Search code examples

dokuwiki authentication from java

Here is the scenario:

I want to use docuwiki to show help and other content to users. The users are grouped by to organization. Each organization gets their own content that should be private to them. Enter ACL. I get how I can create a user and limit him to a certain subsection of the wiki.

Now the fun part begins. How can I authenticate these users from my server? I'm running a Tomcat/Java/MSSQL stack. I have full control of both servers.

I'd imagine if it is possible, I would imagine I can post the username/password to the wiki from the servlet, and get some kinda token back that the user can access the site with. But I don't see anything in the documentation about this. If anyone has any ideas, pointers or alternatives, I'd appreciate it.


  • For googlers that come after me:

    I ended up writing my own authenticator. TO use authenticator place it in *\inc\auth* with the name sqlsrv.class.php (sqlsrv will be the code you use to specify this authenticator.)

    Basically what happens with this is I generate a token on my server that uniquely identifies a logged in user. I then POST or GET to the wiki with the token. The authenticator then queries the server to see if the user should be authenticated, as well as to get the name, email and which ACL groups the user should belong to.

    Notes: make sure you change the config options in the php file. And you'll need sqlsrv installed and enabled for your apache/php.

     * sqlsrv authentication backend
     * @license    GPL 2 (
     * @author     Yuriy Shikhanovich <[email protected]>
    class auth_sqlsrv extends auth_basic {
         * Constructor
         * Carry out sanity checks to ensure the object is
         * able to operate. Set capabilities.
         * @author  Yuriy Shikhanovich <[email protected]>
        function __construct() {
                global $config_cascade;
                global $connection;
          $this->cando['external']       = true;
        function trustExternal()
            //$msgTxt = $_SESSION[DOKU_COOKIE]['auth']['info']['user']."x";
            //return true;
            global $USERINFO;
                global $conf;
                global $connection;
            //already logged in, no need to hit server
            if (!empty($_SESSION[DOKU_COOKIE]['auth']['info'])) 
                    $USERINFO['name'] = $_SESSION[DOKU_COOKIE]['auth']['info']['user'];
                    $USERINFO['mail'] = $_SESSION[DOKU_COOKIE]['auth']['info']['mail'];
                    $USERINFO['grps'] = $_SESSION[DOKU_COOKIE]['auth']['info']['grps'];
                    $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
                    return true;
            //check server based on token
                $token = $_GET["token"];
                    $token = $_POST["token"];
                    $token = $_SESSION[DOKU_COOKIE]['auth']['token'];
                    msg("Could not authenticate. Please contact your admin.");
                    return false;
                //config //NOTE: replace with the appropriate values
                    $myServer = ",1433";
                    $myUser = "sqlaccount";
                    $myPass = "sqlpassword";
                    $myDB = "dbName";
                    //end config
                    //get connection
                    $connectionInfo = array('UID' => $myUser, 'PWD' => $myPass, "Database"=>$myDB);
                    $link = sqlsrv_connect($myServer, $connectionInfo);
                    //check connection
                    if($link === FALSE) 
                            msg("Could not get connection, contact your admin.");
                        return false;
                    //run token against proc
                    //NOTE: this needs to be implemented on your server, returns :
                    //"user" - Name of the user //this does not have to be setup in the wiki
                    //"email" - user's email //this does not have to be setup in the wiki
                    //"groups" - Which groups //this *does* have to be setup in the wiki to be used with ACL
                    $sql = "exec WikiLogin '".$token."'"; 
                    $stmt = sqlsrv_query( $link, $sql);
                    //check statement
                    if( $stmt === false) 
                            msg("Could not get connection statement, contact your admin.");
                        return false;
                    //if returned results, set user and groups
                    while( $row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC) ) 
                        // set the globals if authed
                        $USERINFO['name'] = $row['user'];
                        $USERINFO['mail'] = $row['email'];
                        $USERINFO['grps'] = split(" ",$row['groups']);
                        //msg(implode($row," "));
                        //msg(implode($USERINFO," "));
                        $_SERVER['REMOTE_USER'] = $row['user'];
                        //uncomment after testing
                        $_SESSION[DOKU_COOKIE]['auth']['user'] = $row['user'];
                        $_SESSION[DOKU_COOKIE]['auth']['mail'] = $row['email'];
                        $_SESSION[DOKU_COOKIE]['auth']['token'] = $token;
                        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
                        sqlsrv_free_stmt( $stmt);
                        return true;
                    return false;
                        msg("Could not get connection, contact your admin.");
                        msg("Could not get connection, contact your admin.");
                catch (Exception $e)
                        msg("Could not get connection, contact your admin.");
                        msg("Could not get connection, contact your admin.");