Overview#

We needed to setup our wiki to use LDAP as the Authentication source.

The examples below were done on JSPWiki v2.8.4 using Tomcat 6.x.

Server.xml#

First you must get container security to work by editing the /srv/tomcat/conf/server.xml file. We used this within the "Engine" element:
   <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
     connectionURL="ldap://192.168.1.4:389"
        userBase="ou=people,dc=willeke,dc=com"
        userSearch="(cn={0})"
        userSubtree="true"
        userRoleName="dictcrole"
        connectionName="cn=proxy,ou=admin,dc=willeke,dc=com"
        connectionPassword="verysecreatpasswordvalue"
    />

WEB.XML Values#

Our desire was to force a login for anyone whom wanted to create or edit a page.

Add to the /.../webapps/yourapplication/WEB-INF/web.xml file of your application, the security-constraint directive.

   <!--  REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->
   
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Administrative Area</web-resource-name>
           <url-pattern>/Delete.jsp</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>Admin</role-name>
       </auth-constraint>
<!--   <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
       </user-data-constraint>
-->       
   </security-constraint>
      
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Authenticated area</web-resource-name>
           <url-pattern>/Edit.jsp</url-pattern>
           <url-pattern>/Comment.jsp</url-pattern>
           <url-pattern>/Login.jsp</url-pattern>
           <url-pattern>/NewGroup.jsp</url-pattern>
           <url-pattern>/Rename.jsp</url-pattern>
           <url-pattern>/Upload.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>HEAD</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <web-resource-collection>
           <web-resource-name>Read-only Area</web-resource-name>
           <url-pattern>/attach</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <auth-constraint>
           <role-name>Admin</role-name>
           <role-name>Authenticated</role-name>
       </auth-constraint>

<!--   <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
       </user-data-constraint>
-->       
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
           <form-login-page>/LoginForm.jsp</form-login-page>
           <form-error-page>/LoginForm.jsp</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>
           This logical role includes all authenticated users
       </description>
       <role-name>Authenticated</role-name>
   </security-role>

   <security-role>
       <description>
           This logical role includes all administrative users
       </description>
       <role-name>Admin</role-name>
   </security-role>

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 08-Feb-2013 21:34 by jim