xwiki-devs

xwiki-devs@xwiki.org

9400 discussions

[xwiki-devs] Using Apache Basic Authentication API/credentials and mod_auth_mda for Xwiki single-sign-on?? (was Re: urgent regarding Xwiki building)

by Niels Mayer

It would be nice if there was a way of using Apache Basic Authentication API, alongside w/ mod_ssl <http://www.modssl.org/>, as a concrete way of implementing "single sign on" across multiple applications fronted by Apache HTTPD. This would allow Xwiki to coexist better alongside other existing web-apps or existing websites; in the future, such flexibility would ease transition into more extensive use of Xwiki infrastructure, while coexisting with existing implementations based on the predominant webserver. This architecture further allows a simple partitioning of "static" and "dynamic/java" content across servers and services, as well as the ability to share logins across multiple web-apps (not all necessarily java) integrated under one portal or website. The static/dynamic partitioning is especially worthwhile for large content, say digital media, or software distributions, where lots of long-running downloads translates to lots of java memory churn and resulting bad performance... An example of interoperability between apache-basic auth and Java: Crowd<http://confluence.atlassian.com/display/CROWD/Crowd+Documentation>has an apache basic authentication module: http://confluence.atlassian.com/display/CROWDEXT/Apache+Basic+Authenticatio… allows the same logins used for "JIRA, Confluence and Bamboo" to also work as a basic gating mechanism for the web-server fronting java. This particular usage of the apache basic authentication API permits non-Java webapps, or static files, to be "gated" by the same credentials used for jira/confluence/bamboo. The reason why I mention mod_ssl is because if you want to do real security, or not be transmitting credentials in-the clear, you'll need it. A proper security solution that is now becoming quite practical (and free) is the use of X509 client certificates, for example, see https://www.myopenid.com. Alongside mod_ssl's FakeBasicAuth ( http://www.modssl.org/docs/2.8/ssl_reference.html#SSLOptions ) this uses the API of apache basic authentication, using credentials coming directly from the certificate (usually the full-email address, which is part of the client certificate data that is "signed"). When this option is enabled, the Subject Distinguished Name (DN) of the Client X509 Certificate is translated into a HTTP Basic Authorization username. This means that the standard Apache authentication methods can be used for access control. The user name is just the Subject of the Client's X509 Certificate (can be determined by running OpenSSL's openssl x509command: openssl x509 -noout -subject -in *certificate*.crt). Note that no password is obtained from the user. Every entry in the user file needs this password: `` xxj31ZMTZzkVA'', which is the DES-encrypted version of the word `password''. Those who live under MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 hash of the same word: `` $1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/''. If there was an "Apache basic auth" gateway into Xwiki, then Xwiki could also easily use such a solution to obtain the login credentials from the certificate, or simply use existing Apache-Basic-Auth credentials for consistency and single-sign-on in a "portal." The reason why this is important is that some fortune-500 companies won't allow external access to their data (extranet portal scenario) w/o the security guarantees available in x509 client-certificates. In particular, corporate security likes the ability to be able to instantly revoke or invalidate certificates that pose a security threat, and "two-factor" access: something you have -- the x509 cert, and something you know -- your password. I elaborate along the lines of this solution here: http://n2.nabble.com/Using-Apache-BasicAuth-or-mod_ssl%27s-%22FakeBasicAuth… http://dev.xwiki.org/xwiki/bin/view/GoogleSummerOfCode/SingleSignOnAuthenti… PS: another apache/java trick that is very useful -- using mod_auth_mda<http://www.frogdot.org/mod_auth_mda/>for passing time-limited temporary "fine-grained" access control credentials (in the form of a specially signed cryptographic cookie) from Java to apache. In other words, one might login to an Xwiki-based system; within an Xwiki "app" one would construct a specially formatted cryptographic cookie<http://www.frogdot.org/mod_auth_mda/cookie.html>. That cookie would permit temporary access to a particular file/directory/application hosted on the apache webserver (e.g. a static file that you only want accessbile to logged-in people). Without the cookie, or if the cookie expires, a user cannot access directories files or applications specificallly protected by mod_auth_mda. The following flowchart illustrates the process: -- <http://www.frogdot.org/logintools/pab/scheme1.gif> -- Niels http://nielsmayer.com

16 years, 6 months

Re: [xwiki-devs] Help Regarding Xwiki

by Deepak24 S

Dear Wincent, Thank for your respose. Can u little clarify me ,why i dont need to build up xwiki from source?.. I go with your advice.But can u little help me out in explaming where should i get the database java files which require for user authentication at the time of login.(means verifying user from the database). I am asking this because i have technical manpower with me who has knowledge of Maven n all. but the difficulty is i am not getting the way ,the user and admin authentication checking is goin on. I read at your dev.xwiki.org.. about custom authentication that you need to make changes only in conf file. But our specific requirement to bypass this authentication ,as we already have our database for user authentication. rest all your wiki will work as it is. Hope you understand my requirement.Because we are team,so my taskk is to rectify the files and area need to change in Your xwiki in order to make your wiki up to our requirement. Thanks & regards, Deepak Sharma Assistant Software Engineer-T Tata Consultancy Services Cell:- 9911502444 Mailto: deepak24.s(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

16 years, 6 months

[xwiki-devs] Help required for XWiki Workspace

by Afzal Sharif

Hi, I need source code of recent stable version of "xWiki workspace". I want to build this product from source at my system. For this, I also want to know, what are the other required ("xwiki workspace" dependencies for building it) software (exernal dependencies for building xWiki ), I have eclipse 3.2.0 , SVN , Maven configured on my system Please specify the svn link for downloading them. Md Afzal Sharif =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

16 years, 6 months

Re: [xwiki-devs] xwiki building

by Deepak24 S

Here i am defining the whole scnerio; Task i have done; 1.maven is configured. 2.subeclipse plugin installed. 3.respositry is downloaded. 4. after this i tried command maven -clear....which start downloading alot of files from maven.xwiki respository. ----but error came defining some artifacts are not found in any respository ---then i tried the maven -install on xwiki plateform specifically..its also start downloading alot of .jar files... Now my question is is the respository we copy from SVN version is not complete enough ,though on calling maven -install ,it starts dowmloading of more files.. and whr i should these newly downloaded files..it make me stuck at one point. please help me out ..... thanks and regards, Deepak Sharma Assistant Software Engineer-T Tata Consultancy Services Cell:- 9911502444 Mailto: deepak24.s(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

16 years, 6 months

Re: [xwiki-devs] regarding Xwiki building

by Deepak24 S

Hi thnx for the suggestion. but for ur kind information i gone through this link so many times. i have short time to build this xwiki workspaces, thats why i am requesting the steps. As there is alot of pom.xml files are there..which i need to rectify the dependencies.But due to short time ..i m seeking for help regarding building. Deepak Sharma Assistant Software Engineer-T Tata Consultancy Services Cell:- 9911502444 Mailto: deepak24.s(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

16 years, 6 months

[xwiki-devs] Urgent regarding Xwiki project building

by Deepak24 S

Hi ALl, Can anyone send me the step by step preocess of building xwiki from sources. then i need to import xwiki workspaces. Please help me out in regarding this. Deepak Sharma Assistant Software Engineer-T Tata Consultancy Services Cell:- 9911502444 Mailto: deepak24.s(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

16 years, 6 months

[xwiki-devs] User Profile vm page

by Bruno Amaro Almeida

Hi Devs ! I`m trying to find the vm file to edit the user profile page, but i`m not getting into it. Where can i do that ? Regards Bruno Amaro

16 years, 6 months

[xwiki-devs] Creating a branch for XE XAR in XWiki 2.0 syntax

by Vincent Massol

Hi devs, For testing the new rendering and the new 2.0 syntax I'm going to create a branch of XE wiki/ module. The idea is to migrate the pages to the 2.0 syntax and use the resulting XAR to slowly make the new rendering work fine on all pages of XE. This is just a FYI, unless someone has an issue with this. Thanks -Vincent

16 years, 6 months

[xwiki-devs] Problems with differentiating url encoded document names / attachment names

by Asiri Rathnayake

Hi All, Consider a PUT request on following resource: http://<host>/xwiki-webdav/root/spaces/Main/WebHome/spacename.pagename How can we determine whether "spacename.pagename" is a child page of Main.WebHome or at attachment of Main.WebHome ? This is not the only place this problem occurs. I'm working on a workaround for this problem but i would like to have a better mechanism if it's possible. Note :- searching existing documents / attachments won't help because this is a request to create a new resource. Thanks. - Asiri

16 years, 6 months

[xwiki-devs] Problems creating a query using the QueryManager

by Markus Lanthaler

Hi, I'm currently implementing the last things to finish OpenID authentication support but I have some problems with the query manager. I'm trying to get the document (should be only one) which an attached OpenIdIdentifier object whose "identifier" string property's value has some specific value. I didn't found any documentation apart http://markmail.org/message/jt6m2huqr4r6hvk6 and http://dev.xwiki.org/xwiki/bin/view/Design/XWiki+Query+Language+Specificati…. I tried to achieve this by the following code: public static String findOpenIDUser(String openid_identifier, XWikiContext context) throws XWikiException { XWiki xwiki = context.getWiki(); QueryManager qm = xwiki.getStore().getQueryManager(); Query search_user; if (qm.hasLanguage(Query.HQL)) { search_user = qm.createQuery(", BaseObject as obj, StringProperty as prop where doc.fullName = obj.name and obj.className = 'XWiki.OpenIdIdentifier' and obj.id=prop.id.id and prop.id.name='identifier' and prop.value = ':identifier'", Query.HQL); } else if (qm.hasLanguage(Query.XPATH)) { search_user = qm.createQuery("/*/*[obj/XWiki/OpenIdIdentifier/@xp:identifier = ':identifier'] ", Query.XPATH); } else throw new RuntimeException(); search_user.bindValue("identifier", openid_identifier); List<XWikiDocument> found_users = search_user.setLimit(1).execute(); if (found_users.size() > 0) { if (log.isDebugEnabled()) { log.debug("OpenID " + openid_identifier + " already registered."); } return found_users.get(0).getFullName(); } return null; } but all I get is a NullPointerException when qm.createQuery(..., Query.HQL) is called. What's wrong with my code? java.lang.NullPointerException at com.xpn.xwiki.store.query.AbstractQueryManager.createQuery(AbstractQueryManager.java:73) at com.xpn.xwiki.user.impl.openid.OpenIDHelper.findOpenIDUser(OpenIDHelper.java:109) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:201) at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:178) at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:205) at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3518) at com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl.checkAccess(XWikiRightServiceImpl.java:139) at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3526) at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4432) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:190) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:115) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.xpn.xwiki.web.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:287) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.xpn.xwiki.web.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:112) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619)

16 years, 6 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

xwiki-devs