Hi there. This is version 0.5 of a template tentatively titled __Clean__. It has a deliberately sparse look, and was patterned after some of the more interesting corporate sites I have seen. Special features of this template include:

* Use of CSS throughout
* Form-based login, designed for use with web containers (it follows the J2EE {{j_security_check}} specification for servlet containers)
* Links to a "new user registration" form, designed to be used with a JDBC database. This is actually a separate web application rather than a mod to JSPWiki; see details on the __JRegistrar__ application below.
* A new include, {{~TopPanel.jsp}}, that includes links for login/logout, Home, Index, etc.
* A "features" panel on the right-hand side that contains featured content (user-editable)
* Tweaked search field and button
* Login (go to login form) and Logout (invalidate session) links in the top panel
* Graphical submit buttons for search and login (more coming later...)
* A standard logo (images/logo.jpg) that always appears in the upper-left-hand corner and links to the "Main" page. You will probably want to change the one that is there by default, since it is for my own site. ;)
 
__Clean__ is based on JSPWiki 2.1.93-CVS. I hope you like it; if not, feel free to comment, tweak or rant.

''-- [Andrew Jaquith], April 2004''

!!Screenshot
Yep, here it is:
[http://www.jspwiki.org/attach/CleanTemplate/clean-template.png]

!!Package contents
The enclosed zip file includes a number of new files and some changed files, which are enumerated below. The locations of these files are either relative to the webroot or {{src/webdocs}}, depending on whether you are looking at the binary distibution, or the source tree.

The new files include the template JSPs plus top-level "login" pages:
* ~LoginForm.jsp -- login form for J2EE containers; posts to j_security_check
* Logout.jsp -- invalidates the current session
* ~LoginRedirect.jsp -- protected resource that causes the redirect to ~LoginForm.jsp
* images/continue.png
* images/go.png
* images/logo.png
* images/signin.png
* templates/clean/~TopMenu.jsp -- moved search bar here; __not__ editable by end-users

Changed files (relative to the default template) include:
* etc/web.xml -- implements form-based auth instead of Basic; adds several protected resources
* templates/clean/jspwiki.css -- thorough re-working/re-organization of the stylesheet, without sacrificing compatibility with the default template
* templates/clean/~EditContent.jsp -- removed search box; moved to ~TopMenu
* templates/clean/~EditTemplate.jsp -- major changes
* templates/clean/~LeftMenu.jsp -- eliminated login box, plus a few minor changes
* templates/clean/~LeftMenuFooter.jsp -- shows copyright and "powered by" text
* templates/clean/~LoginTemplate -- contains template-specific J2EE login form
* templates/clean/~PageContent.jsp -- a few minor changes
* templates/clean/~PreviewContent.jsp -- removed HRs
* templates/clean/~ViewTemplate.jsp -- major changes

!!JRegistrar application

__The blatant shill:__ I needed a secure, easy-to-use way to register new users and store their information in a database, for use by JSPWiki and other applications I intend to host. I was not aware of any stand-alone packages that would do the job, so I decided to write my own. The result is a small application tentatively called "JRegistrar." I have [posted it on my personal website|http://www.freshcookies.org/jregistrar].
__For the curious:__ JRegistrar uses a database to store users' first & last names, organization, e-mail, and password (encoded as a SHA-1 hash). It is designed to be used as a Tomcat authentication realm, which is how I use it. Under the covers, it uses:
* Struts 1.1, for the MVC layer
* Tiles, for easy separation of presentation "panels" (I re-implemented the __Clean__ layout as Tiles definitions)
* Commons Validator, to ensure that bad input is kept out
* JDBC prepared statements, to prevent SQL injection

In the future, I will be exploring how to integrate JRegistrar with JSPWiki 2.''x'''s authorization model. I don't anticipate great difficulty in making them work together.

!!Comments and Discussion:
(starts here...)
Any idea when you will have the authentication-implementation (JRegistrar) ready for use ? Is there an alternate authentication mechanism that could be used ? - RaghuHavaldar

__Andy's amended reply__: As noted above, I have just [posted it|http://www.freshcookies.org/jregistrar]. It is in a "0.2" release, which means that the basic functionality works and that it is reasonably well-documented. At the moment RDBMS is the only back-end identity store one can use with it, although there is a fairly well-documented set of interfaces that would make it easy to use LDAP and/or XML files also. One of the neater features is that the user Principal's name ("Bill Gates") is separate from their login id ("bill@thebeast.com"). So you login with your e-mail, and JSPWiki says "Greetings Bill Gates". - Andrew Jaquith


Will this work with mysql? - Njreist

__Does this template work with newer code?__ Has anyone had this working the lastest Alpha 2.1.13 for example? JLH

__Update__: Yes it does work, I am not sure what was happening before, but I think it has something to do with the new template handling, where if a file is not found in the template dir, then it looks in default, some wires were crossed somewhere. JLH.


!! How to Install 
When you unzip the template, you come up with several files. 
Place the jsp ({{~LoginForm.jsp}}, {{~LoginRedirect.jsp}} and {{~LoginError.jsp}}) in {{webapps/JSPWiki/}}, next to {{Comment.jsp}}, ..., {{Wiki.jsp}}.

mv {{templates/clean}} into {{webapps/JSPWiki/templates}}

Update {{webapps/JSPWiki/WEB-INF/web.xml}} with the following patch:
{{{
134,149d103
<        By default we just limit access to the Delete.jsp, as it
<        is actually dangerous.
<    -->
<
<    <security-constraint>
<        <web-resource-collection>
<            <web-resource-name>Protected Area</web-resource-name>
<            <url-pattern>/Delete.jsp</url-pattern>
<        </web-resource-collection>
<        <auth-constraint>
<            <role-name>admin</role-name>
<            <role-name>user</role-name>
<        </auth-constraint>
<    </security-constraint>
<
<    <!--
157c111
<        To enable this, replace the previous section with this section.
---
>        To enable this, remove the comments signs.
166d119
<    <!--  START OF ACCESS RESTRICTION
170a124
>            <url-pattern>/LoginRedirect.jsp</url-pattern>
172,173c126
<            <url-pattern>/Comment.jsp</url-pattern>
<            <url-pattern>/Delete.jsp</url-pattern>
---
>            <url-pattern>/UserPreferences.jsp</url-pattern>
177,185d129
<            <http-method>HEAD</http-method>
<            <http-method>PUT</http-method>
<        </web-resource-collection>
<
<        <web-resource-collection>
<            <web-resource-name>Read-only Area</web-resource-name>
<            <url-pattern>/attach</url-pattern>
<            <http-method>DELETE</http-method>
<            <http-method>POST</http-method>
193d136
<    </security-constraint>
195c138,141
<    -->
---
>        <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>
>    </security-constraint>
198,199c144,148
<       <auth-method>BASIC</auth-method>
<       <realm-name>JSPWiki Editor</realm-name>
---
>      <auth-method>FORM</auth-method>
>      <form-login-config>
>        <form-login-page>/LoginForm.jsp</form-login-page>
>        <form-error-page>/LoginForm.jsp</form-error-page>
>      </form-login-config>
201a151,164
>    <security-role>
>      <description>
>        This role includes all authenticated, non-administrative users
>      </description>
>      <role-name>user</role-name>
>    </security-role>
>
>    <security-role>
>      <description>
>        This role includes all authenticated, administrative users
>      </description>
>      <role-name>admin</role-name>
>    </security-role>
>

}}}