incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-16) Problem with group security and membership
Date Sat, 03 Nov 2007 18:04:50 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-16?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12539960
] 

Harry Metske commented on JSPWIKI-16:
-------------------------------------

Maybe user alex has Admin role and kathrin has not, that would explain the difference ?
Anyway, maybe you should change "ALLOW edit Family"  to "ALLOW modify Family" ? (modify implies
permission to edit and upload, see [http://doc.jspwiki.org/2.4/wiki/Security#section-Security-ImpliedPermissions].


> Problem with group security and membership
> ------------------------------------------
>
>                 Key: JSPWIKI-16
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-16
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.5.139-beta
>         Environment: Tomcat 5.5.17 jre 1.50.13
>            Reporter: Alex Samad
>
> Hi                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
> I am having a problem with 2.5.138 and group membership and the ability to          
                                                                                         
    
> upload attachments                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
> on the top of one of my pages I had this (my site setup to not allow anony          
                                                                                         
    
> modifications)                                                                      
                                                                                         
    
>                                                                                     
                                                                                         
    
> [{ALLOW view Anonymous}]                                                            
                                                                                         
    
> [{ALLOW edit Family}]                                                               
                                                                                         
    
>                                                                                     
                                                                                         
    
> the Family group is made up of this                                                 
                                                                                         
    
> <group name="Family" creator="Alex Samad" created="2006.10.21 at 15:58:05:778    
                                                                                         
       
> EST" modifier="AlexSamad" lastModified="2007.10.07 at 04:17:11:050 EST">         
                                                                                         
       
>         <member principal="kathrinhuf" />                                     
                                                                                         
          
>         <member principal="kathrin huf" />                                    
                                                                                         
          
>         <member principal="kathrin" />                                        
                                                                                         
          
>         <member principal="Alex Samad" />                                     
                                                                                         
          
>         <member principal="alex" />                                           
                                                                                         
          
>   </group>                                                                    
                                                                                         
          
>                                                                                     
                                                                                         
    
>                                                                                     
                                                                                         
    
> I use container authentication but this is the user.xml                             
                                                                                         
    
> <users>                                                                       
                                                                                         
          
> <user loginName="alex" wikiName="alex" fullName="Alex Samad"                     
                                                                                         
       
> email="alex@samad.com.au" password="" created="2006.10.20 at 15:58:16:561 EST"      
                                                                                         
    
> lastModified="2006.10.21 at 15:42:55:658 EST"  />                                
                                                                                         
       
> <user loginName="kathrin" wikiName="kathrin" fullName="Kathrin Huf"              
                                                                                         
       
> email="kathrin@samad.com.au" password="" created="2006.10.20 at 15:58:16:561        
                                                                                         
    
> EST" lastModified="Jul 17, 2006 8:03:23 PM"  />                                  
                                                                                         
       
>                                                                                     
                                                                                         
    
>                                                                                     
                                                                                         
    
> in ldap I have 2 user called alex and kathrin that map to the above 2               
                                                                                         
    
>                                                                                     
                                                                                         
    
> both of us can edit the page, but only I can upload attachments to the page,        
                                                                                         
    
> when kathrin looks at the attachment page she is told only authenticated users      
                                                                                         
    
> can upload....                                                                      
                                                                                         
    
>                                                                                     
                                                                                         
    
> when I remove the to ALLOW statements we both have access                           
                                                                                         
    
>                                                                                     
                                                                                         
    
> from jspwiki.policy                                                                 
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {                       
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view"; 
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",           
                                                                                         
    
> "editPreferences";                                                                  
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",           
                                                                                         
    
> "editProfile";                                                                      
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";  
                                                                                         
    
> };                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
>                                                                                     
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {                 
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",         
                                                                                         
    
> "modify";                                                                           
                                                                                         
    
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",                   
                                                                                         
    
> "createPages";                                                                      
                                                                                         
    
> };                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {                  
                                                                                         
    
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";       
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",           
                                                                                         
    
> "createPages";                                                                      
                                                                                         
    
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";        
                                                                                         
    
> };                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
>                                                                                     
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {             
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",         
                                                                                         
    
> "modify,rename";                                                                    
                                                                                         
    
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";        
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.GroupPermission               
                                                                                         
    
> "*:<groupmember>", "edit";                                                    
                                                                                         
          
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",                   
                                                                                         
    
> "createPages,createGroups";                                                         
                                                                                         
    
> };                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {                     
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";            
                                                                                         
    
> };                                                                                  
                                                                                         
    
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "WikiAdmin" {                 
                                                                                         
    
>         permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";            
                                                                                         
    
> };                                                                                  
                                                                                         
    
>                                                                                     
                                                                                         
    
> I have created a role called WikiAdmin.                                             
                                                                                         
    
>                                                                                     
                                                                                         
    
>                                                                                     
                                                                                         
    
> So has any one else seen this problem ?  Or is it because I have done something     
                                                                                         
    
> strange with my security setup                                                      
                                                                                         
    
>                                                                                     
                                                                                         
    
> Alex 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message