incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlson, Eric R" <eric.carl...@kroger.com>
Subject RE: ALLOW tag not working properly
Date Thu, 12 Feb 2009 15:32:10 GMT
I was able to get the admin/SecurityConfig.jsp page working.  It gives me a ton of information
- more than I can easily digest at first glance.   I'll be happy to share it with anyone who
might be able to help, but I don't feel real comfortable sending the output to the mailing
list because of security concerns.   If nothing else, it doesn't appear to find any security
problems.

But I guess I'm a little confused about the way the [{ALLOW view userid}] functions.   Since
it is part of the JSPWiki page text, I would think it would have to be processed at the level
where the page is being viewed, not through the security setup.   The security setup would
decide whether a user is allowed to view or edit pages in general.   I would imagine that
the [{ALLOW view userid}] tag works after a user is attempting to pull up the page in question
- more at the JSPWiki level than at the security level.

                                                Eric R. Carlson
                                                        The Kroger Company

-----Original Message-----
From: Harry Metske [mailto:harry.metske@gmail.com]
Sent: Tuesday, February 10, 2009 12:25 PM
To: jspwiki-user@incubator.apache.org
Subject: Re: ALLOW tag not working properly

Maybe you can first check a couple of things :

Invoke the admin/SecurityConfig.jsp, it will tell you a lot about your
security settings.
(for that to work you need to set jspwiki-x.securityconfig.enable=true in
jspwiki.properties)

If that does not give any clue, you should increase debug level, you can set
this in jspwiki.properties (at the bottom), recycle the wiki, and see if the
log reveals the cause of the problem.

regards,
Harry

2009/2/10 Carlson, Eric R <eric.carlson@kroger.com>

> I'm running JSPWiki 2.8.1 under z/OS 1.9 with a pretty-much out-of-the-box
> implementation.   The only change I've made to the security settings is to
> limit page edits to authenticated users.
>
> I'm trying to limit access to certain pages by issuing the [{ALLOW edit
> userid}] and [{ALLOW view userid}] statements in the source, but they don't
> seem to be working at all.  Anybody can view or edit the page I create.
>  I've tried putting the statements at the beginning and the end of the page,
> but neither seems to make any difference.
>
> Any thoughts anybody might have would be greatly appreciated.
>
>                                                Eric Carlson
>                                                            The Kroger
> Company
>
>
>
> ________________________________
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain information that is confidential and
> protected by law from unauthorized disclosure. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
>

This e-mail message, including any attachments, is for the sole use of the intended recipient(s)
and may contain information that is confidential and protected by law from unauthorized disclosure.
Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy all copies of the
original message.
Mime
View raw message