Hi there. This is version 0.5 of a template tentatively titled Clean. It has a deliberately sparse look, and was patterned after some of the more interesting corporate sites I have seen. Special features of this template include:

• Use of CSS throughout
• Form-based login, designed for use with web containers (it follows the J2EE j_security_check specification for servlet containers)
• Links to a "new user registration" form, designed to be used with a JDBC database. This is actually a separate web application rather than a mod to JSPWiki; see details on the JRegistrar application below.
• A new include, TopPanel.jsp, that includes links for login/logout, Home, Index, etc.
• A "features" panel on the right-hand side that contains featured content (user-editable)
• Tweaked search field and button
• Login (go to login form) and Logout (invalidate session) links in the top panel
• Graphical submit buttons for search and login (more coming later...)
• A standard logo (images/logo.jpg) that always appears in the upper-left-hand corner and links to the "Main" page. You will probably want to change the one that is there by default, since it is for my own site. ;)

Clean is based on JSPWiki 2.1.93-CVS. I hope you like it; if not, feel free to comment, tweak or rant.

-- Andrew Jaquith, April 2004

Screenshot#

Yep, here it is:

Package contents#

The enclosed zip file includes a number of new files and some changed files, which are enumerated below. The locations of these files are either relative to the webroot or src/webdocs, depending on whether you are looking at the binary distibution, or the source tree.

The new files include the template JSPs plus top-level "login" pages:

• LoginForm.jsp -- login form for J2EE containers; posts to j_security_check
• Logout.jsp -- invalidates the current session
• LoginRedirect.jsp -- protected resource that causes the redirect to LoginForm.jsp
• images/continue.png
• images/go.png
• images/logo.png
• images/signin.png
• templates/clean/TopMenu.jsp -- moved search bar here; not editable by end-users

Changed files (relative to the default template) include:

• etc/web.xml -- implements form-based auth instead of Basic; adds several protected resources
• templates/clean/jspwiki.css -- thorough re-working/re-organization of the stylesheet, without sacrificing compatibility with the default template
• templates/clean/EditContent.jsp -- removed search box; moved to TopMenu
• templates/clean/EditTemplate.jsp -- major changes
• templates/clean/LeftMenu.jsp -- eliminated login box, plus a few minor changes
• templates/clean/LeftMenuFooter.jsp -- shows copyright and "powered by" text
• templates/clean/LoginTemplate -- contains template-specific J2EE login form
• templates/clean/PageContent.jsp -- a few minor changes
• templates/clean/PreviewContent.jsp -- removed HRs
• templates/clean/ViewTemplate.jsp -- major changes

JRegistrar application#

The blatant shill: I needed a secure, easy-to-use way to register new users and store their information in a database, for use by JSPWiki and other applications I intend to host. I was not aware of any stand-alone packages that would do the job, so I decided to write my own. The result is a small application tentatively called "JRegistrar." I have posted it on my personal website. For the curious: JRegistrar uses a database to store users' first & last names, organization, e-mail, and password (encoded as a SHA-1 hash). It is designed to be used as a Tomcat authentication realm, which is how I use it. Under the covers, it uses:

• Struts 1.1, for the MVC layer
• Tiles, for easy separation of presentation "panels" (I re-implemented the Clean layout as Tiles definitions)
• Commons Validator, to ensure that bad input is kept out
• JDBC prepared statements, to prevent SQL injection

In the future, I will be exploring how to integrate JRegistrar with JSPWiki 2.x's authorization model. I don't anticipate great difficulty in making them work together.

Comments and Discussion:#

(starts here...) Any idea when you will have the authentication-implementation (JRegistrar) ready for use ? Is there an alternate authentication mechanism that could be used ? - RaghuHavaldar

Andy's amended reply: As noted above, I have just posted it. It is in a "0.2" release, which means that the basic functionality works and that it is reasonably well-documented. At the moment RDBMS is the only back-end identity store one can use with it, although there is a fairly well-documented set of interfaces that would make it easy to use LDAP and/or XML files also. One of the neater features is that the user Principal's name ("Bill Gates") is separate from their login id ("bill@thebeast.com"). So you login with your e-mail, and JSPWiki says "Greetings Bill Gates". - Andrew Jaquith

Will this work with mysql? - Njreist

Does this template work with newer code? Has anyone had this working the lastest Alpha 2.1.13 for example? JLH

Update: Yes it does work, I am not sure what was happening before, but I think it has something to do with the new template handling, where if a file is not found in the template dir, then it looks in default, some wires were crossed somewhere. JLH.

How to Install #

When you unzip the template, you come up with several files. Place the jsp (LoginForm.jsp, LoginRedirect.jsp and LoginError.jsp) in webapps/JSPWiki/, next to Comment.jsp, ..., Wiki.jsp.

mv templates/clean into webapps/JSPWiki/templates

Update webapps/JSPWiki/WEB-INF/web.xml with the following patch:

134,149d103
<        By default we just limit access to the Delete.jsp, as it
<        is actually dangerous.
<    -->
<
<    <security-constraint>
<        <web-resource-collection>
<            <web-resource-name>Protected Area</web-resource-name>
<            <url-pattern>/Delete.jsp</url-pattern>
<        </web-resource-collection>
<        <auth-constraint>
<            <role-name>admin</role-name>
<            <role-name>user</role-name>
<        </auth-constraint>
<    </security-constraint>
<
<    <!--
157c111
<        To enable this, replace the previous section with this section.
---
>        To enable this, remove the comments signs.
166d119
<    <!--  START OF ACCESS RESTRICTION
170a124
>            <url-pattern>/LoginRedirect.jsp</url-pattern>
172,173c126
<            <url-pattern>/Comment.jsp</url-pattern>
<            <url-pattern>/Delete.jsp</url-pattern>
---
>            <url-pattern>/UserPreferences.jsp</url-pattern>
177,185d129
<            <http-method>HEAD</http-method>
<            <http-method>PUT</http-method>
<        </web-resource-collection>
<
<        <web-resource-collection>
<            <web-resource-name>Read-only Area</web-resource-name>
<            <url-pattern>/attach</url-pattern>
<            <http-method>DELETE</http-method>
<            <http-method>POST</http-method>
193d136
<    </security-constraint>
195c138,141
<    -->
---
>        <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>
>    </security-constraint>
198,199c144,148
<       <auth-method>BASIC</auth-method>
<       <realm-name>JSPWiki Editor</realm-name>
---
>      <auth-method>FORM</auth-method>
>      <form-login-config>
>        <form-login-page>/LoginForm.jsp</form-login-page>
>        <form-error-page>/LoginForm.jsp</form-error-page>
>      </form-login-config>
201a151,164
>    <security-role>
>      <description>
>        This role includes all authenticated, non-administrative users
>      </description>
>      <role-name>user</role-name>
>    </security-role>
>
>    <security-role>
>      <description>
>        This role includes all authenticated, administrative users
>      </description>
>      <role-name>admin</role-name>
>    </security-role>
>