Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.8, 2.8.1
    • Fix Version/s: 2.8.2, 3.0
    • Labels:
      None
    • Environment:

      All

      Description

      From the jspwiki-dev list:

      Steve Dahl wrote:
      Under JSPWiki 2.6.4, we've replaced WebContainerAuthorizer with an LDAPAuthorizer which implements JSPWiki roles in terms of LDAP groups.

      When I compile this for JSPWiki 2.8.0, and modify the jspwiki.properties file to use it, our custom LDAPAuthorizer gets initialized, and is sent findRole(), but it never seems to get sent isUserInRole().

      If it's useful information, LDAPAuthorizer implements Authorizer (not WebAuthorizer), and it implements isUserInRole() with this signature:

      public boolean isUserInRole( WikiSession session, Principal role )

      Is there anything that has changed in Authorizers between 2.6.4 and 2.8.0 that might explain this?

      Looking deeper, it seems that in JSPWiki 2.6.X, WikiSession implemented injectRolePrincipals(), which initialized the session with whatever groups and roles the user belongs to. Groups are read from the group database, and Roles are read from the Authorizer.

      In JSPWiki 2.8.X, injectRolePrincipals() has been replaced by injectGroupPrincipals(), which reads groups from the group database but doesn't use the Authorizer. What is the Authorizer used for now?

      As a side note, I originally implemented LDAPAuthorizer as LDAPGroupDatabase. I ended up rejecting this approach because GroupManager assumes that the members of a Group can be read once when the Wiki is started, and that the Group's membership will only be modified by the Wiki. The problem with LDAP is that the group membership can be modified from outside, and the only way to update the wiki would be to manually restart it. The Authorizer was a better solution for our purposes, because if a user was added to the LDAP group, the Authorizer would reflect that change as soon as the user logged out and back in. Restarting the wiki is not necessary.

        Activity

        Andrew Jaquith created issue -
        Janne Jalkanen made changes -
        Field Original Value New Value
        Original Estimate 0h [ 0 ]
        Remaining Estimate 0h [ 0 ]
        Janne Jalkanen made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Andrew Jaquith made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Assignee Andrew Jaquith [ ajaquith ]

          People

          • Assignee:
            Andrew Jaquith
            Reporter:
            Andrew Jaquith
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development