incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Kivimaa <kalle.kivi...@iki.fi>
Subject Re: Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 13:10:24 GMT
Yes, because I want *most* of my wiki to be visible to everybody, and
I understood that an ACL takes precedence over the policy file.

>From http://doc.jspwiki.org/2.4/wiki/Security
"By default, wiki pages do not have access control lists. When a page
doesn't have an ACL, the default security policy for the page
applies."

I read that as saying that the security policy is *only* used if there
is no ACL.

Janne Jalkanen <Janne.Jalkanen@ecyrd.com> writes:

> Um. You're granting read permissions to Anonymous in your policy file.
>
> /Janne
>
> On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:
>
>> OK, after finally getting my Tomcat to actually use the security
>> policy correctly, I still have the problem of the page ACL's not being
>> used. The JAAS config file is loaded correctly, as is the policy file
>> (policy file access restrictions work correctly).
>>
>> Any ideas what I'm doing wrong?
>>
>> Page header:
>> [{ALLOW view Asserted}]
>>
>> Policy file:
>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
>>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:*", "view";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>> "*", "editPreferences";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>> "*", "editProfile";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>> "*", "login";
>> };
>>
>> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>> "*", "login";
>> };
>>
>> Log file:
>> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>> HttpRequest: returning guestSession()
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
>> (null); target=TaloInfo
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =
>> ALLOW view Asserted
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry
>> for view
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
>> ,"view"))
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
>> kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted:
>> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
>> ,"view"))
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
>> HttpRequest: returning guestSession()
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
>> (null); target=TaloInfo
>> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
>> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
>> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://
>> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
>> 0:00:00.005
>>
>> --
>> * Sufficiently advanced magic is indistinguishable from technology
>> (T.P)  *
>> *           PGP public key available @ http://www.iki.fi/
>> killer           *
>
>

-- 
* Sufficiently advanced magic is indistinguishable from technology (T.P)  *
*           PGP public key available @ http://www.iki.fi/killer           *

Mime
View raw message