[xwiki-devs] anonymous user / custom authentication

Sergiu Dumitriu sergiu at xwiki.com
Sat Mar 19 10:33:40 UTC 2011


On 03/14/2011 06:47 PM, Kevin P. Foote wrote:
>
> OK thanks .. that's working well .. for scenario 1)
>
>
> Now .. even post restarts. I can not get the value to work when setting
>
> xwiki.authentication.loginpage=/where/mylogin/shouldgo
>
> Does this need to be set somewhere else as well?

Why do you want to change the login page? Unless it sits in a different 
application, outside XWiki, you should just configure your authenticator 
to perform its magic in the default URL.

Normally, for changing the authentication mechanism, you should write a 
java class extending com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl 
and registering it in xwiki.cfg at the xwiki.authentication.authclass 
key, for example:
xwiki.authentication.authclass=com.xwiki.authentication.ntlm.NTLMAuthServiceImpl

If you only want to change how the username/password check is done, you 
can override only the authenticate method and hook to your custom 
authenticator.

There are various example authenticators which you can start from at 
http://svn.xwiki.org/svnroot/xwiki/contrib/sandbox/authenticators/

> ------
> thanks
>    kevin.foote
>
> On Mon, 14 Mar 2011, Guillaume Lerouge wrote:
>
> ->  Hi Kevin,
> ->
> ->  On Mon, Mar 14, 2011 at 16:33, Kevin P. Foote<kpfoote at iup.edu>  wrote:
> ->
> ->  >
> ->  >  Hi devs,
> ->  >
> ->  >  In writing my own auth plugin I want the ability to run XWiki in
> ->  >  anonymous browsing mode as well as the login request triggering my
> ->  >  particular auth jar (much like xwiki.org - you can many pages w/out
> ->  >  actually authenticating). I have two resulting questions.
> ->  >
> ->  >  1)
> ->  >  Is there a magic user name in the form of XWiki."anonymous"/Guest etc..
> ->  >  that I can return in my checkAuth? OR am I thinking about this
> ->  >  incorrectly and xwiki already knows that this user is who the context is
> ->  >  representing..
> ->  >
> ->
> ->  There's already the virtual XWiki.XWikiGuest .
> ->
> ->  #if($context.user == "XWiki.XWikiGuest")
> ->  some content
> ->  #end
> ->
> ->  will display content only for non-authenticated users for instance.
> ->
> ->  Guillaume
> ->
> ->  2)
> ->  >  I see in reading the xwiki.cfg and tutuorials on how to run your own
> ->  >  authentication code that there is a way to override the login page
> ->  >  within the config. Is there also a way to "override" the call to the
> ->  >  login? I know in (cough,cough) confluence they have a seraph mechanism
> ->  >  that you can override what the login action is... looking for something
> ->  >  similar here..
> ->  >  I've thought of perhaps using an apache rewrite rule on the
> ->  >  login/XWikiLogin page to trigger my auth
> ->  >
> ->  >  Thanks guys..
> ->  >
> ->  >  ------
> ->  >  thanks
> ->  >    kevin.foote


-- 
Sergiu Dumitriu
http://purl.org/net/sergiu/



More information about the devs mailing list