incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske" <harry.met...@gmail.com>
Subject Re: Question: ACL and Tomcat Auth
Date Mon, 21 Jan 2008 19:48:53 GMT
We would need the jspwiki.policy file too I think, and preferably also the
jspwiki.log file, and the Security log. Also first try to run your wiki with
a higher (security) debug level. You can set the levels in the
jspwiki.properties file.

Harry


2008/1/21, Troll <jspwiki@webof.de>:
>
> Hi Harry, hi all!
>
> Harry Metske schrieb:
> > [..] Are you sure you are not JSPWiki Admin (have the role mentioned at
> the
> > bottom of jspwiki.policy) ?
> >
> I ve tried this now as an simple user without any adminrole, but I can
> still see the restricted page! :-(
>
> Now, I send you some more Infos and some lines of my files:
>
> Wikiversion: 2.6.0
>
>
> My WikiPage
>
> --------------------------------------------------------------------------------------
> [{ALLOW view Janne,Mike Morris}]
>
> Hi! Can you see this?
>
> --------------------------------------------------------------------------------------
>
> tomcat-user.xml:
>
> --------------------------------------------------------------------------------------
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
>   <role rolename="Admin"/>
>   <role rolename="user"/>
>   <user username="admin" password="admin" roles="Admin"/>
>   <user username="me" password="me" roles="user"/>
> </tomcat-users>
>
> --------------------------------------------------------------------------------------
>
>
> part of web.xml
>
> --------------------------------------------------------------------------------------
>    <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Administrative Area</web-resource-name>
>            <url-pattern>/Delete.jsp</url-pattern>
>        </web-resource-collection>
>        <auth-constraint>
>            <role-name>Admin</role-name>
>        </auth-constraint>
>    </security-constraint>
>
>    <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Authenticated area</web-resource-name>
>            <url-pattern>/Wiki.jsp</url-pattern>
>            <url-pattern>/Edit.jsp</url-pattern>
>            <url-pattern>/Comment.jsp</url-pattern>
>            <url-pattern>/Login.jsp</url-pattern>
>            <url-pattern>/NewGroup.jsp</url-pattern>
>            <url-pattern>/Rename.jsp</url-pattern>
>            <url-pattern>/Upload.jsp</url-pattern>
>            <http-method>DELETE</http-method>
>            <http-method>GET</http-method>
>            <http-method>HEAD</http-method>
>            <http-method>POST</http-method>
>            <http-method>PUT</http-method>
>        </web-resource-collection>
>
>        <web-resource-collection>
>            <web-resource-name>Read-only Area</web-resource-name>
>            <url-pattern>/attach</url-pattern>
>            <http-method>DELETE</http-method>
>            <http-method>POST</http-method>
>            <http-method>PUT</http-method>
>        </web-resource-collection>
>
>        <auth-constraint>
>            <role-name>Admin</role-name>
>            <role-name>user</role-name>
>        </auth-constraint>
>
>
>    </security-constraint>
>
>    <login-config>
> <!--
>        <auth-method>FORM</auth-method>
>        <form-login-config>
>            <form-login-page>/LoginForm.jsp</form-login-page>
>            <form-error-page>/LoginForm.jsp</form-error-page>
>        </form-login-config>
> -->
>        <auth-method>BASIC</auth-method>
>        <realm-name>Wiki Editor</realm-name>
>
>    </login-config>
>
>    <security-role>
>        <description>
>            This logical role includes all authenticated users
>        </description>
>        <role-name>user</role-name>
>    </security-role>
>
>    <security-role>
>        <description>
>            This logical role includes all administrative users
>        </description>
>        <role-name>Admin</role-name>
>    </security-role>
>
> --------------------------------------------------------------------------------------
>
> By the way: I add the pattern
>
>       <url-pattern>/Wiki.jsp</url-pattern>
>
> to the <web-resource-collection>, cause noone should have any access to
> this wiki. I hope this is ok?!
>
> If some one has any hint, I would very happy!
>
> Best
> Troll
>
> > Harry
> >
> >
> > 2008/1/21, Troll <jspwiki@webof.de>:
> >
> >> Hi All!
> >>
> >> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
> >> the lines at the end of web.xml file, created my own tomcat-users.xml
> >> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
> >> all fine.
> >>
> >> Now the question: is it possible to use the ACL features like
> >>
> >> [{ALLOW view Janne,Mike Morris}]
> >>
> >> with this tomcat auth-method? And if it will work, what is to do? Is
> >> there something I have to activate? I tried this statement above, but I
> >> regognize new changes: I can view my testpage, and that even though I m
> >> neither Janne nor Mike Morris ;-)
> >>
> >> Thanks for your help!
> >> Troll
> >>
> >>
> >
> >
> >
> >
>
>


-- 
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message