incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Holeczek <flor...@holeczek.de>
Subject Re: security configuration question
Date Sun, 17 Aug 2008 11:50:14 GMT
> I seem to recall that not too long ago these implied permissions were
> changed somewhat (because they caused too much confusion).  Maybe
> someone else closer to that (Andrew?) could comment.  In the meanwhile,
> just for grins, you might still try explicitly adding 'edit' and see if
> that changes your site's behavior.

Terry, you're right, this has been changed in v2.6. I've updated the
online documentation (it was only mentioned on NewIn2.6, nowhere
else).

It's working now, however not on all pages. LeftMenu and Main are the
only ones which aren't editable and I have no idea why.

Here's my current jspwiki.policy:
---
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
// alles bis auf delete
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view,edit,modify,comment,rename,upload";

// Gruppen ansehen, aber nur die ändern, in denen man Mitglied ist. Keine löschen.
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>",
"edit";

    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
};

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
---

Regards
 Florian


Mime
View raw message