xwiki-devs June 2012

xwiki-devs@xwiki.org

35 participants
107 discussions

by David Milaveau

Hy, I wish to contribute to xwiki. I forked xwiki-platform and when I execute the clone command I get the following error: error: unable to create file xwiki-platform-core/xwiki-platform-application-mana ger/xwiki-platform-application-manager-api/src/main/java/com/xpn/xwiki/plugin/ap plicationmanager/core/doc/objects/classes/XObjectDocumentDoesNotExistException.j ava (No such file or directory) fatal: cannot create directory at 'xwiki-platform-core/xwiki-platform-classloade r/xwiki-platform-classloader-protocols/xwiki-platform-classloader-protocol-attac hmentjar/src/main/java/org/xwiki/classloader/internal/protocol/attachmentjar': N o such file or directory Can you help me or tell me how to get xwiki-platform on my computer for work. Best regards.

13 years, 3 months

Re: [xwiki-devs] [GSoC] Responsive Skin

by Jonathan Solichin

Hello friends and Jerome, Thanks for the response. > Can you describe us the issue you are trying to address regarding this > sidebar and the associated javascript ? > It looks like unnecessary complexity for me. Aren't media queries just > enough to have the sidebar resize/move when the viewport size changes ? > I'd like we keep things simple as much as possible, so tell me if I'm > missing something. So the reason i am using javascript, is because although media queries handle viewport changes, its adaptation is does not completely work in some scenarios. Eg. the sidebar scrolling area (for when there's a lot of things on that topic), would require a fix height to get the overflow to work (or else it will stretch along and will no longer be a "fixed sidebar"). However, if we have a fixed height, during viewport size change it would cause an issue (of it no longer being a fixed sidebar since it's longer than the viewport). i think there is a couple other issue that prevented me from using straight up html/css, but I can't think of it at the moment. Let me know if you have a better suggestion! Additionally, I want the sidebar to be resizable at least a desktop/tablet level where there is a good amount of width so that if you're more concern on reading the additional info, you can get more space for it. The great thing (or the idea behind) the sidebar was to allow supplemental info to be viewed along with the content (think Microsoft SmartGlass if you've learned about that aha). But the issue is that the size of a sidebar is not always optimal for reading long contents, so i want it to be resizable to accommodate. So this resizing thing will also be done via jQuery. In any regards, I have been to resolve most of the issue and it seems to work well atm (let me know any bugs that i missed). Again you can check out the working demo that i'm working on at: http://jssolichin.com/xwiki . Unfortunately the code behind is a bit ugly right now, and need to be cleaned up. My next step is to finish up the navigation (the mouse over event revealing different sections and the icons indicating content on each section) and making it look like the mock up. Most of use are using either OSX or Linux. Are you following > http://dev.xwiki.org/xwiki/bin/view/Community/Building ? I am. Which distro? and oracle or openjdk for java? What module are you trying to build exactly ? Most of the times you don't > need to build everything, but just the module(s) you are working on (and > possibly the final distribution, like XE). I'm trying to build your Lyrebird (from its source) to learn about creating VMs. I think I am able to build it now actually. I am going into the lyrebird directory and running "mvn clean install -Phsqldb,jetty" to build it. But I am still not sure what to do next? Can you point me in the right direction? Thank you again! Jonathan Solichin

13 years, 3 months

[xwiki-devs] [VOTE] merge branch feature-filterable-activity-stream into master

by Eduard Moraru

Hi devs, Lately, I`ve been working on being able to filter the events that are displayed by the Activity Stream macro. I`ve implemented both the JavaScript and the no-JavaScript version and I`d like your vote on whether we want to merge it into master or not. Please have a look over the pull request [1][2] and let me know if you spot any bad decisions or bad code :) Here's my +1 Thanks, Eduard ---------- [1] https://github.com/xwiki/xwiki-enterprise/pull/27 [2] https://github.com/xwiki/xwiki-platform/pull/55

13 years, 3 months

[xwiki-devs] [ANN] XWiki Enterprise and XWiki Enterprise Manager 4.1 released

by Caleb James DeLisle

The XWiki Development team is pleased to announce the 4.1.1 bug fix release. Download it here: http://www.xwiki.org/xwiki/bin/view/Main/Download And review the release notes here: http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterpris… This release fixes the following issues: * XWIKI-7943 Impossible to save very large pages in jetty * XWIKI-7940 Conflict reported when same existing document is already in the database and there is no previous official version of the XAR extension * XWIKI-7939 Merge conflict resolution UI fails when there is no previous version * XWIKI-7938 Conflict reported when an extension document have attachment when installing a xar * XE-1190 Add suggest in Debian packages * XE-1189 Debian package fail to upgrade * XCOMMONS-201 class java.lang.StackOverflowError in LogQueue.error under some conditions Thanks to the developers for getting these issues fixed promptly and thanks to the users for your helpful bug reports and your patience. Caleb

13 years, 3 months

[xwiki-devs] Resolve/Serialize entity references on the client side (JavaScript code)

by Marius Dumitru Florea

Hi devs, While fixing http://jira.xwiki.org/browse/XWIKI-7889 I introduced an API to resolve and serialize entity references on the client side (JavaScript code). See https://github.com/xwiki/xwiki-platform/commit/cfa8ec3315a32fed875949ff21a5…. XWiki Explorer tree has an input displayed at the bottom where you can type a _pseudo_ entity reference which is parsed and the specified entity is selected in the tree. The basic problem (very simplified) was that this reference was parsed on the client side and the parsing code did not handle special characters in entity name (no escaping). Of course, I had to options: * add a service (REST?) to resolve/serialize the reference on the server or * (as I did) port part of the code from xwiki-platform-model (with unit tests!) to JavaScript to be able to resolve/serialize entity references on the client side. There are pros and cons for each option but for me the main reason was that it is painful to modify xwikiexplorer.js to make AJAX requests each time you type into that input box (the tree node is selected as you type). An almost complete rewrite was needed and since we're looking to replace that tree I thought the second option was better. Would be great if you can review my commit. I'm interested in the API naming and places where I put the JS code. Also, I'm not sure where to document the new API (that is if no one is against it). Thanks, Marius

13 years, 3 months

Re: [xwiki-devs] Access password of current user

by David Delbecq

Hello all, if someone has access to restricted xwiki area (escalation or any other way), this someone could just create a javascript wiki page using skinextension, that will grab password from login form and send it anywhere in the wiki for later retrieval. So i don't feel like i create any security hole there. If a user has access to the server, he could just feed it with it's own XwikiAuthService or LDAP server that record password before forwarding to real ldap server. Our company has no kerberos, ntlm, etc server running, so i can't easily use such solution. Removing password for authentication on background service is no option either, as wiki will be a portal to those services, but some operation still need user to navigate to those services. For example, a webdav service: listing in xwiki page of a folder content should be done using xwiki current user's priviledges (xwiki is the http client), but when user want to retrieve a specific file or want to mount the webdav service on his workstation, he access the webdav service directly. Using "unsecure" password is no option either, all users in the company are supposed to use same password for all services (ldap central authentication). Keep in mind, the only things i have write access to is a few jboss servers, their configuration, and the webapp running on them. All applications (except unfortunately xwiki) use container based authentication. If someone has doc on how to forward credentials from one webapp to another over http(s), i'll be glad to prefer it, but the only documentions on jboss/sso i have found so far assume all request come from browser! Kerberos or similar service, while a good solution as supported by jboss (but "experimental" in xwiki), afaik, requires to add additionnal schemas to ldap so tickets can be stored. And i know from experience that if i request such service installed and configured on our central server, i am not sure to get them before next year. I understand your concerns, i do not like the idea of storing password in memory. But i see no viable solution for now to have our xwiki be a portal to various services on behalf of it's current user. Thank you David Delbecq ----- Mail original ----- De: "Jerome Velociter" <jerome(a)winesquare.net> À: "XWiki Developers" <devs(a)xwiki.org> Envoyé: Mardi 19 Juin 2012 15:16:54 Objet: Re: [xwiki-devs] Access password of current user On Tue, Jun 19, 2012 at 2:58 PM, David Delbecq <david.delbecq(a)meteo.be>wrote: > Hello, > > > unfortunately, we don't have any explicit sso service currently running. > In the past, we simply asked the container (tomcat) to manage > authentication of users for all our webapplication and we followed tomcat > directions on how to share principal for all applications ( > http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Single_Sign_On_Va…). > This works well when all application use container authentication and the > only client is the user's web browser. Unfortunately, things will change as > we will base our intranet on xwiki instead of having separate spread > applications the user needs to connect to. This mean the web server (now > jboss) will be the http client of all other services, and thus realm based > sso won't work. For some of those service we use generic technical account, > so no problem, we just store the password. But for some other, we must > transmit the user / password of current xwiki user so xwiki is seen by this > service as this user. > > And none of those behind the scene applications were ever configured to > use kerberos or anything alike. Moreover, i would like to avoid the > nightmare of maintaining such a service when simply forwaring user / pass > to next service would solve my problems :) > Storing plain-text user password is never a good idea, be it on the database, filesystem or in memory. If you store passwords in the session, some XWiki applications could read them, someone in your organization with programming access level can access them, a hacker that escalate to have access to the machine or to programming rights in the application can read them, etc. Jerome > > Regards, > David Delbecq > > ----- Mail original ----- > > De: "Guillaume Lerouge" <guillaume(a)xwiki.com> > À: "XWiki Developers" <devs(a)xwiki.org> > Envoyé: Mardi 19 Juin 2012 14:40:16 > Objet: Re: [xwiki-devs] Access password of current user > > Hi David, > > which SSO service dou you use internally? XWiki authenticators already > exist for CAS, Kerberos and NTLM, maybe you could draw inspiration from > them. > > Guillaume > > On Tue, Jun 19, 2012 at 1:54 PM, David Delbecq <david.delbecq(a)meteo.be > >wrote: > > > > > Hello, > > > > I was hoping that somehow, when submitted via the form, password gets > > recorded until the end of the session. We can't afford, for the sake of > > user experience, to ask password every time user need to access a hidden > > system he is not even supposed to know is separate from the wiki. That's > > why we are writing some macro / components so that it's xwiki that access > > those system for him. This include various webservices, a documents > storage > > and so on. We try to keep a single sign on policy. Of course, i don't > want > > user password stored anywhere on disks, but keeping it in user session > > seems a good trade-of for me. > > > > I plan thus to create my onw xwikiauthservice that delegates to ldap > > service and store this in user session. > > > > > > ----- Mail original ----- > > > > De: "Jerome Velociter" <jerome(a)winesquare.net> > > À: "XWiki Developers" <devs(a)xwiki.org> > > Envoyé: Mardi 19 Juin 2012 11:53:42 > > Objet: Re: [xwiki-devs] Access password of current user > > > > Hi, > > > > Fortunately, you can't. You can only access/verify a hashed version of > > the password. > > > > Note that asking for a password again is not necessarily a bad UX, > > especially if it is to allow access to a sensitive area/operation. > > > > Cheers, > > Jerome. > > > > On Tue, Jun 19, 2012 at 11:39 AM, David Delbecq <david.delbecq(a)meteo.be> > > wrote: > > > > > > Hello, > > > > > > i am writing a component that need a password. Because this password > > will be the same for current user as the one he used to log-in, it would > > make for crappy interface ot ask it again to user. So i need to know how > my > > component or a groovy script can access the username / password of > current > > logged-in user. > > > > > > Thank you. > > > > > > > > > David Delbecq > > > > > > _______________________________________________ > > > devs mailing list > > > devs(a)xwiki.org > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > > > > -- > > Jérôme Velociter > > Winesquare > > http://www.winesquare.net/ > > _______________________________________________ > > devs mailing list > > devs(a)xwiki.org > > http://lists.xwiki.org/mailman/listinfo/devs > > > > _______________________________________________ > > devs mailing list > > devs(a)xwiki.org > > http://lists.xwiki.org/mailman/listinfo/devs > > > _______________________________________________ > devs mailing list > devs(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ > devs mailing list > devs(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/devs > -- Jérôme Velociter Winesquare http://www.winesquare.net/ _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs

13 years, 3 months

[xwiki-devs] How can I call a component method in javascript ?

by liujinlong5788

Hello ,how can I call a component method in javascript ?

13 years, 3 months

Re: [xwiki-devs] Access password of current user

by David Delbecq

Indeed, i forgot that in http/basic auth, user/pass are provided by browser on each and every request made to server. This solves my problem on finding the user / pass and i don't have to keep it in memory. Since i can use container based security + jboss basic auth, i suppose this solves my issue without requiring complex trust services. Will give it some tries. Thank you. ----- Mail original ----- De: "Jerome Velociter" <jerome(a)winesquare.net> À: "XWiki Developers" <devs(a)xwiki.org> Envoyé: Mercredi 20 Juin 2012 10:33:58 Objet: Re: [xwiki-devs] Access password of current user On Wed, Jun 20, 2012 at 9:54 AM, David Delbecq <david.delbecq(a)meteo.be>wrote: > > Hello all, > > if someone has access to restricted xwiki area (escalation or any other > way), this someone could just create a javascript wiki page using > skinextension, that will grab password from login form and send it anywhere > in the wiki for later retrieval. So i don't feel like i create any security > hole there. > If a user has access to the server, he could just feed it with it's own > XwikiAuthService or LDAP server that record password before forwarding to > real ldap server. > For me none of this arguments legitimize storing passwords in clear. > > Our company has no kerberos, ntlm, etc server running, so i can't easily > use such solution. Removing password for authentication on background > service is no option either, as wiki will be a portal to those services, > but some operation still need user to navigate to those services. For > example, a webdav service: listing in xwiki page of a folder content should > be done using xwiki current user's priviledges (xwiki is the http client), > but when user want to retrieve a specific file or want to mount the webdav > service on his workstation, he access the webdav service directly. > > Using "unsecure" password is no option either, all users in the company > are supposed to use same password for all services (ldap central > authentication). > > > > Keep in mind, the only things i have write access to is a few jboss > servers, their configuration, and the webapp running on them. All > applications (except unfortunately xwiki) use container based > authentication. I already replied to say XWiki supports container based authentication throught the AppServerTrusted authenticator. What's missing ? If someone has doc on how to forward credentials from one webapp to another > over http(s), i'll be glad to prefer it If you use container based authentication, I imagine you should be able to copy over the authorization header from the originating request to the one you create in your HTTP client (since I understand you are making HTTP calls to the tiers apps). Jerome > , but the only documentions on jboss/sso i have found so far assume all > request come from browser! Kerberos or similar service, while a good > solution as supported by jboss (but "experimental" in xwiki), afaik, > requires to add additionnal schemas to ldap so tickets can be stored. And i > know from experience that if i request such service installed and > configured on our central server, i am not sure to get them before next > year. > > > I understand your concerns, i do not like the idea of storing password in > memory. But i see no viable solution for now to have our xwiki be a portal > to various services on behalf of it's current user. > > Thank you > David Delbecq > ----- Mail original ----- > > De: "Jerome Velociter" <jerome(a)winesquare.net> > À: "XWiki Developers" <devs(a)xwiki.org> > Envoyé: Mardi 19 Juin 2012 15:16:54 > Objet: Re: [xwiki-devs] Access password of current user > > On Tue, Jun 19, 2012 at 2:58 PM, David Delbecq <david.delbecq(a)meteo.be > >wrote: > > > Hello, > > > > > > unfortunately, we don't have any explicit sso service currently running. > > In the past, we simply asked the container (tomcat) to manage > > authentication of users for all our webapplication and we followed tomcat > > directions on how to share principal for all applications ( > > > http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Single_Sign_On_Va… > ). > > This works well when all application use container authentication and the > > only client is the user's web browser. Unfortunately, things will change > as > > we will base our intranet on xwiki instead of having separate spread > > applications the user needs to connect to. This mean the web server (now > > jboss) will be the http client of all other services, and thus realm > based > > sso won't work. For some of those service we use generic technical > account, > > so no problem, we just store the password. But for some other, we must > > transmit the user / password of current xwiki user so xwiki is seen by > this > > service as this user. > > > > And none of those behind the scene applications were ever configured to > > use kerberos or anything alike. Moreover, i would like to avoid the > > nightmare of maintaining such a service when simply forwaring user / pass > > to next service would solve my problems :) > > > > Storing plain-text user password is never a good idea, be it on the > database, filesystem or in memory. > > If you store passwords in the session, some XWiki applications could read > them, someone in your organization with programming access level can access > them, a hacker that escalate to have access to the machine or to > programming rights in the application can read them, etc. > > Jerome > > > > > > > Regards, > > David Delbecq > > > > ----- Mail original ----- > > > > De: "Guillaume Lerouge" <guillaume(a)xwiki.com> > > À: "XWiki Developers" <devs(a)xwiki.org> > > Envoyé: Mardi 19 Juin 2012 14:40:16 > > Objet: Re: [xwiki-devs] Access password of current user > > > > Hi David, > > > > which SSO service dou you use internally? XWiki authenticators already > > exist for CAS, Kerberos and NTLM, maybe you could draw inspiration from > > them. > > > > Guillaume > > > > On Tue, Jun 19, 2012 at 1:54 PM, David Delbecq <david.delbecq(a)meteo.be > > >wrote: > > > > > > > > Hello, > > > > > > I was hoping that somehow, when submitted via the form, password gets > > > recorded until the end of the session. We can't afford, for the sake of > > > user experience, to ask password every time user need to access a > hidden > > > system he is not even supposed to know is separate from the wiki. > That's > > > why we are writing some macro / components so that it's xwiki that > access > > > those system for him. This include various webservices, a documents > > storage > > > and so on. We try to keep a single sign on policy. Of course, i don't > > want > > > user password stored anywhere on disks, but keeping it in user session > > > seems a good trade-of for me. > > > > > > I plan thus to create my onw xwikiauthservice that delegates to ldap > > > service and store this in user session. > > > > > > > > > ----- Mail original ----- > > > > > > De: "Jerome Velociter" <jerome(a)winesquare.net> > > > À: "XWiki Developers" <devs(a)xwiki.org> > > > Envoyé: Mardi 19 Juin 2012 11:53:42 > > > Objet: Re: [xwiki-devs] Access password of current user > > > > > > Hi, > > > > > > Fortunately, you can't. You can only access/verify a hashed version of > > > the password. > > > > > > Note that asking for a password again is not necessarily a bad UX, > > > especially if it is to allow access to a sensitive area/operation. > > > > > > Cheers, > > > Jerome. > > > > > > On Tue, Jun 19, 2012 at 11:39 AM, David Delbecq < > david.delbecq(a)meteo.be> > > > wrote: > > > > > > > > Hello, > > > > > > > > i am writing a component that need a password. Because this password > > > will be the same for current user as the one he used to log-in, it > would > > > make for crappy interface ot ask it again to user. So i need to know > how > > my > > > component or a groovy script can access the username / password of > > current > > > logged-in user. > > > > > > > > Thank you. > > > > > > > > > > > > David Delbecq > > > > > > > > _______________________________________________ > > > > devs mailing list > > > > devs(a)xwiki.org > > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > > > > > > > > -- > > > Jérôme Velociter > > > Winesquare > > > http://www.winesquare.net/ > > > _______________________________________________ > > > devs mailing list > > > devs(a)xwiki.org > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > > _______________________________________________ > > > devs mailing list > > > devs(a)xwiki.org > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > _______________________________________________ > > devs mailing list > > devs(a)xwiki.org > > http://lists.xwiki.org/mailman/listinfo/devs > > _______________________________________________ > > devs mailing list > > devs(a)xwiki.org > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > > -- > Jérôme Velociter > Winesquare > http://www.winesquare.net/ > _______________________________________________ > devs mailing list > devs(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/devs > > _______________________________________________ > devs mailing list > devs(a)xwiki.org > http://lists.xwiki.org/mailman/listinfo/devs > -- Jérôme Velociter Winesquare http://www.winesquare.net/ _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs

13 years, 3 months

[xwiki-devs] [ANN] XWiki Enterprise and XWiki Enterprise Manager 4.0.1 released

by Thomas Mortagne

The XWiki development team is pleased to announce the release of XWiki Enterprise and XWiki Enterprise Manager 4.0.1. Go grab it at http://www.xwiki.org/xwiki/bin/view/Main/Download This is a bugfix release for the 4.0 cycle. For more information see the Release notes at: http://www.xwiki.org/xwiki/bin/view/Main/ReleaseNotesXWikiEnterprise401 Thanks -The XWiki dev team

13 years, 3 months

[xwiki-devs] 转发: Chinese garbled problem in office-import

by idealhang

2012-06-20 idealhang 发件人：idealhang 发送时间：2012-06-19 17:55 主题：Chinese garbled problem in office-import 收件人："devs"<devs(a)xwiki.org> 抄送： HI I am using the latest xwiki and I need to use its office-import feature. Hower,I upload some chinese word and excel documents,the problem of chinese garbled comes out. The chinese titles are OK. but the chinese content is garbled . I install the xwiki-enterprise-installer-windows-4.1-rc-1.exe on the cn_windows_server_2008_r2_sp1_vl_build_x64_dvd_617396,and my openoffice is Apache_OpenOffice_incubating_3.4.0_Win_x86_install_zh-CN.exe. What should I do to solve the problem，I need your help. Thank you very much. 2012-06-19 idealhang

13 years, 3 months

← Newer
1
2
3
4
5
6
7
8
...
11
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

xwiki-devs June 2012