incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 13:03:40 GMT

Um. You're granting read permissions to Anonymous in your policy file.

/Janne

On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:

> OK, after finally getting my Tomcat to actually use the security
> policy correctly, I still have the problem of the page ACL's not being
> used. The JAAS config file is loaded correctly, as is the policy file
> (policy file access restrictions work correctly).
>
> Any ideas what I'm doing wrong?
>
> Page header:
> [{ALLOW view Asserted}]
>
> Policy file:
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission  
> "*:*", "view";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*", "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*", "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*", "login";
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*", "login";
> };
>
> Log file:
> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp  
> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL  
> HttpRequest: returning guestSession()
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= 
> (null); target=TaloInfo
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp  
> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =  
> ALLOW view Asserted
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp  
> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry  
> for view
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp  
> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:  
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" 
> ,"view"))
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp  
> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:  
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" 
> ,"view"))
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL  
> HttpRequest: returning guestSession()
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= 
> (null); target=TaloInfo
> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG  
> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http:// 
> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took  
> 0:00:00.005
>
> -- 
> * Sufficiently advanced magic is indistinguishable from technology  
> (T.P)  *
> *           PGP public key available @ http://www.iki.fi/ 
> killer           *


Mime
View raw message