incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 13:34:03 GMT

Mm...  Then the reason is probably that you're using Asserted (which,  
for almost all intents and purposes, is equal to Anonymous).  Does it  
work with Authenticated?

/Janne

On 25 Nov 2007, at 15:10, Kalle Kivimaa wrote:

> Yes, because I want *most* of my wiki to be visible to everybody, and
> I understood that an ACL takes precedence over the policy file.
>
>> From http://doc.jspwiki.org/2.4/wiki/Security
> "By default, wiki pages do not have access control lists. When a page
> doesn't have an ACL, the default security policy for the page
> applies."
>
> I read that as saying that the security policy is *only* used if there
> is no ACL.
>
> Janne Jalkanen <Janne.Jalkanen@ecyrd.com> writes:
>
>> Um. You're granting read permissions to Anonymous in your policy  
>> file.
>>
>> /Janne
>>
>> On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:
>>
>>> OK, after finally getting my Tomcat to actually use the security
>>> policy correctly, I still have the problem of the page ACL's not  
>>> being
>>> used. The JAAS config file is loaded correctly, as is the policy  
>>> file
>>> (policy file access restrictions work correctly).
>>>
>>> Any ideas what I'm doing wrong?
>>>
>>> Page header:
>>> [{ALLOW view Asserted}]
>>>
>>> Policy file:
>>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
>>>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>>> "*:*", "view";
>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>> "*", "editPreferences";
>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>> "*", "editProfile";
>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>> "*", "login";
>>> };
>>>
>>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>> "*", "login";
>>> };
>>>
>>> Log file:
>>> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>>> HttpRequest: returning guestSession()
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
>>> (null); target=TaloInfo
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =
>>> ALLOW view Asserted
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry
>>> for view
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInf 
>>> o"
>>> ,"view"))
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInf 
>>> o"
>>> ,"view"))
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>>> HttpRequest: returning guestSession()
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
>>> (null); target=TaloInfo
>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>>> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
>>> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://
>>> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
>>> 0:00:00.005
>>>
>>> --
>>> * Sufficiently advanced magic is indistinguishable from technology
>>> (T.P)  *
>>> *           PGP public key available @ http://www.iki.fi/
>>> killer           *
>>
>>
>
> -- 
> * Sufficiently advanced magic is indistinguishable from technology  
> (T.P)  *
> *           PGP public key available @ http://www.iki.fi/ 
> killer           *


Mime
View raw message