incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: Permissions
Date Thu, 27 Mar 2008 18:20:38 GMT

Yupyup, that's a well-known issue which happens due to the browser  
security model: In your case machine called "wiki" has no access to  
the cookies from the machine "iruka", and therefore login must be  
done again (because there is no way to know that this is the same  
user).  There's no way around this - this is an important security  
feature of the browsers (you do *not* want your daily comic website  
to have access to your internet banking cookies... ;-)

/Janne

On 26 Mar 2008, at 06:34, Joerg Meyer wrote:
> I am not sure if this will solve the problem, but we had a while ago a
> double login issue as well.
> Basicall when your wiki has two different "locations" then it will
> occasionally require two logins.
>
> The server our wiki is setup has several aliases but after the  
> login the
> wiki will relocate to its configuered location  
> (jspwiki.properties). If
> the domain/server name is different then the wiki requires a second
> login.
>
> i.e.
> http://iruka/wiki login
> Relocate to http://wiki/wiki
> Have to login again
>
> Hope this helps,
> Joerg
>
> -----Original Message-----
> From: Derek Rothwell [mailto:derek@drothwell.co.uk]
> Sent: Sunday, March 23, 2008 4:24 AM
> To: jspwiki-user@incubator.apache.org
> Subject: Permissions
>
> I want to set up permissions so that everybody has to log in to  
> make any
> changes, and to login for any revisions to be noted.
>
> With the config below:
>
> - when a user has a cookie, they can make a change, but then find it
> isn't saved. The page revision is updated even though no change has  
> been
> made.
> It's the page revision that's the problem.
> - when a user has a cookie, JSPWiki detects who they are. They  
> login and
> find that they move to an "anonymous guest" state. They login a second
> time and then they are properly asserted. It's the second login that's
> the problem.
>
> Please can you tell me how to correct this behaviour.
>
> I'm using JSPWiki 2.6.1
>
> Derek
>
> // The first policy block is extremely loose, and unsuited for
> public-facing wikis.
> // Anonymous users are allowed to view, create, edit and comment on  
> all
> pages // (except group pages). Anonymous users can also register with
> the wiki; // to edit their profile after registration, they must  
> log in.
> //
> // Note: For Internet-facing wikis, you are strongly advised to remove
> the // lines containing the "edit" and "createPages" permissions; this
> will make // the wiki read-only for anonymous users.
>
> grant signedBy "jspwiki",
>   principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission  
> "*:*",
> "view";
> //    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
> "*:*",
> "edit";
> //    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*",
> "createPages";
> //    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*",
> "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login"; };
>
>
> // This next policy block is also pretty loose. It allows users who
> claim to
> // be someone (via their cookie) to view, create, edit and comment on
> all
> pages
> // (except group pages). Anonymous users can also register with the
> wiki;
> // to edit their profile after registration, they must log in.
>
> grant signedBy "jspwiki",
>   principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
> //    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
> "*:*",
> "edit";
> //    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:*",
> "view";
> //    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*",
> "createPages";
> //    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
> "*",
> "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
>
>
> // Authenticated users can do most things: view, create, edit and
> // comment on all pages; upload files to existing ones; create and  
> edit
> // wiki groups; and rename existing pages. Authenticated users can
> register
> // with the wiki, edit their own profiles, and edit groups they  
> create.
>
> grant signedBy "jspwiki",
>   principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission  
> "*:*",
> "modify,rename";
>     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission  
> "*:*",
> "view";
>     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
>


Mime
View raw message