incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roberto Venturi" <Ro...@Mercurio.It>
Subject Re: How to test if a permission is a Wikipermission
Date Fri, 10 Aug 2012 12:38:26 GMT
Hello everybody,
the test suggested by JPSR is ok only for 1/4 :-)
I had to change the test in
-----
     if (   ! (permission instanceof AllPermission)
         && ! (permission instanceof GroupPermission)
         && ! (permission instanceof PagePermission)
         && ! (permission instanceof WikiPermission)
     )
         return Boolean.TRUE;
-----
But the direction was important :-) Thanks.

I will try to understand hoe JIRA works to submit the patch ;-)

Regards,
Roberto



Quoting "Juan Pablo Santos Rodríguez" <juanpablo.santos@gmail.com>:

> Hello Roberto,
>
> first apologies on not commenting on the previous e-mail. I've cc'ed
> jspwiki-dev, which seems a more appropiate place to make this question.
>
> I don't have the source right here but maybe you could check if permission
> instanceof WikiPermission?
>
> Also, don't know if you checked, but
> http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay
> give you some insights. I'll try to have a look at this, but seems to
> me the appropiate way may go through developing your own JSPWiki
> Authorizer. This way you could avoid patching "core" src and yet have your
> own customized behaviour.
>
> Regarding including source/patches/fixes, the best place is to file a JIRA,
> see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept
> contributions :-)
>
>
> br,
> juan pablo
>
> On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <Roven@mercurio.it> wrote:
>
>> Hi,
>> another chapter of my "search of the holy grail" with JSPWiki & websphere
>> security policies :-)
>>
>> --------------
>> File: org.apache.auth.Authorization.**Manager.java
>> Method: checkStaticPermission
>> Code:
>>         try
>>         {
>>             // Check the JVM-wide security policy first
>>             AccessController.**checkPermission( permission );
>>             return Boolean.TRUE;
>>         }
>>         catch( AccessControlException e )
>> --------------
>> the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in
>> precedent email because it manages all "non wiki" permissions. So I need a
>> test on "permission" to see if it's or not a "wiki permission".
>> I'm trying substituting the statement with a "brutal" block as
>> --------------
>> String pName = permission.getName();
>> if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("**
>> Wiki"))
>>                     return Boolean.TRUE;
>> --------------
>> And, it was time, here is the question: there is a "more nice" way to do
>> the test?
>>
>> Tanks for your patience :-)
>> Roberto
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Messaggio inviato da WebMail - http://www.mercurio.it
>> ------------------------------**-------------------------
>>
>






--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------

Mime
View raw message