Hi there. This is version 0.5 of a template tentatively titled Clean. It has a deliberately sparse look, and was patterned after some of the more interesting corporate sites I have seen. Special features of this template include:
- Use of CSS throughout
- Form-based login, designed for use with web containers (it follows the J2EE j_security_check specification for servlet containers)
- Links to a "new user registration" form, designed to be used with a JDBC database. This is actually a separate web application rather than a mod to JSPWiki; see details on the JRegistrar application below.
- A new include, TopPanel.jsp, that includes links for login/logout, Home, Index, etc.
- A "features" panel on the right-hand side that contains featured content (user-editable)
- Tweaked search field and button
- Login (go to login form) and Logout (invalidate session) links in the top panel
- Graphical submit buttons for search and login (more coming later...)
- A standard logo (images/logo.jpg) that always appears in the upper-left-hand corner and links to the "Main" page. You will probably want to change the one that is there by default, since it is for my own site. ;)
-- Andrew Jaquith, April 2004
Screenshot#
Yep, here it is:
Package contents#
The enclosed zip file includes a number of new files and some changed files, which are enumerated below. The locations of these files are either relative to the webroot or src/webdocs, depending on whether you are looking at the binary distibution, or the source tree.The new files include the template JSPs plus top-level "login" pages:
- LoginForm.jsp -- login form for J2EE containers; posts to j_security_check
- Logout.jsp -- invalidates the current session
- LoginRedirect.jsp -- protected resource that causes the redirect to LoginForm.jsp
- images/continue.png
- images/go.png
- images/logo.png
- images/signin.png
- templates/clean/TopMenu.jsp -- moved search bar here; not editable by end-users
Changed files (relative to the default template) include:
- etc/web.xml -- implements form-based auth instead of Basic; adds several protected resources
- templates/clean/jspwiki.css -- thorough re-working/re-organization of the stylesheet, without sacrificing compatibility with the default template
- templates/clean/EditContent.jsp -- removed search box; moved to TopMenu
- templates/clean/EditTemplate.jsp -- major changes
- templates/clean/LeftMenu.jsp -- eliminated login box, plus a few minor changes
- templates/clean/LeftMenuFooter.jsp -- shows copyright and "powered by" text
- templates/clean/LoginTemplate -- contains template-specific J2EE login form
- templates/clean/PageContent.jsp -- a few minor changes
- templates/clean/PreviewContent.jsp -- removed HRs
- templates/clean/ViewTemplate.jsp -- major changes
JRegistrar application#
The blatant shill: I needed a secure, easy-to-use way to register new users and store their information in a database, for use by JSPWiki and other applications I intend to host. I was not aware of any stand-alone packages that would do the job, so I decided to write my own. The result is a small application tentatively called "JRegistrar." I have posted it on my personal website.
For the curious: JRegistrar uses a database to store users' first & last names, organization, e-mail, and password (encoded as a SHA-1 hash). It is designed to be used as a Tomcat authentication realm, which is how I use it. Under the covers, it uses:
- Struts 1.1, for the MVC layer
- Tiles, for easy separation of presentation "panels" (I re-implemented the Clean layout as Tiles definitions)
- Commons Validator, to ensure that bad input is kept out
- JDBC prepared statements, to prevent SQL injection
In the future, I will be exploring how to integrate JRegistrar with JSPWiki 2.x's authorization model. I don't anticipate great difficulty in making them work together.
Comments and Discussion:#
(starts here...) Any idea when you will have the authentication-implementation (JRegistrar) ready for use ? Is there an alternate authentication mechanism that could be used ? - RaghuHavaldarAndy's amended reply: As noted above, I have just posted it. It is in a "0.2" release, which means that the basic functionality works and that it is reasonably well-documented. At the moment RDBMS is the only back-end identity store one can use with it, although there is a fairly well-documented set of interfaces that would make it easy to use LDAP and/or XML files also. One of the neater features is that the user Principal's name ("Bill Gates") is separate from their login id ("bill@thebeast.com"). So you login with your e-mail, and JSPWiki says "Greetings Bill Gates". - Andrew Jaquith
Will this work with mysql? - Njreist
Does this template work with newer code? Has anyone had this working the lastest Alpha 2.1.13 for example? JLH
Update: Yes it does work, I am not sure what was happening before, but I think it has something to do with the new template handling, where if a file is not found in the template dir, then it looks in default, some wires were crossed somewhere. JLH.
How to Install #
When you unzip the template, you come up with several files. Place the jsp (LoginForm.jsp, LoginRedirect.jsp and LoginError.jsp) in webapps/JSPWiki/, next to Comment.jsp, ..., Wiki.jsp.mv templates/clean into webapps/JSPWiki/templates
Update webapps/JSPWiki/WEB-INF/web.xml with the following patch:
134,149d103 < By default we just limit access to the Delete.jsp, as it < is actually dangerous. < --> < < <security-constraint> < <web-resource-collection> < <web-resource-name>Protected Area</web-resource-name> < <url-pattern>/Delete.jsp</url-pattern> < </web-resource-collection> < <auth-constraint> < <role-name>admin</role-name> < <role-name>user</role-name> < </auth-constraint> < </security-constraint> < < <!-- 157c111 < To enable this, replace the previous section with this section. --- > To enable this, remove the comments signs. 166d119 < <!-- START OF ACCESS RESTRICTION 170a124 > <url-pattern>/LoginRedirect.jsp</url-pattern> 172,173c126 < <url-pattern>/Comment.jsp</url-pattern> < <url-pattern>/Delete.jsp</url-pattern> --- > <url-pattern>/UserPreferences.jsp</url-pattern> 177,185d129 < <http-method>HEAD</http-method> < <http-method>PUT</http-method> < </web-resource-collection> < < <web-resource-collection> < <web-resource-name>Read-only Area</web-resource-name> < <url-pattern>/attach</url-pattern> < <http-method>DELETE</http-method> < <http-method>POST</http-method> 193d136 < </security-constraint> 195c138,141 < --> --- > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> 198,199c144,148 < <auth-method>BASIC</auth-method> < <realm-name>JSPWiki Editor</realm-name> --- > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/LoginForm.jsp</form-login-page> > <form-error-page>/LoginForm.jsp</form-error-page> > </form-login-config> 201a151,164 > <security-role> > <description> > This role includes all authenticated, non-administrative users > </description> > <role-name>user</role-name> > </security-role> > > <security-role> > <description> > This role includes all authenticated, administrative users > </description> > <role-name>admin</role-name> > </security-role> >
Add new attachment
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
zip |
JSPWiki-clean-template.zip | 31.3 kB | 1 | 18-Apr-2004 01:03 | AndrewJaquith | |
png |
clean-template.png | 42.9 kB | 1 | 18-Apr-2004 01:03 | AndrewJaquith | |
gif |
editor.gif | 9.8 kB | 1 | 29-Oct-2008 15:03 | 210.211.224.38 |