incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 13:56:57 GMT

2007-11-25 15:45:25,877 [TP-Processor6] INFO  
com.ecyrd.jspwiki.WikiContext JSPWiki:/wiki/PermTest JSPWiki:http:// 
www.jspwiki.org/wiki/PermTest - User 194.29.196.175 has no access -  
redirecting (permission= 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:PermTest", 
"view"))

On 25 Nov 2007, at 15:48, Kalle Kivimaa wrote:

> Yes, that is exactly what I'm trying to achieve. It would be nice to
> see what the jspwiki.org logs say when an anonymous user tries to view
> that page.
>
> "Harry Metske" <harry.metske@gmail.com> writes:
>
>> Do you mean something like this :
>>
>> http://www.jspwiki.org/wiki/PermTest
>>
>> This page has the following text, and is not viewable by anonymous  
>> users:
>>
>> [{ALLOW edit metskem}]
>> [{ALLOW view Asserted}]
>>
>> You should not be able to see the source of this page !
>>
>> Harry
>>
>> 2007/11/25, Kalle Kivimaa <kalle.kivimaa@iki.fi>:
>>>
>>> Yes, because I want *most* of my wiki to be visible to everybody,  
>>> and
>>> I understood that an ACL takes precedence over the policy file.
>>>
>>> From http://doc.jspwiki.org/2.4/wiki/Security
>>> "By default, wiki pages do not have access control lists. When a  
>>> page
>>> doesn't have an ACL, the default security policy for the page
>>> applies."
>>>
>>> I read that as saying that the security policy is *only* used if  
>>> there
>>> is no ACL.
>>>
>>> Janne Jalkanen <Janne.Jalkanen@ecyrd.com> writes:
>>>
>>>> Um. You're granting read permissions to Anonymous in your policy  
>>>> file.
>>>>
>>>> /Janne
>>>>
>>>> On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:
>>>>
>>>>> OK, after finally getting my Tomcat to actually use the security
>>>>> policy correctly, I still have the problem of the page ACL's  
>>>>> not being
>>>>> used. The JAAS config file is loaded correctly, as is the  
>>>>> policy file
>>>>> (policy file access restrictions work correctly).
>>>>>
>>>>> Any ideas what I'm doing wrong?
>>>>>
>>>>> Page header:
>>>>> [{ALLOW view Asserted}]
>>>>>
>>>>> Policy file:
>>>>> grant principal com.ecyrd.jspwiki.auth.authorize.Role  
>>>>> "Anonymous" {
>>>>>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>>>>> "*:*", "view";
>>>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>>>> "*", "editPreferences";
>>>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>>>> "*", "editProfile";
>>>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>>>> "*", "login";
>>>>> };
>>>>>
>>>>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>>>>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>>>>> "*", "login";
>>>>> };
>>>>>
>>>>> Log file:
>>>>> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?  
>>>>> false
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>>>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>>>>> HttpRequest: returning guestSession()
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for  
>>>>> session ID=
>>>>> (null); target=TaloInfo
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?  
>>>>> false
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>>>>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =
>>>>> ALLOW view Asserted
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>>>> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry
>>>>> for view
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>>>>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>>>>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloI 
>>>>> nfo"
>>>>> ,"view"))
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>>>>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>>>>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloI 
>>>>> nfo"
>>>>> ,"view"))
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>>>>> HttpRequest: returning guestSession()
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for  
>>>>> session ID=
>>>>> (null); target=TaloInfo
>>>>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?  
>>>>> false
>>>>> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
>>>>> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://
>>>>> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
>>>>> 0:00:00.005
>>>>>
>>>>> --
>>>>> * Sufficiently advanced magic is indistinguishable from technology
>>>>> (T.P)  *
>>>>> *           PGP public key available @ http://www.iki.fi/
>>>>> killer           *
>>>>
>>>>
>>>
>>> --
>>> * Sufficiently advanced magic is indistinguishable from  
>>> technology (T.P
>>> )  *
>>> *           PGP public key available @ http://www.iki.fi/killer
>>> *
>>>
>>
>>
>>
>> -- 
>> met vriendelijke groet,
>> Harry Metske
>> Telnr. +31-548-512395
>> Mobile +31-6-51898081
>
> -- 
> * Sufficiently advanced magic is indistinguishable from technology  
> (T.P)  *
> *           PGP public key available @ http://www.iki.fi/ 
> killer           *


Mime
View raw message