, I'm forced to login twice (at which point everything works). With it false, I get properly authenticated the first time. strange. jonathan. jonathan wrote: > heya too! > > The wiki page on container auth has been very, very helpful, yes. Upon > further investigation, I think my issues are currently more role-related > than UserDatabase related. > > Container has been set up to authenticate to ldap, no roles have been > configured, web.xml is default container-managed config. As soon as I > log in, I end up getting a forbidden page (on Login.jsp?redirect=Main). > If I click "Better luck next time", I end up back on the main page, > "authenticated" (much like this problem: > http://www.mail-archive.com/jspwiki-user@.../msg01892.html > - except I'm using Tomcat 5.5.15). > > If I look at my security log, I get the following entries only after I > click the "Better luck..." link on the Forbidden page: > > 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > > > It looks like I now should have the "Authenticated" role from the > container (though I don't seem to have it (according to the log, anyway) > immediately after clicking "login" which is strange). However, I still > get "Forbidden" if I try and go to Edit.jsp or similar (the > "Authenticated area" in web.xml). > > After the initial "Forbidden", my wiki acls seem to work properly, but > the container-given Role ("Authenticated") doesn't seem to be working, > even though the logs appear to indicate that the role has been assigned. > > Thoughts on where to go from here? > > as always, many thanks, > jonathan. > > > Janne Jalkanen wrote: >> >> Heya! >> >> Does this help? >> >> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >> >> /Janne >> >> On 14 Jul 2009, at 21:37, jonathan wrote: >> >>> Has anyone successfully done this? >>> >>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>> data, so I have no local userdatabse.xml file to fall back on. The >>> existing LDAPUserDatabase doesn't work with 2.8, of course. >>> >>> If you've done this, how are you handling the userdatabase portion >>> under 2.8? We have a very large ldap database, but a relatively >>> small number of JSPWiki users, so migrating the ldap info into an xml >>> (or even mysql) userdatabase seems a bit like overkill (though this >>> may be the simplest route to take given my relative inability to >>> recode the LDAPUserDatabase stuff). >>> >>> Any thoughts appreciated. >> >> >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Andrew Jaquith-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jonathan -- Very interesting. I'll look into this. Thanks for investigating. -- Andrew On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: > update/fix: > > I've added a new role "person", via userRoleName="objectClass" in my > server.xml realm configuration (as well as appropriate adds in > web.xml). I also had to add a connectionName and connectionPassword > since we don't allow anonymous searches of the directory. > > I now get assigned the "person" role by the container, in addition > to "Authenticated": > > 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, > princpal=com.ecyrd.jspwiki.auth.authorize.Role person, > target=com.ecyrd.jspwiki.WikiSession@6d06b0] > 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@6d06b0] > > I no longer get "Forbidden". I'm unsure why this manually > configured role works differently than the default "Authenticated", > but this is a workable solution. > > curious point: with jspwiki.cookieAssertions=true in > jspwiki.properties, I'm forced to login twice (at which point > everything works). With it false, I get properly authenticated the > first time. strange. > > jonathan. > > jonathan wrote: >> heya too! >> The wiki page on container auth has been very, very helpful, yes. >> Upon further investigation, I think my issues are currently more >> role-related than UserDatabase related. >> Container has been set up to authenticate to ldap, no roles have >> been configured, web.xml is default container-managed config. As >> soon as I log in, I end up getting a forbidden page (on Login.jsp? >> redirect=Main). If I click "Better luck next time", I end up back >> on the main page, "authenticated" (much like this problem: http://www.mail-archive.com/jspwiki-user@.../msg01892.html >> - except I'm using Tomcat 5.5.15). >> If I look at my security log, I get the following entries only >> after I click the "Better luck..." link on the Forbidden page: >> 2009-07-15 17:11:07,547 INFO - >> WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,547 DEBUG - >> WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> It looks like I now should have the "Authenticated" role from the >> container (though I don't seem to have it (according to the log, >> anyway) immediately after clicking "login" which is strange). >> However, I still get "Forbidden" if I try and go to Edit.jsp or >> similar (the "Authenticated area" in web.xml). >> After the initial "Forbidden", my wiki acls seem to work properly, >> but the container-given Role ("Authenticated") doesn't seem to be >> working, even though the logs appear to indicate that the role has >> been assigned. >> Thoughts on where to go from here? >> as always, many thanks, >> jonathan. >> Janne Jalkanen wrote: >>> >>> Heya! >>> >>> Does this help? >>> >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>> >>> /Janne >>> >>> On 14 Jul 2009, at 21:37, jonathan wrote: >>> >>>> Has anyone successfully done this? >>>> >>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>> user data, so I have no local userdatabse.xml file to fall back >>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of >>>> course. >>>> >>>> If you've done this, how are you handling the userdatabase >>>> portion under 2.8? We have a very large ldap database, but a >>>> relatively small number of JSPWiki users, so migrating the ldap >>>> info into an xml (or even mysql) userdatabase seems a bit like >>>> overkill (though this may be the simplest route to take given my >>>> relative inability to recode the LDAPUserDatabase stuff). >>>> >>>> Any thoughts appreciated. >>> >>>
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Louis Masters :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 2.8.1, we have also been seeing the double login issue - I just thought it had something to do with Firefox, but I'll look into whether we have this property set. >curious point: with jspwiki.cookieAssertions=true in jspwiki.properties, I'm forced to login twice (at which point everything works). With it false, I get properly authenticated the first time. strange. Andrew Jaquith wrote: > Jonathan -- > > Very interesting. I'll look into this. Thanks for investigating. --Andrew > > On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: > >> update/fix: >> >> I've added a new role "person", via userRoleName="objectClass" in my >> server.xml realm configuration (as well as appropriate adds in >> web.xml). I also had to add a connectionName and connectionPassword >> since we don't allow anonymous searches of the directory. >> >> I now get assigned the "person" role by the container, in addition to >> "Authenticated": >> >> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role person, >> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >> >> I no longer get "Forbidden". I'm unsure why this manually configured >> role works differently than the default "Authenticated", but this is >> a workable solution. >> >> curious point: with jspwiki.cookieAssertions=true in >> jspwiki.properties, I'm forced to login twice (at which point >> everything works). With it false, I get properly authenticated the >> first time. strange. >> >> jonathan. >> >> jonathan wrote: >>> heya too! >>> The wiki page on container auth has been very, very helpful, yes. >>> Upon further investigation, I think my issues are currently more >>> role-related than UserDatabase related. >>> Container has been set up to authenticate to ldap, no roles have >>> been configured, web.xml is default container-managed config. As >>> soon as I log in, I end up getting a forbidden page (on >>> Login.jsp?redirect=Main). If I click "Better luck next time", I end >>> up back on the main page, "authenticated" (much like this problem: >>> http://www.mail-archive.com/jspwiki-user@.../msg01892.html - >>> except I'm using Tomcat 5.5.15). >>> If I look at my security log, I get the following entries only >>> after I click the "Better luck..." link on the Forbidden page: >>> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,547 DEBUG - >>> WikiSecurityEvent.LOGIN_AUTHENTICATED >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>> It looks like I now should have the "Authenticated" role from the >>> container (though I don't seem to have it (according to the log, >>> anyway) immediately after clicking "login" which is strange). >>> However, I still get "Forbidden" if I try and go to Edit.jsp or >>> similar (the "Authenticated area" in web.xml). >>> After the initial "Forbidden", my wiki acls seem to work properly, >>> but the container-given Role ("Authenticated") doesn't seem to be >>> working, even though the logs appear to indicate that the role has >>> been assigned. >>> Thoughts on where to go from here? >>> as always, many thanks, >>> jonathan. >>> Janne Jalkanen wrote: >>>> >>>> Heya! >>>> >>>> Does this help? >>>> >>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>> >>>> /Janne >>>> >>>> On 14 Jul 2009, at 21:37, jonathan wrote: >>>> >>>>> Has anyone successfully done this? >>>>> >>>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>>> user data, so I have no local userdatabse.xml file to fall back >>>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of course. >>>>> >>>>> If you've done this, how are you handling the userdatabase portion >>>>> under 2.8? We have a very large ldap database, but a relatively >>>>> small number of JSPWiki users, so migrating the ldap info into an >>>>> xml (or even mysql) userdatabase seems a bit like overkill (though >>>>> this may be the simplest route to take given my relative inability >>>>> to recode the LDAPUserDatabase stuff). >>>>> >>>>> Any thoughts appreciated. >>>> >>>> > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message re: double-login It's not a cookieAssertion issue. I've done more testing, and it's definitely still occurring even with cookieAssertion set to false (drat). Double-login issue also happens in Chrome. I haven't replicated it in IE, but I haven't done a lot of IE testing either. jonathan. Louis Masters wrote: > On 2.8.1, we have also been seeing the double login issue - I just > thought it had something to do with Firefox, but I'll look into whether > we have this property set. > > >curious point: with jspwiki.cookieAssertions=true in > jspwiki.properties, I'm forced to login twice (at which point everything > works). With it false, I get properly authenticated the first time. > strange. > > > Andrew Jaquith wrote: >> Jonathan -- >> >> Very interesting. I'll look into this. Thanks for investigating. --Andrew >> >> On Jul 16, 2009, at 10:10, jonathan <jengbrec@...> wrote: >> >>> update/fix: >>> >>> I've added a new role "person", via userRoleName="objectClass" in my >>> server.xml realm configuration (as well as appropriate adds in >>> web.xml). I also had to add a connectionName and connectionPassword >>> since we don't allow anonymous searches of the directory. >>> >>> I now get assigned the "person" role by the container, in addition to >>> "Authenticated": >>> >>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role person, >>> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >>> 2009-07-16 10:53:01,701 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@ee3aa7, >>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>> target=com.ecyrd.jspwiki.WikiSession@6d06b0] >>> >>> I no longer get "Forbidden". I'm unsure why this manually configured >>> role works differently than the default "Authenticated", but this is >>> a workable solution. >>> >>> curious point: with jspwiki.cookieAssertions=true in >>> jspwiki.properties, I'm forced to login twice (at which point >>> everything works). With it false, I get properly authenticated the >>> first time. strange. >>> >>> jonathan. >>> >>> jonathan wrote: >>>> heya too! >>>> The wiki page on container auth has been very, very helpful, yes. >>>> Upon further investigation, I think my issues are currently more >>>> role-related than UserDatabase related. >>>> Container has been set up to authenticate to ldap, no roles have >>>> been configured, web.xml is default container-managed config. As >>>> soon as I log in, I end up getting a forbidden page (on >>>> Login.jsp?redirect=Main). If I click "Better luck next time", I end >>>> up back on the main page, "authenticated" (much like this problem: >>>> http://www.mail-archive.com/jspwiki-user@.../msg01892.html >>>> - except I'm using Tomcat 5.5.15). >>>> If I look at my security log, I get the following entries only >>>> after I click the "Better luck..." link on the Forbidden page: >>>> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,547 DEBUG - >>>> WikiSecurityEvent.LOGIN_AUTHENTICATED >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >>>> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >>>> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >>>> target=com.ecyrd.jspwiki.WikiSession@1f55105] >>>> It looks like I now should have the "Authenticated" role from the >>>> container (though I don't seem to have it (according to the log, >>>> anyway) immediately after clicking "login" which is strange). >>>> However, I still get "Forbidden" if I try and go to Edit.jsp or >>>> similar (the "Authenticated area" in web.xml). >>>> After the initial "Forbidden", my wiki acls seem to work properly, >>>> but the container-given Role ("Authenticated") doesn't seem to be >>>> working, even though the logs appear to indicate that the role has >>>> been assigned. >>>> Thoughts on where to go from here? >>>> as always, many thanks, >>>> jonathan. >>>> Janne Jalkanen wrote: >>>>> >>>>> Heya! >>>>> >>>>> Does this help? >>>>> >>>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>>>> >>>>> /Janne >>>>> >>>>> On 14 Jul 2009, at 21:37, jonathan wrote: >>>>> >>>>>> Has anyone successfully done this? >>>>>> >>>>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get >>>>>> user data, so I have no local userdatabse.xml file to fall back >>>>>> on. The existing LDAPUserDatabase doesn't work with 2.8, of course. >>>>>> >>>>>> If you've done this, how are you handling the userdatabase portion >>>>>> under 2.8? We have a very large ldap database, but a relatively >>>>>> small number of JSPWiki users, so migrating the ldap info into an >>>>>> xml (or even mysql) userdatabase seems a bit like overkill (though >>>>>> this may be the simplest route to take given my relative inability >>>>>> to recode the LDAPUserDatabase stuff). >>>>>> >>>>>> Any thoughts appreciated. >>>>> >>>>> >> >> > >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by Andrew Jaquith-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jonathan, I did some tests and determined that the cause of the problem is probably on your end. Here's the deal: - Container-managed authentication and authorization works by protecting a set of resources with auth-constraints - Each auth-constraint lists one or more roles that are allowed to access those resources. Now here's the important point: these are CONTAINER roles, not JSPWiki roles. - The default auth-constraint that protects Login.jsp (and thus triggers authentication) is protected by a sample container role called Authenticated. This is NOT the same as the JSPWiki role called Authenticated. - Thus, if your container is not configured to return any roles, the container will NOT let you access Login.jsp and returns a 403 (Forbidden), which directs you to Forbidden.html. This is exactly how the container is supposed to behave when a user is "unauthorized", which you are if you don't possess any container roles. - However, even though you did not receive the proper container role to access Login.jsp, your session is STILL authenticated, and as such your HttpServletRequest possesses a UserPrincipal. JSPWiki sniffs this principal during the next request and says, "Aha! The user is container-authenticated" and prints out the G'day (authenticated) message. Got it? Essentially, the container authenticates you, and JSPWiki figures that out. In between those two events, the fact that the user doesn't possess any container roles is what produces the 403. The fix is simple. Just make sure that the role named in the auth-constraint is the same as one returned by your container. In our default web.xml, we assume that this role is called "Authenticated." If your default container role is different (for example, "person"), make sure the one in web.xml matches that role name. I don't know what the root cause of your cookie authentication issue is. I could not reproduce it. Andrew On Wed, Jul 15, 2009 at 5:30 PM, jonathan<jengbrec@...> wrote: > heya too! > > The wiki page on container auth has been very, very helpful, yes. Upon > further investigation, I think my issues are currently more role-related > than UserDatabase related. > > Container has been set up to authenticate to ldap, no roles have been > configured, web.xml is default container-managed config. As soon as I log > in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I > click "Better luck next time", I end up back on the main page, > "authenticated" (much like this problem: > http://www.mail-archive.com/jspwiki-user@.../msg01892.html > - except I'm using Tomcat 5.5.15). > > If I look at my security log, I get the following entries only after I > click the "Better luck..." link on the Forbidden page: > > 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, > princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, > target=com.ecyrd.jspwiki.WikiSession@1f55105] > > > It looks like I now should have the "Authenticated" role from the container > (though I don't seem to have it (according to the log, anyway) immediately > after clicking "login" which is strange). However, I still get "Forbidden" > if I try and go to Edit.jsp or similar (the "Authenticated area" in > web.xml). > > After the initial "Forbidden", my wiki acls seem to work properly, but the > container-given Role ("Authenticated") doesn't seem to be working, even > though the logs appear to indicate that the role has been assigned. > > Thoughts on where to go from here? > > as always, many thanks, > jonathan. > > > Janne Jalkanen wrote: >> >> Heya! >> >> Does this help? >> >> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >> >> /Janne >> >> On 14 Jul 2009, at 21:37, jonathan wrote: >> >>> Has anyone successfully done this? >>> >>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>> data, so I have no local userdatabse.xml file to fall back on. The existing >>> LDAPUserDatabase doesn't work with 2.8, of course. >>> >>> If you've done this, how are you handling the userdatabase portion under >>> 2.8? We have a very large ldap database, but a relatively small number of >>> JSPWiki users, so migrating the ldap info into an xml (or even mysql) >>> userdatabase seems a bit like overkill (though this may be the simplest >>> route to take given my relative inability to recode the LDAPUserDatabase >>> stuff). >>> >>> Any thoughts appreciated. >> >> >
	Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration by jengbrec :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message thanks a lot Andrew, I figured it was something like this - the security logs are a bit confusing on this point. The cookie assertion issue isn't a cookie assertion issue (contrary to my initial report). There's something about Firefox/Chrome that often requires you to log-in twice. I haven't done any further investigation into this, but the problem doesn't seem to manifest (so far) in IE. thanks again for all your help, Jonathan. Andrew Jaquith wrote: > Jonathan, > > I did some tests and determined that the cause of the problem is > probably on your end. Here's the deal: > > - Container-managed authentication and authorization works by > protecting a set of resources with auth-constraints > > - Each auth-constraint lists one or more roles that are allowed to > access those resources. Now here's the important point: these are > CONTAINER roles, not JSPWiki roles. > > - The default auth-constraint that protects Login.jsp (and thus > triggers authentication) is protected by a sample container role > called Authenticated. This is NOT the same as the JSPWiki role called > Authenticated. > > - Thus, if your container is not configured to return any roles, the > container will NOT let you access Login.jsp and returns a 403 > (Forbidden), which directs you to Forbidden.html. This is exactly how > the container is supposed to behave when a user is "unauthorized", > which you are if you don't possess any container roles. > > - However, even though you did not receive the proper container role > to access Login.jsp, your session is STILL authenticated, and as such > your HttpServletRequest possesses a UserPrincipal. JSPWiki sniffs this > principal during the next request and says, "Aha! The user is > container-authenticated" and prints out the G'day (authenticated) > message. > > Got it? Essentially, the container authenticates you, and JSPWiki > figures that out. In between those two events, the fact that the user > doesn't possess any container roles is what produces the 403. > > The fix is simple. Just make sure that the role named in the > auth-constraint is the same as one returned by your container. In our > default web.xml, we assume that this role is called "Authenticated." > If your default container role is different (for example, "person"), > make sure the one in web.xml matches that role name. > > I don't know what the root cause of your cookie authentication issue > is. I could not reproduce it. > > Andrew > > On Wed, Jul 15, 2009 at 5:30 PM, jonathan<jengbrec@...> wrote: >> heya too! >> >> The wiki page on container auth has been very, very helpful, yes. Upon >> further investigation, I think my issues are currently more role-related >> than UserDatabase related. >> >> Container has been set up to authenticate to ldap, no roles have been >> configured, web.xml is default container-managed config. As soon as I log >> in, I end up getting a forbidden page (on Login.jsp?redirect=Main). If I >> click "Better luck next time", I end up back on the main page, >> "authenticated" (much like this problem: >> http://www.mail-archive.com/jspwiki-user@.../msg01892.html >> - except I'm using Tomcat 5.5.15). >> >> If I look at my security log, I get the following entries only after I >> click the "Better luck..." link on the Forbidden page: >> >> 2009-07-15 17:11:07,547 INFO - WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,547 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=org.apache.catalina.realm.GenericPrincipal jengbrec, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> 2009-07-15 17:11:07,548 DEBUG - WikiSecurityEvent.PRINCIPAL_ADD >> [source=com.ecyrd.jspwiki.auth.AuthenticationManager@e4245, >> princpal=com.ecyrd.jspwiki.auth.authorize.Role Authenticated, >> target=com.ecyrd.jspwiki.WikiSession@1f55105] >> >> >> It looks like I now should have the "Authenticated" role from the container >> (though I don't seem to have it (according to the log, anyway) immediately >> after clicking "login" which is strange). However, I still get "Forbidden" >> if I try and go to Edit.jsp or similar (the "Authenticated area" in >> web.xml). >> >> After the initial "Forbidden", my wiki acls seem to work properly, but the >> container-given Role ("Authenticated") doesn't seem to be working, even >> though the logs appear to indicate that the role has been assigned. >> >> Thoughts on where to go from here? >> >> as always, many thanks, >> jonathan. >> >> >> Janne Jalkanen wrote: >>> Heya! >>> >>> Does this help? >>> >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP >>> >>> /Janne >>> >>> On 14 Jul 2009, at 21:37, jonathan wrote: >>> >>>> Has anyone successfully done this? >>>> >>>> In 2.4 I'm using Kaukolu LDAPUserDatabase implementation to get user >>>> data, so I have no local userdatabse.xml file to fall back on. The existing >>>> LDAPUserDatabase doesn't work with 2.8, of course. >>>> >>>> If you've done this, how are you handling the userdatabase portion under >>>> 2.8? We have a very large ldap database, but a relatively small number of >>>> JSPWiki users, so migrating the ldap info into an xml (or even mysql) >>>> userdatabase seems a bit like overkill (though this may be the simplest >>>> route to take given my relative inability to recode the LDAPUserDatabase >>>> stuff). >>>> >>>> Any thoughts appreciated. >>> >

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Table Plug In

RE: Table Plug In

RE: Table Plug In

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Re: User Preferences not getting saved

Re: User Preferences not getting saved

2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration

Re: 2.4 with kaukolu ldap auth/userdatabase to 2.8 migration