registration of new users in xwiki from external application : appropriate rights not set
13 Apr
2007
13 Apr
'07
12:57 p.m.
Hello xwiki developpers
Imagine you had to powerful applications.
First xwiki, then discourse engine for deliberative decision making.
Lets call the latter 'dito'.
Imagine how nice it would be,
1: if these two applications could use the same authentication, and if
2: signing into one aplication would sign you into the second, too.
3: registering a new account in dito would add a new user to xwiki with
the appropriate rights (edit) without admin interaction (explicitly
setting rights) needed
@1: Done!
Fortunately, as far as *authentication* is concerned, xwiki makes a
geeks life easier, as it provides a XWikiAuthService interface.
Which I implemented for my needs and which works fine.
@2: Hm, solve 3 first
@3: Stuck!
Unfortunately, as far as *authorisation* is concerned, I did not yet get
the point.
My approach is to make an xml-rpc, that logs into the wiki (with a user
that i added manually and that has admin rights) and calls the
XWiki.createUser() method.
In order to achieve that, i extended the ConfluenceRpcHandler and added
a method createUserFromExternal
Suddenly, I get an error in Xwiki, approx. line 2570(i.e. methods
system.out.println("xwiki create user :
!context.getUtil().match"+xwikiname);returns -4 :)
try {
if (!context
.getUtil()
.match(
this.Param(
"xwiki.validusername", "/^[a-zA-Z0-9_]+$/"),
xwikiname))
{
return -4;
}
}
As i am calling from external, the context object (and the request, it
is carrying) are not as complete as they are, when i register via the
xwiki web page.
My questions are:
- is it a good idea to do xwiki user registration automatically and from
external *that* way? do you know alternatives?
- is there an implementation of the mehtod:
/**
* {@inheritDoc}
* @see ConfluenceRpcInterface#addUser(String, java.util.Map, String)
*/
public void addUser(String token, Map user, String password) throws
XWikiException {
throw new XWikiException(XWikiException.MODULE_XWIKI_XMLRPC,
XWikiException.ERROR_XWIKI_NOT_IMPLEMENTED, "Not implemented");
}
?
- If you integrate xwiki into other environments or vice versa, what is
the best practice to wire the two different registration and login
processes of both, xwiki and some_app ?
Of course, i searched the archives, but no solution for this so far...
Any hints?
Best regards
Thomas K.
--
ontopica
Thomas Krämer
Krämer&Okpue GbR
Kurfürstenstr. 66
53115 Bonn
Fon 0228 - 180 99 737
Fax 0228 - 242 78 60
Email tk(a)ontopica.de
13 Apr
13 Apr
1:20 p.m.
New subject: [xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set
The comments below are just how I see things, I could be wrong.
On 4/13/07, Thomas Krämer <tk(a)ontopica.de> wrote:
Hello xwiki developpers
Imagine you had to powerful applications.
First xwiki, then discourse engine for deliberative decision making.
Lets call the latter 'dito'.
Imagine how nice it would be,
1: if these two applications could use the same authentication, and if
2: signing into one aplication would sign you into the second, too.
3: registering a new account in dito would add a new user to xwiki with
the appropriate rights (edit) without admin interaction (explicitly
setting rights) needed
It would be very nice.
@1: Done!
Fortunately, as far as *authentication* is concerned,
xwiki makes a
geeks life easier, as it provides a XWikiAuthService interface.
Which I implemented for my needs and which works fine.
Which one uses the other? As far as I can guess, you made XWiki communicate
with dito's database.
@2: Hm, solve 3 first
Authentication creates some cookies holding authentication information.
1. You can create these cookies when authenticating in dito and set them as
cookies that have to be sent to xwiki. Then the XWiki authentication
mechanism will deal with them.
2. You can create other cookies when authenticating in xwiki that would
later be used by dito.
@3: Stuck!
Unfortunately, as far as *authorisation* is concerned,
I did not yet get
the point.
My approach is to make an xml-rpc, that logs into the wiki (with a user
that i added manually and that has admin rights) and calls the
XWiki.createUser() method.
This approach seems to be OK. But you can also use a REST approach, meaning
that you learn how does the registration form work, then create a fake
request (GET or POST, which one is easier). If registration is not public,
then you also need to send some authentication tokens (cookies).
In order to achieve that, i extended the ConfluenceRpcHandler and added
a method createUserFromExternal
Suddenly, I get an error in Xwiki, approx. line 2570(i.e. methods
system.out.println("xwiki create user :
!context.getUtil().match"+xwikiname);returns -4 :)
try {
if (!context
.getUtil()
.match(
this.Param(
"xwiki.validusername", "/^[a-zA-Z0-9_]+$/"),
xwikiname))
{
return -4;
}
}
As i am calling from external, the context object (and the request, it
is carrying) are not as complete as they are, when i register via the
xwiki web page.
My questions are:
- is it a good idea to do xwiki user registration automatically and from
external *that* way? do you know alternatives?
Depending on what is the main application, you could even forget about the
XWiki users. You can implement a Rights&Authentication mechanism that uses
only external data. But this would take a bit longer.
Your approach is OK, too. It's wrong that it does not work, but the XMLRPC
API is still experimental, and mostly unmaintained due to lack of human
resources.
- is there an implementation of the mehtod:
/**
* {@inheritDoc}
* @see ConfluenceRpcInterface#addUser(String, java.util.Map, String)
*/
public void addUser(String token, Map user, String password) throws
XWikiException {
throw new XWikiException(XWikiException.MODULE_XWIKI_XMLRPC,
XWikiException.ERROR_XWIKI_NOT_IMPLEMENTED, "Not
implemented");
}
?
- If you integrate xwiki into other environments or vice versa, what is
the best practice to wire the two different registration and login
processes of both, xwiki and some_app ?
The best practice is to implement a SSO mechanism in both applications.
Currently XWiki lacks something like this, but it is planned. The next best
mechanism is to make one of the applications use the data from the other,
since maintaining duplicate information is hard, and I don't mean just
creating data in two places, but the different updates that can later occur.
Of course, i searched the archives, but no solution for this so far...
Any hints?
Best regards
Thomas K.
Sergiu
--
http://purl.org/net/sergiu
1:34 p.m.
New subject: [xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set
My POV is that XWiki should use JAAS. Then we'll automatically get
lots of benefits including SSO. We could even use JGuard for this if
it helps (FYI, JGuard is a project of our OSSGTP group in Paris).
Thanks
-Vincent
On Apr 13, 2007, at 1:20 PM, Sergiu Dumitriu wrote:
The comments below are just how I see things, I could
be wrong.
On 4/13/07, Thomas Krämer <tk(a)ontopica.de> wrote:
Hello xwiki developpers
Imagine you had to powerful applications.
First xwiki, then discourse engine for deliberative decision making.
Lets call the latter 'dito'.
Imagine how nice it would be,
1: if these two applications could use the same authentication, and if
2: signing into one aplication would sign you into the second, too.
3: registering a new account in dito would add a new user to xwiki
with
the appropriate rights (edit) without admin interaction (explicitly
setting rights) needed
It would be very nice.
@1: Done!
Fortunately, as far as *authentication* is concerned, xwiki makes a
geeks life easier, as it provides a XWikiAuthService interface.
Which I implemented for my needs and which works fine.
Which one uses the other? As far as I can guess, you made XWiki
communicate with dito's database.
@2: Hm, solve 3 first
Authentication creates some cookies holding authentication
information.
1. You can create these cookies when authenticating in dito and set
them as cookies that have to be sent to xwiki. Then the XWiki
authentication mechanism will deal with them.
2. You can create other cookies when authenticating in xwiki that
would later be used by dito.
@3: Stuck!
Unfortunately, as far as *authorisation* is concerned, I did not
yet get
the point.
My approach is to make an xml-rpc, that logs into the wiki (with a
user
that i added manually and that has admin rights) and calls the
XWiki.createUser() method.
This approach seems to be OK. But you can also use a REST approach,
meaning that you learn how does the registration form work, then
create a fake request (GET or POST, which one is easier). If
registration is not public, then you also need to send some
authentication tokens (cookies).
In order to achieve that, i extended the ConfluenceRpcHandler and
added
a method createUserFromExternal
Suddenly, I get an error in Xwiki, approx. line 2570(i.e. methods
system.out.println("xwiki create user :
!context.getUtil().match"+xwikiname);returns -4 :)
try {
if (!context
.getUtil()
.match(
this.Param(
"xwiki.validusername", "/^[a-zA-Z0-9_]+$/"),
xwikiname))
{
return -4;
}
}
As i am calling from external, the context object (and the request, it
is carrying) are not as complete as they are, when i register via the
xwiki web page.
My questions are:
- is it a good idea to do xwiki user registration automatically and
from
external *that* way? do you know alternatives?
Depending on what is the main application, you could even forget
about the XWiki users. You can implement a Rights&Authentication
mechanism that uses only external data. But this would take a bit
longer.
Your approach is OK, too. It's wrong that it does not work, but the
XMLRPC API is still experimental, and mostly unmaintained due to
lack of human resources.
- is there an implementation of the mehtod:
/**
* {@inheritDoc}
* @see ConfluenceRpcInterface#addUser(String, java.util.Map,
String)
*/
public void addUser(String token, Map user, String password)
throws
XWikiException {
throw new XWikiException(XWikiException.MODULE_XWIKI_XMLRPC,
XWikiException.ERROR_XWIKI_NOT_IMPLEMENTED, "Not
implemented");
}
?
- If you integrate xwiki into other environments or vice versa,
what is
the best practice to wire the two different registration and login
processes of both, xwiki and some_app ?
The best practice is to implement a SSO mechanism in both
applications. Currently XWiki lacks something like this, but it is
planned. The next best mechanism is to make one of the applications
use the data from the other, since maintaining duplicate
information is hard, and I don't mean just creating data in two
places, but the different updates that can later occur.
Of course, i searched the archives, but no solution for this so far...
Any hints?
Best regards
Thomas K.
Sergiu
--
http://purl.org/net/sergiu
--
You receive this message as a subscriber of the xwiki-
dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/
wws
16 Apr
16 Apr
9:53 p.m.
New subject: [xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set
Hello Xwiki Devloppers
Thanks, Sergiu and Vincent, for your fast reply, i didn't count with
that on a friday afternoon.
i consider adding sso support to xwiki.
i connot see clearly yet, where exactly to start, and one comment you
wrote confused a little:
Depending on what is the main application, you could
even forget about
the XWiki users. You can implement a Rights&Authentication mechanism
that uses only external data. But this would take a bit longer.
The best practice is to implement a SSO mechanism in both applications.
Currently XWiki lacks something like this, but it is planned. The next
best mechanism is to make one of the applications use the data from the
other, since maintaining duplicate information is hard, and I don't mean
just creating data in two places, but the different updates that can
later occur.
Exactly, i think this is one of the main reason why people invented sso.
You write "implement a SSO mechanism in both applications" .
Regarding authentication, this is realized in a clean and
straightforward manner in XWiki, implementing the XWikiAuthService
interface and configuring the implemting class in WEB-INF/xwiki.cfg via
the xwiki.authentication.authclass property.
Do you plan a similarly configurable / exchangeable *authorization*
mechanism?
If not: where is the "edge" of what has to remain in xwiki and where the
interface begins? What are the classes / methods currently handling
authorization?
Vincent, you proposed JAAS. What do you think of Yale CAS as pluggable
authentication / SSO solution?
Best regars
Thomas
--
ontopica
Thomas Krämer
Krämer&Okpue GbR
Kurfürstenstr. 66
53115 Bonn
Fon 0228 - 180 99 737
Fax 0228 - 242 78 60
Email tk(a)ontopica.de
19 Apr
19 Apr
10:42 p.m.
New subject: [xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set
Hi Dumitriu,
I tried the REST approach, as you depicted
This approach seems to be OK. But you can also use a
REST approach,
meaning that you learn how does the registration form work, then create
a fake request (GET or POST, which one is easier). If registration is
not public, then you also need to send some authentication tokens
(cookies).
I use the common httpclient to imitate a users behavior.
I can succesfully login as a user, doing a PostMethod with
"/xwiki/bin/loginsubmit/XWiki/XWikiLogin"
This is not what a users sees in his browsers adress bar, but what
appears in the form in the html source.
But, calling the registration page
http://localhost:8080/xwiki/bin/register/XWiki/Register ,
setting the parameters to a new request (on the same httpclient object)
PostMethod registerMethod = new PostMethod(registerUrl);
loginPost.addParameter("template", "XWiki.XWikiUserTemplate");
loginPost.addParameter("register", "1");
loginPost.addParameter("register_first_name", "");
loginPost.addParameter("register_last_name", "");
loginPost.addParameter("register2_password", "875656");
loginPost.addParameter("register_password", "875656");
loginPost.addParameter("register_email", "gzt6(a)web.de").de");
loginPost.addParameter("xwikiname", "horatio");
loginPost.addParameter("submit", "register");
loginPost.addParameter("Register", "1");
does not work.
Why is that so?
Examining the source, i was wondering, why there is no action in the
html form:
<form id="register" name="register" action=""
action="" method="post">
What is the reason for that?
What is the URL i have to set to a PostMethod?
And: Why does the action attribute appear twice in the form?
Yours
Thomas
Btw: Congrats to RC1, you've all been probably quite busy theese days.
Great work!
20 Apr
20 Apr
9:06 a.m.
New subject: [xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set
Hi,
The double action="" attribute is a mistake. The missing attribute value
means that the form is submitted to the same URL. The registration should
work, unless you don't have the right to register new users. The login
action returns some cookies, which must be kept and passed with the
registration request.
Sergiu
On 4/19/07, Thomas Krämer <tk(a)ontopica.de> wrote:
Hi Dumitriu,
I tried the REST approach, as you depicted
Thanks.
--
http://purl.org/net/sergiu
This approach seems to be OK. But you can also
use a REST approach,
meaning that you learn how does the registration form work, then create
a fake request (GET or POST, which one is easier). If registration is
not public, then you also need to send some authentication tokens
(cookies).
I use the common httpclient to imitate a users behavior.
I can succesfully login as a user, doing a PostMethod with
"/xwiki/bin/loginsubmit/XWiki/XWikiLogin"
This is not what a users sees in his browsers adress bar, but what
appears in the form in the html source.
But, calling the registration page
http://localhost:8080/xwiki/bin/register/XWiki/Register ,
setting the parameters to a new request (on the same httpclient object)
PostMethod registerMethod = new PostMethod(registerUrl);
loginPost.addParameter("template",
"XWiki.XWikiUserTemplate");
loginPost.addParameter("register", "1");
loginPost.addParameter("register_first_name", "");
loginPost.addParameter("register_last_name", "");
loginPost.addParameter("register2_password", "875656");
loginPost.addParameter("register_password", "875656");
loginPost.addParameter("register_email", "gzt6(a)web.de").de");
loginPost.addParameter("xwikiname", "horatio");
loginPost.addParameter("submit", "register");
loginPost.addParameter("Register", "1");
does not work.
Why is that so?
Examining the source, i was wondering, why there is no action in the
html form:
<form id="register" name="register" action=""
action="" method="post">
What is the reason for that?
What is the URL i have to set to a PostMethod?
And: Why does the action attribute appear twice in the form?
Yours
Thomas
Btw: Congrats to RC1, you've all been probably quite busy theese days.
Great work!
6359
days inactive
6366
days old
5 comments
3 participants
participants (3)
-
Sergiu Dumitriu -
Thomas Krämer -
Vincent Massol