incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murray Altheim <murra...@altheim.com>
Subject Re: Control access to page according to its name pattern
Date Thu, 29 May 2008 22:47:34 GMT
Andrew Jaquith wrote:
> JSPWiki security policies cannot express concepts like "allow access to 
> everything EXCEPT page X." What you will have to do is use ACLs on pages 
> that begin with "Private" to restrict access to the groups you want.
> 
> Future versions of JSPWiki will have the concept of "spaces," which will 
> address this issue more gracefully.

Andrew,

This got me thinking and while I don't have the time to do the work
I can see a somewhat simple solution to this via a plugin. What I'd
do is design a plugin that:

   (a) contained a method that returned a set of pages based upon
       a regex matching of page name
   (b) set the ACLs of those pages to a parameter supplied by the
       plugin, since from the plugin one has access to the
       AuthorizationManager and AuthenticationManager.
   (c) was somehow constricted by authorisation, etc. so that it
       couldn't be abused. Conflicts between multiple instances of
       the plugin would have to be mitigated somehow.

Most of the above doesn't seem too difficult. The hard part would be
(c), keeping this from being abusedm and solving conflicts.

Any ideas further to this? Seems like a possibility anyway...

Murray

> On May 29, 2008, at 11:04, Weijian Fang <wf@ecs.soton.ac.uk> wrote:
> 
>> Hi,
>>
>> I am using JSPWiki 2.6.2. I want to implement the following access
>> contorl policies:
>>
>> 1. anyone, either anonymous or authenticated, can view any page,
>> except pages whose names begin with "Private", e.g.,
>> "PrivateProjectInformation";
>>
>> 2. only users with proper roles can view or edit pages whose names
>> begin with "Private".
>>
>> Policy 2 can be implemented if Policy 1 is not in place. It can be
>> done by putting the following into jspwiki.policy:
>>
>> grant
>>  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:Private*", "view";
>>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:Private*", "edit";
>> }
>>
>> I don't know how to implement both policies at the same time. Any
>> suggestion? Thank you very much in advance!
>>
>> Cheers,
>>
>> Weijian

...........................................................................
Murray Altheim <murray07 at altheim.com>                           ===  = =
http://www.altheim.com/murray/                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record

Mime
View raw message