Deploying JSPWiki on Sun Java System Web Server 7
Sriram and Marina's article on Deploying Wikis to Sun Java System Web Server 7.0, Part 1: JSPWiki reminded me that I wanted to write a few things about my experiences with deploying JSPWiki on SJSWS 7.0
The article does a good job at explaining the basics of installation and deployment. SJSWS 7 really makes it pretty easy to deploy web applications.
The tougher part is how to configure the JAAS components in JSPWiki with SJSWS. Actually once you get your bearing with SJSWS, its not really that difficult at all. There are two components to JAAS that you need to deal with. These are the JAAS login configuration and the Java 2 security policy. And here is how to do it.
JAAS login configuration
SJSWS comes with a login configuration already installed. The trick is to find the configuration file and add the JSPWiki configuration to it. The file is called login.conf and it is located in the config/ folder of the web server instance. The contents look something like
fileRealm {
com.iplanet.ias.security.auth.login.FileLoginModule required;
};
ldapRealm {
com.iplanet.ias.security.auth.login.LDAPLoginModule required;
};
solarisRealm {
com.iplanet.ias.security.auth.login.SolarisLoginModule required;
};
nativeRealm {
com.iplanet.ias.security.auth.login.NativeLoginModule required;
};
What needs to be done is simply add the JSPWiki configuration to the end of the file. The JSPWiki configuration typically looks like
JSPWiki-container {
com.ecyrd.jspwiki.auth.login.WebContainerLoginModule SUFFICIENT;
com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule SUFFICIENT;
com.ecyrd.jspwiki.auth.login.AnonymousLoginModule SUFFICIENT;
};
JSPWiki-custom {
com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule REQUIRED;
};
Just add those lines to the end of login.conf and you are done.
Java 2 security policy
JSPWiki uses a standard Java 2 security policy to control access to one or more JSPWiki instances within a servlet container. The policy file comes with JSPWiki is WEB-INF/jspwiki.policy.
Now, in my observation, JSPWiki will find this file without doing anything, so this part is somewhat optional. However, without doing any explicit configration you will generally see the error messages:
WARN com.ecyrd.jspwiki.auth.PolicyLoader - You have set your 'java.security.policy' to point at '/opt/sun/SUNwbsvr7/
https-node/config/file:/opt/sun/SUNwbsvr7/https-node/web-app/node/wiki/WEB-INF/jspwiki.policy', but that file d
oes not seem to exist. I'll continue anyway, since this may be something specific to your servlet container. Just c
onsider yourself warned.
WARN com.ecyrd.jspwiki.auth.PolicyLoader - I could not locate the JSPWiki keystore ('jspwiki.jks') in the same direc
tory as your jspwiki.policy file. On many servlet containers, such as Tomcat, this needs to be done. If you keep hav
ing access right permissions, please try copying your WEB-INF/jspwiki.jks to /opt/sun/SUNwbsvr7/https-node/config/fil
e:/opt/sun/SUNwbsvr7/https-node/web-app/node/wiki/WEB-INF
The bit about "Consider yourself warned" is a little dubious. And the fix is pretty easy. So why not just do it.
What needs to be done is to explicitly set the property java.security.policy for the container to the location of the jspwiki.policy file. This can be done easily in the administration console. Simply log in to the administration console and drill down into Configurations -> node -> Java, then click on JVM Settings.
The first section you will see on this page is a JVM Options table, which will include, among other things, a reference to the login.conf file that we tweaked earlier. Simply click on New to add another value, and enter a value like
-Djava.security.policy=/opt/sun/SUNwbsvr7/https-node/web-app/node/wiki/WEB-INF/jspwiki.policy
Then click Save and Deploy your configuartion as described in Sun Developer Network article and you are golden.
Posted by wyllys on January 30, 2007 at 11:45 AM PST #