incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Kivimaa <kalle.kivi...@iki.fi>
Subject Anonymous user can see ACL'd pages
Date Sun, 25 Nov 2007 12:47:14 GMT
OK, after finally getting my Tomcat to actually use the security
policy correctly, I still have the problem of the page ACL's not being
used. The JAAS config file is loaded correctly, as is the policy file
(policy file access restrictions work correctly).

Any ideas what I'm doing wrong?

Page header:
[{ALLOW view Asserted}]

Policy file:
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

Log file:
2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL HttpRequest:
returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser
kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = ALLOW
view Asserted
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry for
view
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser
kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp -   user = Asserted: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL HttpRequest:
returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took 0:00:00.005

-- 
* Sufficiently advanced magic is indistinguishable from technology (T.P)  *
*           PGP public key available @ http://www.iki.fi/killer           *

Mime
View raw message