Wyllys--
I'd forgotten about that particular post. Glad you got benefit from
it. I should probably add it to the official docs. :)
Are you using a custom Authorizer by any chance? I fixed a recent bug
in 2.8.1 that prevented custom roles from being added. Sounds a little
like your issue, actually. Could you try the 2.8.2 nightly build and
see if it helps?
If not, we can explore the container authentication config options.
Andrew
On Mar 26, 2009, at 12:29, Wyllys Ingersoll <[email protected]>
wrote:
Andrew Jaquith wrote:
Wyllys:
I think you have been misinformed. JSPWiki does indeed assign any
user that has been authenticated to a built-in role, called
"Authenticated".
That's what I thought, but despite the settings in my policy file and
in web.xml, JSPWiki is not letting my "Authenticated" role do anything
(edit, attach, delete, etc).
While I haven't verified your issue yet, the problem is likely in
the JSPWiki scriptlet code, and has nothing to do with your LDAP
integration. Could you try reproducing the issue with a MemoryRealm
or another type of container site authenticator? That would narrow
the scope if the problem to the code that handles the redirects.
What do I need to change in my config to do that?
I'll try reproducing your issue in the meantime.
Andrew
Thanks - I just read over your excellent description of roles and
groups
here:
http://www.mail-archive.com/[email protected]/msg01191.html
which makes the distinction very clear.
My problem seems to be related to the groups and/or roles that the
users are assigned
to once they log in.
I am using container authentication through the Sun Webserver 7
product and
authenticating to my corporate LDAP server, which does not have any
"Group"
entries. None of the CN's associated with my own entry have a
"Group" identifier.
I know there is a critical bit of configuration that I am missing to
get JSPWiki
to be able to interpret my group or role once the authentication
completes,
but I'm just not well versed enough with LDAP or JAAS to know how to
fix it.
The examples and emails that I have seen online all reference
configuring it
through Tomcat, but those examples don't really apply in my
situation because
the config for Webserver7 is a bit different. There is a server.xml
that I can tinker with if necessary though.
I'm open to suggestions :)
-Wyllys
