Return-Path: Delivered-To: apmail-incubator-jspwiki-user-archive@locus.apache.org Received: (qmail 75420 invoked from network); 25 Nov 2007 12:58:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Nov 2007 12:58:35 -0000 Received: (qmail 8133 invoked by uid 500); 25 Nov 2007 12:58:22 -0000 Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org Received: (qmail 8122 invoked by uid 500); 25 Nov 2007 12:58:22 -0000 Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-user@incubator.apache.org Delivered-To: mailing list jspwiki-user@incubator.apache.org Delivered-To: moderator for jspwiki-user@incubator.apache.org Received: (qmail 1948 invoked by uid 99); 25 Nov 2007 12:47:46 -0000 X-ASF-Spam-Status: No, hits=2.7 required=10.0 tests=SPF_NEUTRAL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) X-Virus-Scanned: amavisd-new-snap at mailout1.bnsvcs.net From: Kalle Kivimaa To: jspwiki-user@incubator.apache.org Subject: Anonymous user can see ACL'd pages Organization: MikaVaan School of Flying References: <2DEDE6B1-5714-40A0-BACE-A0BA499220E1@ecyrd.com> X-Home-Page: http://kivimaa.fi/kalle Date: Sun, 25 Nov 2007 14:47:14 +0200 In-Reply-To: <2DEDE6B1-5714-40A0-BACE-A0BA499220E1@ecyrd.com> (Janne Jalkanen's message of "Sun, 25 Nov 2007 12:10:14 +0200") Message-ID: <87fxyuqyp9.fsf_-_@iki.fi> User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.21 (linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Virus-Checked: Checked by ClamAV on apache.org OK, after finally getting my Tomcat to actually use the security policy correctly, I still have the problem of the page ACL's not being used. The JAAS config file is loaded correctly, as is the policy file (policy file access restrictions work correctly). Any ideas what I'm doing wrong? Page header: [{ALLOW view Asserted}] Policy file: grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login"; }; grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login"; }; Log file: 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL HttpRequest: returning guestSession() 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=(null); target=TaloInfo 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = ALLOW view Asserted 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry for view 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view")) 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view")) 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL HttpRequest: returning guestSession() 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=(null); target=TaloInfo 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took 0:00:00.005 -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer *