restricted auth and new users

Hullo;

while doing a Really Quick Version Update(tm) on one of my
stock  
JSPWikis, I realize that I don't know how to create users.

Is there any within-JSPWiki way of adding a user once I've
set the  
policy to prevent access by anyone but authenticated users?
If not, how do I create a userdatabase.xml entry with shell
tools?

(Yes, I'll eventually find the answers myself; if you have a
minute,  
I'll appreciate it, but don't burden yourself if not. ;)
//ebu
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Noticed during the same stock wiki update I mentioned today:

An admin account (created by Install.jsp) doesn't seem to be
getting  
AllPermission.
I _have_ fiddled with jspwiki.policy a bit, so there's a
slight  
chance I've messed up; a second pair of eyes might help.
I'm not seeing anything odd in the logs; just that neither
admin nor  
an account manually added to the Admin group get 'delete'
permission,  
and if I add 'delete' to the Authenticated permissions in  
jspwiki.policy, everything works fine.

My user and group databases are listed below (with slight
spam  
censoring...), and the jspwiki.policy is attached.
Anything else I could look into, or provide?

Thanks,
//ebu

----

<?xml version="1.0"
encoding="UTF-8"?>
<users>
<user loginName="admin"
wikiName="Administrator"  
fullName="Administrator" email=""
password="..."  
created="2006.10.16 at 12:02:40:437 EEST"
lastModified="2006.10.16 at  
12:02:40:437 EEST"  />
<user loginName="ebu"
wikiName="ErikBunn" fullName="Erik Bunn"
 
email="..." password="..."
created="2006.10.16 at 12:03:40:437  
EEST" lastModified="2006.10.16 at 12:03:40:437
EEST"  />
</users>

----

<?xml version="1.0"
encoding="UTF-8"?>
<groups>
   <group name="Admin" creator="Erik
Bunn" created="2006.10.16 at  
12:02:40:497 EEST" modifier="Erik Bunn"
lastModified="2006.10.16 at  
12:02:40:497 EEST">
     <member principal="Administrator" />
     <member principal="ErikBunn" />
   </group>
</groups>

----

_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Erik Bunn wrote:
> Is there any within-JSPWiki way of adding a user once
I've set the 
> policy to prevent access by anyone but authenticated
users?
Presumably you're talking about having an administrator
create user 
accounts (since a policy that prevents access by
unauthenticated users 
would obviously prevent users from doing it themselves)?  If
so, I can 
help.  Otherwise, I'm not clear what you're seeking to do.


_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

On Oct 16, 2006, at 13:55 , Terry Steichen wrote:

> Erik Bunn wrote:
>> Is there any within-JSPWiki way of adding a user
once I've set the  
>> policy to prevent access by anyone but
authenticated users?
> Presumably you're talking about having an administrator
create user  
> accounts (since a policy that prevents access by
unauthenticated  
> users would obviously prevent users from doing it
themselves)?  If  
> so, I can help.  Otherwise, I'm not clear what you're
seeking to do.

That would be the case. Is there a way of doing this with
the current  
CVS code?

Thanks,
//ebu
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

hmm.. just thinking you can protect UserPreferences.jsp
using container
authentication (messing with your web.xml), create a
"known" account in your
server and use this account to add new users..

just a quick thought, I think this should be ok, but I
haven't tested it

regards,
JP


2006/10/16, Terry Steichen <terrynet-frame.com>:
>
>
>
> Erik Bunn wrote:
> > Is there any within-JSPWiki way of adding a user
once I've set the
> > policy to prevent access by anyone but
authenticated users?
> Presumably you're talking about having an administrator
create user
> accounts (since a policy that prevents access by
unauthenticated users
> would obviously prevent users from doing it
themselves)?  If so, I can
> help.  Otherwise, I'm not clear what you're seeking to
do.
>
>
> _______________________________________________
> Jspwiki-users mailing list
> Jspwiki-usersecyrd.com
> http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
>
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

I have a JSP that handles this, using the current JSPWiki
code.  It 
first checks to ensure that the user is an admin, and then
it allows 
that user to create new accounts, delete existing accounts
and change 
passwords/e-mail addresses. 

The part that creates new accounts is pretty simple - it
consists mainly 
of this logic:

            WikiContext wikiContext =
WikiContext.findContext(pageContext);
            WikiEngine m_engine = wikiContext.getEngine();
            UserManager manager = m_engine.getUserManager();

            UserProfile profile =
manager.getUserDatabase().newProfile();
            profile.setLoginName( loginName );
            profile.setEmail( email );
            profile.setFullname( fullname );
            profile.setPassword( password );
            profile.setWikiName( wikiname );
   
            //--check to ensure that new user doesn't
already exist - 
NOTE: Skipped for now, but needed
            //manager.setUserProfile(wikiSession,profile);
   
            //--Make the changes to the in-memory database
            manager.getUserDatabase().save(profile);
   
            //--make the changes to the on-disk database
            manager.getUserDatabase().commit();

You should add a check to prevent creating a duplicate user
loginName, 
WikiName or FullName.

Erik Bunn wrote:
>
> On Oct 16, 2006, at 13:55 , Terry Steichen wrote:
>
>> Erik Bunn wrote:
>>> Is there any within-JSPWiki way of adding a
user once I've set the 
>>> policy to prevent access by anyone but
authenticated users?
>> Presumably you're talking about having an
administrator create user 
>> accounts (since a policy that prevents access by
unauthenticated 
>> users would obviously prevent users from doing it
themselves)?  If 
>> so, I can help.  Otherwise, I'm not clear what
you're seeking to do.
>
> That would be the case. Is there a way of doing this
with the current 
> CVS code?
>
> Thanks,
> //ebu
> _______________________________________________
> Jspwiki-users mailing list
> Jspwiki-usersecyrd.com
> http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
>
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Terry -

check, thanks. This is what I have in my custom wikis, and
sounds  
like my hunch that no account creation facility exists in
stock is  
confirmed.

What should we consider when planning to incorporate this
sort of  
page into the CVS code? (Janne? Andrew?)
Is there any plan of a unified UI for managing groups and
users, yet,  
or could we just throw in a "manage accounts"
page?

(I'll mention that my implementation combines account and
group  
creation: a checkbox list of existing groups is listed by
the account  
being created, and a text field for adding new groups is
provided  
underneath. This may or may not be intuitive.)


//ebu
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

> What should we consider when planning to incorporate
this sort of  
> page into the CVS code? (Janne? Andrew?)
> Is there any plan of a unified UI for managing groups
and users, yet,  
> or could we just throw in a "manage accounts"
page?

I'd love to have an admin UI for account/group management. 
I wasn't
on planning to actually work on one anytime soon, though... 
Anybody
wanna start drafting one up?

/Janne
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Attached is the JSP I use to manage user accounts.  It's
pretty rough in 
its structure and particularly in terms of its UI, but it
has the basic 
functionality I need.  You're welcome to use it however you
like.  I 
plan to refine it to apply to groups and to allow for group
admins.  But 
no firm schedule at this point (essentially, when I really
need that 
functionality, I plan to do it).

Janne Jalkanen wrote:
>> What should we consider when planning to
incorporate this sort of  
>> page into the CVS code? (Janne? Andrew?)
>> Is there any plan of a unified UI for managing
groups and users, yet,  
>> or could we just throw in a "manage
accounts" page?
>>     
>
> I'd love to have an admin UI for account/group
management.  I wasn't
> on planning to actually work on one anytime soon,
though...  Anybody
> wanna start drafting one up?
>
> /Janne
> _______________________________________________
> Jspwiki-users mailing list
> Jspwiki-usersecyrd.com
> http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
>
>   
<% taglib uri="/WEB-INF/jspwiki.tld"
prefix="wiki" %>
<% page import="com.ecyrd.jspwiki.*" %>
<% page import="com.ecyrd.jspwiki.auth.*"
%>
<% page
import="com.ecyrd.jspwiki.auth.user.*" %>
<% page
import="com.ecyrd.jspwiki.ui.InputValidator" %>
<% page import="java.util.Date" %>
<% page import="java.util.Arrays" %>
<% page import="java.text.SimpleDateFormat"
%>
<% page import="java.security.Principal"
%>
<% page
import="com.ecyrd.jspwiki.auth.permissions.AllPermissio
n" %>

<%
	

	WikiContext wikiContext =
WikiContext.findContext(pageContext);
	WikiEngine m_engine = wikiContext.getEngine();
	UserManager manager = m_engine.getUserManager();
 	WikiSession wikiSession = wikiContext.getWikiSession();

	boolean admin =
m_engine.getAuthorizationManager().checkPermission(
wikiSession, new
AllPermission(m_engine.getApplicationName()));
	if(admin == false) {
		%><h2>Sorry - you must be an admin to use this
feature</h2><%
		return;
	}

	String action	= request.getParameter("action");
	if(action == null) {
		action = "";
	}
	if(action.equals("createUser")) {

		//--get the new user's credentials
		String loginName	=
request.getParameter("loginname");
		String password	=
request.getParameter("password");
		String fullname	=
request.getParameter("fullname");
		String wikiname	=
request.getParameter("wikiname");
		String email		= request.getParameter("email");

		//--verify the new user's credentials
		loginName 	= InputValidator.isBlank( loginName ) ? null :
loginName;
		password 	= InputValidator.isBlank( password ) ? null :
password;
		wikiname 	= InputValidator.isBlank( wikiname ) ? null :
wikiname.replaceAll( "\s", "" );
		fullname 	= InputValidator.isBlank( fullname ) ? null :
fullname;
		email 		= InputValidator.isBlank( email ) ? "" :
email;
		//email 		= InputValidator.isBlank( email ) ? null :
email;

		if(loginName != null && password != null
&& wikiname != null && fullname != null) {

			//--create and populate a new user profile
			UserProfile profile =
manager.getUserDatabase().newProfile();
			profile.setLoginName( loginName );
			profile.setEmail( email );
			profile.setFullname( fullname );
			profile.setPassword( password );
			profile.setWikiName( wikiname );
	
			//--check to ensure that new user isn't actually existing
- should be used or restrict rest to 'allPermissions'
			//manager.setUserProfile(wikiSession,profile);
	
			//--Make the changes to the in-memory database
			manager.getUserDatabase().save(profile);
	
			//--make the changes to the on-disk database
			manager.getUserDatabase().commit();
		
			// Refresh the active credentials set
			//WikiEngine wiki = wikiContext.getEngine();
			//AuthenticationManager mgr =
wiki.getAuthenticationManager();
			//mgr.refreshCredentials( session );
				%><h3>User <%=loginName%>
created</h3><%
		%>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>
		<%
		}

	} else if(action.equals("modifyUser")) {

		//--get the new user's credentials
		String loginName	=
request.getParameter("loginname");
		String password	=
request.getParameter("password");
		String email		= request.getParameter("email");

		//--verify the new user's credentials
		loginName 	= InputValidator.isBlank( loginName ) ? null :
loginName;
		password 	= InputValidator.isBlank( password ) ? null :
password;
		email 		= InputValidator.isBlank( email ) ? null : email;

		if(loginName != null && (password != null || email
!= null)) {

			//--create and populate a new user profile
			UserProfile profile =
manager.getUserDatabase().findByLoginName(loginName);
			if(profile != null) {

				try {
					if(email != null) {
						profile.setEmail( email );
					}
					if(password != null) {
						profile.setPassword( password );
					}
					//--Make the changes to the in-memory database
					manager.getUserDatabase().save(profile);
			
					//--make the changes to the on-disk database
					manager.getUserDatabase().commit();
				
					%><h3>User <%=loginName%> data
updated</h3><%

				} catch (Exception e) {
					%><h3>Error modifying <%=loginName%>'s
data </h3><%
				}			
			}
		} else {
			%>Error with parameters for <%=loginName%><%
		} 
		%>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>
		<%



	} else if(action.equals("deleteUser")) {

		String loginName	=
request.getParameter("loginname");
		loginName 			= InputValidator.isBlank( loginName ) ? null
: loginName;
		if(loginName != null) {
			try {
				manager.getUserDatabase().deleteByLoginName(loginName);
				manager.getUserDatabase().commit();
				%>User <%=loginName%> deleted<%
	
			} catch (Exception e) {
				%>Error: <%=e.getMessage()%><%
			}
		} else {
			%>Error - blank name<%
		} %>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>
		<%

	} else if(action.equals("getExistingUserInfo")) {

		String loginName	=
request.getParameter("loginname");
		loginName 			= InputValidator.isBlank( loginName ) ? null
: loginName;
		UserProfile user	=
manager.getUserDatabase().findByLoginName(loginName);
		if(user != null) {	%>
			
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=hidden name=loginname
value=<%=user.getLoginName()%>>
		<input type=hidden name=action value=modifyUser>
		<table>
		<tr><td>&nbsp;</td></tr>
		<tr><td>&nbsp;</td></tr>
		<tr>
			<td>Login name:</td>
			<td>
				<%=user.getLoginName()%>                  
			</td>
		</tr>
		
		  <tr>
		    <td>Password:</td>
		    <td>
		       <input type="password"
name="password" id="password"
size="20" value="" />
		    </td>
		  </tr>
			<tr><td
colspan=2>Hash:<%=user.getPassword()%></td>&l
t;/tr>
		
		<tr>
		  <td>Wiki name:</td>
		  <td>
		      <%=user.getWikiName()%>
		  </td>
		</tr>
		
		<tr>
		  <td>Full name:</td>
		  <td>
		      <%=user.getFullname()%>
		  </td>
		</tr>
		
		<tr>
		  <td>E-mail address</td>
		  <td>
		    <input type="text" name="email"
id="email" size="20" 
value="<%=user.getEmail()%>"  />
		  </td>
		</tr>
		<tr>
		  <td>Creation/Modification date-times:</td>
		  <td>
		    <%=user.getLastModified()%> /
<%=user.getCreated()%>
		  </td>
		</tr>
				
		<tr>
		  <td>Profile new status</td>
		  <td>
			<%=user.isNew()%>
		  </td>
		</tr>
				

		</table>
		<input type=submit value="Save
changes"></form>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>

	<%
		}

	} else if(action.equals("getDeleteUser")) {
	%>

		<form action="Wiki.jsp"
method="POST">
		<input type=hidden name=page value=T.users>
		<input type=hidden name=action value=deleteUser>
		<table border=0>
		<tr><td>&nbsp;</td></tr>
		<tr><td>&nbsp;</td></tr>
		<tr><td><select name=loginname>
		<%
		Principal[] users =
manager.getUserDatabase().getWikiNames();
		String [] myusers = new String[users.length];
		String name = null;
		for (int i = 0; i < users.length; i++) {
			name =
manager.getUserDatabase().findByWikiName(users[i].getName())
.getLoginName();
			myusers[i] = name;
		}
		Arrays.sort(myusers);
		for (int i = 0; i < users.length; i++) {
			%> <option
value=<%=myusers[i]%>><%=myusers[i]%> <%
		}
		%> </td></tr>
		<tr><td><input type=Submit
value="Select user to
delete"></form></td></tr>
		</table>

		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>



	<%
	} else if(action.equals("getExistingUser")) {
	%>

		<form action="Wiki.jsp"
method="POST">
		<input type=hidden name=page value=T.users>
		<input type=hidden name=action
value=getExistingUserInfo>
		<table border=0>
		<tr><td>&nbsp;</td></tr>
		<tr><td>&nbsp;</td></tr>
		<tr><td><select name=loginname>
		<%
		Principal[] users =
manager.getUserDatabase().getWikiNames();
		String [] myusers = new String[users.length];
		String name = null;
		for (int i = 0; i < users.length; i++) {
			name =
manager.getUserDatabase().findByWikiName(users[i].getName())
.getLoginName();
			myusers[i] = name;
		}
		Arrays.sort(myusers);
		for (int i = 0; i < users.length; i++) {
			%> <option
value=<%=myusers[i]%>><%=myusers[i]%> <%
		}
		%> </td></tr>
		<tr><td><input type=Submit
value="Select user to
edit"></form></td></tr>
		</table>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>


	<%
	} else if(action.equals("getNewUserInfo")) {

	%>
	<form action="Wiki.jsp"
method="POST">
	<input type=hidden name=page value=T.users>
	<input type=hidden name=action value=createUser>	
	 <h3>
	      Create a new user
	 </h3>
	 <% if( "newUserProfile".equals(
request.getParameter( "tab" ) ) ) { %>
		 <wiki:Messages div="error"
topic="profile" prefix="Could not save
profile: "/>
	 <% } %>
	 
	<table>
	
	<tr><td>&nbsp;</td></tr>

	<!-- Login name -->
	<tr>
	  <td><label for="loginname">Login
name</label></td>
	  <td>
	    <wiki:UserCheck status="customAuth">
	      <input type="text"
name="loginname" id="loginname" 
	             size="20" />                  
	    </wiki:UserCheck>
	
	    <wiki:UserCheck status="containerAuth">
	      <div
class="formvalue"><wiki:UserProfile
property="loginname"/></div>
	      <div class="formhelp">
	      This is your login id. It was set by the web
container and cannot be changed.
	      </div>
	    </wiki:UserCheck>
	  </td>
	</tr>
	
	<!-- Password; not displayed if container auth used
-->
	<wiki:UserCheck status="customAuth">
	  <tr>
	    <td><label for="password">
		Set Password
	    </td>
	    <td>
	       <input type="password"
name="password" id="password"
size="20" value="" />
	    </td>
	  </tr>
	</wiki:UserCheck>
	
	<!-- Wiki name -->
	<tr>
	  <td><label for="wikiname">Wiki
name</label></td>
	  <td>
	      <input type="text"
name="wikiname" id="wikiname"
	             size="20"  />
	  </td>
	</tr>
	
	<!-- Full name -->
	<tr>
	  <td><label for="fullname">Full
name</label></td>
	  <td>
	      <input type="text"
name="fullname" id="fullname"
	             size="20" />
	  </td>
	</tr>
	
	<!-- E-mail -->
	<tr>
	  <td><label for="email">E-mail
address</label></td>
	  <td>
	    <input type="text" name="email"
id="email" 
	           size="20"  />
	  </td>
	</tr>
	
	<%-- additional profile info --%>
	
	
	</table>
	
	
	<p>
	<input type="submit" value="Create User
Profile" name="ok"
style="display:none;" />
	<input type="button" value="Create User
Profile" name="proxy1"
onclick="this.form.ok.click();" />
	<input type="hidden" name="action"
value="createUser" />
	</p>
	
	</form>
		<form action=Wiki.jsp>
		<input type=hidden name=page value=T.users>
		<input type=submit value="Manage
Users"></form>

<% 
	} else if(action.equals("dork")) {

	} else {

	%>
	<form action="<wiki:Variable
var='baseURL'/>Wiki.jsp?page=T.users&tab=newUserProfi
le"
		class="wikiform"
	     onsubmit="return WikiForm.submitOnce( this
);"
	 	method="POST"
accept-charset="<wiki:ContentEncoding />"
>
	
	 <h3>
	      Choose an action
	 </h3>
	 
	<table>
	
	<tr>
	  <td>
			<select name=action>
			<option value=getNewUserInfo selected>Create a new
user
			<option value=getExistingUser>Edit an existing user
			<option value=getDeleteUser>Delete a user
			</select>
	  </td>
		<td>
			<input type=submit value="Choose option">
		</td>
	</tr>
	</table>
	</form>	


<% } %>
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Solved this for myself. The jspwiki.policy states it clearly
enough,  
but I managed to throw the manual away in time-honored
tradition:

     // groups. You should match the permission target
(here, 'JSPWiki')
     // with the value of the 'jspwiki.applicationName'
property in
     // jspwiki.properties. Two administative groups are set
up below:

I routinely rename my webapp, and didn't see this. Of
course.

(BTW, Andrew, thanks for the documentation, this is nice and
clear.=)

//ebu
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users