incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terry Steichen <te...@net-frame.com>
Subject Re: security configuration question
Date Fri, 15 Aug 2008 16:42:14 GMT
Don't you need to add a PagePermission=edit?

    (permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view,rename,edit";)




On Fri, 2008-08-15 at 18:20 +0200, Florian Holeczek wrote:

> Hi all,
> 
> I've just set up a public wiki which should only be accessible to
> authenticated users. However, every visitor should be able to sign in.
> He's then approved via the user creation workflow.
> 
> Protecting the wiki content from unauthenticated users works - but
> unfortunately, neither authenticated users nor the administrator can
> edit pages. Either there's no error message at all (meaning the page
> content simply won't be changed) or there's an error message "you're
> not allowed to do that.
> 
> Here's some part of my log:
> 
> > 2008-08-15 18:09:01,596 [httpSSLWorkerThread-8080-1] INFO
> > SecurityLog BNV-GZ Wiki:/Login.jsp BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/Login.jsp -
> > WikiSecurityEvent.LOGIN_AUTHENTICATED
> > [source=com.ecyrd.jspwiki.auth.AuthenticationManager@1af2bc,
> > princpal=com.ecyrd.jspwiki.auth.WikiPrincipal admin,
> > target=com.ecyrd.jspwiki.WikiSession@8f9a4f]
> > 2008-08-15 18:09:01,597 [httpSSLWorkerThread-8080-1] INFO JSPWiki
> > BNV-GZ Wiki:/Login.jsp BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/Login.jsp - Successfully
> > authenticated user admin (custom auth)
> > 2008-08-15 18:09:01,599 [httpSSLWorkerThread-8080-1] INFO JSPWiki
> > BNV-GZ Wiki:/Login.jsp BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/Login.jsp - Redirecting user to
> > http://wiki.bnv-gz.de:8080/wiki/Main
> > 2008-08-15 18:09:01,678 [httpSSLWorkerThread-8080-0] INFO
> > com.ecyrd.jspwiki.WikiServlet BNV-GZ Wiki:/wiki/Main BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/wiki/Main - Request for page: Main
> > 2008-08-15 18:09:06,810 [httpSSLWorkerThread-8080-1] INFO
> > com.ecyrd.jspwiki.WikiServlet BNV-GZ Wiki:/wiki/SandBox BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/wiki/SandBox - Request for page: SandBox
> > 2008-08-15 18:09:08,807 [httpSSLWorkerThread-8080-0] INFO JSPWiki
> > BNV-GZ Wiki:/Edit.jsp BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/Edit.jsp - Editing page SandBox.
> > User=Administrator, host=91.47.176.42
> > 2008-08-15 18:09:24,462 [httpSSLWorkerThread-8080-0] INFO JSPWiki
> > BNV-GZ Wiki:/Edit.jsp BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/Edit.jsp - Saving page SandBox.
> > User=Administrator, host=91.47.176.42
> > 2008-08-15 18:09:24,545 [httpSSLWorkerThread-8080-1] INFO
> > com.ecyrd.jspwiki.WikiServlet BNV-GZ Wiki:/wiki/SandBox BNV-GZ
> > Wiki:http://wiki.bnv-gz.de:8080/wiki/SandBox - Request for page: SandBox
> 
> This is my jspwiki.policy:
> ---
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
> };
> 
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> };
> 
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
> };
> 
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view,rename";
>     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
>     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>",
"edit";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
> };
> 
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
> ---
> 
> What am I doing wrong?
> Thanks in advance!
> 
> Best Regards
>  Florian

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message