Authentication Code


We’re about to build a new Xwiki-instance for a bigger project. As this wiki will contain very sensitive information, I would like to protect it with BasicAuth (Apache).
The Apache Basic Auth should (through a custom handler script) authenticate agains the xwiki mysql database.
Apache basic auth → handler script → database

I have tried to analyze the table structure but could not find a meaningful structure for user storage.
Also a longer browse through the git repository did not bring any useful information.

Can someone send me a link of the java code which makes the authentication against the database (especially important would be the password encryption and the select statement),
I can then translate this to perl to create my auth handler script.


Please excuse the sarcasm, but I am really disappointed.
After the overwhelming support of the forum I invested some (many) hours in Research&Development over the weekend, so it worked out after all.

The attached PHP file implements an AuthExternal Provider Script for Apache. This authenticates against the XWiki database to put a basic auth protection mechanism in front of the wiki.
This can also be used via fail2ban (jail: apache-auth) to implement an effective protection against login attacks.
The usage (under CentOS 7) is described in the header of the file.
It is licensed under the GPL, use it as you like.

auth.php.txt (4.4 KB)