incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske" <harry.met...@gmail.com>
Subject Re: Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 13:33:17 GMT
Do you mean something like this :

http://www.jspwiki.org/wiki/PermTest

This page has the following text, and is not viewable by anonymous users:

[{ALLOW edit metskem}]
[{ALLOW view Asserted}]

You should not be able to see the source of this page !

Harry

2007/11/25, Kalle Kivimaa <kalle.kivimaa@iki.fi>:
>
> Yes, because I want *most* of my wiki to be visible to everybody, and
> I understood that an ACL takes precedence over the policy file.
>
> From http://doc.jspwiki.org/2.4/wiki/Security
> "By default, wiki pages do not have access control lists. When a page
> doesn't have an ACL, the default security policy for the page
> applies."
>
> I read that as saying that the security policy is *only* used if there
> is no ACL.
>
> Janne Jalkanen <Janne.Jalkanen@ecyrd.com> writes:
>
> > Um. You're granting read permissions to Anonymous in your policy file.
> >
> > /Janne
> >
> > On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:
> >
> >> OK, after finally getting my Tomcat to actually use the security
> >> policy correctly, I still have the problem of the page ACL's not being
> >> used. The JAAS config file is loaded correctly, as is the policy file
> >> (policy file access restrictions work correctly).
> >>
> >> Any ideas what I'm doing wrong?
> >>
> >> Page header:
> >> [{ALLOW view Asserted}]
> >>
> >> Policy file:
> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> >>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission
> >> "*:*", "view";
> >>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
> >> "*", "editPreferences";
> >>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
> >> "*", "editProfile";
> >>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
> >> "*", "login";
> >> };
> >>
> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
> >>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
> >> "*", "login";
> >> };
> >>
> >> Log file:
> >> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
> >> HttpRequest: returning guestSession()
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
> >> (null); target=TaloInfo
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =
> >> ALLOW view Asserted
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
> >> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry
> >> for view
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
> >> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
> >> ,"view"))
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
> >> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
> >> ,"view"))
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
> >> HttpRequest: returning guestSession()
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
> >> (null); target=TaloInfo
> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> >> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
> >> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://
> >> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
> >> 0:00:00.005
> >>
> >> --
> >> * Sufficiently advanced magic is indistinguishable from technology
> >> (T.P)  *
> >> *           PGP public key available @ http://www.iki.fi/
> >> killer           *
> >
> >
>
> --
> * Sufficiently advanced magic is indistinguishable from technology (T.P
> )  *
> *           PGP public key available @ http://www.iki.fi/killer
> *
>



-- 
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message