上篇把OpenDS配置好了。现在要把JSPWiki服务部署起来,并且废弃JSPWiki本身的账号机制,让JSPWiki采用OpenDS的账号机制。
首先把JSPWiki下载下来,地址: http://jspwiki.org/
解压后把里边的JSPWiki.war放在tomcat webapps下。启动tomcat,自动生成了JSPWiki的文件夹。
现在修改JSPWiki的web.xml
在其中添加:
<security-constraint> <web-resource-collection> <web-resource-name>Administrative Area</web-resource-name> <url-pattern>/Delete.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>secure</role-name> </auth-constraint> <!-- <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> --> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated area</web-resource-name> <url-pattern>/Edit.jsp</url-pattern> <url-pattern>/Comment.jsp</url-pattern> <url-pattern>/Login.jsp</url-pattern> <url-pattern>/NewGroup.jsp</url-pattern> <url-pattern>/Rename.jsp</url-pattern> <url-pattern>/Upload.jsp</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>Read-only Area</web-resource-name> <url-pattern>/attach</url-pattern> <http-method>DELETE</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>wiki-admin</role-name> <role-name>wiki-users</role-name> </auth-constraint> <!-- <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> --> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/LoginForm.jsp</form-login-page> <form-error-page>/LoginForm.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description> This logical role includes all authenticated users </description> <role-name>wiki-users</role-name> </security-role> <security-role> <description> This logical role includes all administrative users </description> <role-name>secure</role-name> </security-role>
这里需要注意的地方是有两处 <role-name>secure</role-name>
里边的值应该是OpenDS里的Group名称,这里的secure是上篇文章中建立OpenDS时设置的一个组。
现在需要确认一下jspwiki.properties里边
jspwiki.authorizer =com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer是否被注释掉了,如果被注释掉了,就把注释去掉。让这句话生效。
刚只在web.xml中声明了要用secure的权限才能进入JSPWiki,但JSPWiki中并没有这个权限组,只有OpenDS中有,所以要为JSPWiki添加一个权限组:
用写字板打开jspwiki.policy
在里边加入
grant principal com.ecyrd.jspwiki.auth.authorize.Role "secure"
{ permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";};
只有就为Wiki服务加入了一个新的角色,拥有所有权利。
现在,可以启动tomcat来test了。
用浏览器打开
http://localhost:8080/JSPWiki/Login.jsp
输入boris/boris
结果如下:
成功了,再看看注册新用户页面:
可以看到,已经不能注册了,因为JSPWiki本身的账号机制已经被废弃了。
PS: 有点很重要,第一篇文章中提到的修改tomcat server.xml是一定要做的!
这样才能告诉容器应该去哪个外部的ldap验证这些账号。