This Contributed Plugin allows you to authenticate users against a table on any database with its authenticator. There is also a Register jsp page to let them register picking up their own unique username and password, and a plugin which lists all the users registered and gives some basic functions, like resetting their password and authorizing/banning them.

You should put the plugin in a protected page, where only administrators can access. When a new user registers to the wiki, it will be added to the database in an authorized or non authorized state (depends on configuration). If it's not authorized by default, then the administrator can authorize him from the list page, and until then he will not be able to login.

Building#

I've not setup a build for this simple classes, you can just put them in the standard JSPWiki code tree and build JSPWiki. I've built this code only with stable JSPWiki version 2.2.33.

The code does not yet conform to the JSPWIki Coding Standard.

Using#

After setting up the common properties for old authentication, you can set properties to use the JDBC authenticator :

jspwiki.authenticator = JdbcAuthenticator

jdbc.auth.url = jdbc:mysql://localhost:3306/wikiauth
jdbc.auth.driver = com.mysql.jdbc.Driver
jdbc.auth.user = wiki
jdbc.auth.password = wiki

By default it searches for a table named "users" with a very very simple structure :

CREATE TABLE users (
  nick TEXT,
  password TEXT,
  authorized BOOL
);

If you want to use a preexisting table, you can customize the queries on the DB with the following properties :

jdbc.auth.checkQuery = SELECT authorized FROM users WHERE nick=? AND password=?
jdbc.auth.listQuery = SELECT nick,authorized FROM users
jdbc.auth.isAuthQuery = SELECT authorized FROM users WHERE nick=?	
jdbc.auth.updatePassQuery = UPDATE users SET password=? WHERE nick=?
jdbc.auth.updateAuthQuery = UPDATE users SET authorized=? WHERE nick=?
jdbc.auth.insertQuery = INSERT INTO users SET nick=?, password=?, authorized=?

Done this, just add a user in the db, restart your container and you should be able to login with that user.

Now, in a restricted access wiki page you can use the plugin simply like this :

[{INSERT JdbcAuthPlugin}]

In this page you'll see a list of registered users, with the possibility to authorize/deauthorize their accounts and to reset their passwords with random ones.

The register page is simply a JSP you can place in your JSPWiki root folder, and link from the login page and eventually from the login box. The JSP will check for the various situations (user name already taken, you haven't yet been authorized etc..).

Notes#

This is just a quick 2 hours work that i think is worth contributing. Sorry i didn't have time to make a good build, avoid placing this classes in the main JSPWiki code tree and format it correctly.

Cheers. SimoneGianni

PS : don't forget to check how old authentication can be fixed in 2.2.33 stable version, read here BugPermissionsIn2.2.33CanBeFixedEasily

The is excellent work. Note that the 2.3 version of JSPWiki bundles a (different) JDBC-based authentication mechanism with the base distribution. It also includes a standard method for registering users with the wiki. If you're using 2.2, this might be a good choice; otherwise, 2.3 makes this plugin redundant.

--Andrew Jaquith, 13-Jan-2006

Where must I set the properties to use the JDBC authenticator and the queries on the DB of the examples? I have proved to putted them in th jspwiki.properties file, but it don't work...

--Alessio Niespolo 17/05/2006