Overview#
We needed to setup our wiki to use LDAP as the Authentication source.The examples below were done on JSPWiki v2.8.4 using Tomcat 6.x.
Server.xml#
First you must get container security to work by editing the /srv/tomcat/conf/server.xml file. We used this within the "Engine" element:<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.1.4:389" userBase="ou=people,dc=willeke,dc=com" userSearch="(cn={0})" userSubtree="true" userRoleName="dictcrole" connectionName="cn=proxy,ou=admin,dc=willeke,dc=com" connectionPassword="verysecreatpasswordvalue" />
WEB.XML Values#
Our desire was to force a login for anyone whom wanted to create or edit a page.Add to the /.../webapps/yourapplication/WEB-INF/web.xml file of your application, the security-constraint directive.
<!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH --> <security-constraint> <web-resource-collection> <web-resource-name>Administrative Area</web-resource-name> <url-pattern>/Delete.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> <!-- <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> --> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated area</web-resource-name> <url-pattern>/Edit.jsp</url-pattern> <url-pattern>/Comment.jsp</url-pattern> <url-pattern>/Login.jsp</url-pattern> <url-pattern>/NewGroup.jsp</url-pattern> <url-pattern>/Rename.jsp</url-pattern> <url-pattern>/Upload.jsp</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>Read-only Area</web-resource-name> <url-pattern>/attach</url-pattern> <http-method>DELETE</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> <role-name>Authenticated</role-name> </auth-constraint> <!-- <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> --> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/LoginForm.jsp</form-login-page> <form-error-page>/LoginForm.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description> This logical role includes all authenticated users </description> <role-name>Authenticated</role-name> </security-role> <security-role> <description> This logical role includes all administrative users </description> <role-name>Admin</role-name> </security-role>