incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrico Maria Carmona" <e.carm...@hsgerardo.org>
Subject R: Help - Authorization
Date Mon, 27 Apr 2009 12:19:12 GMT
Hi Luca

What about "Web Container Restrictions" section in SecurityConfig.jsp?
Does Authenticated (or Anonymous) role have Edit permission in web.xml?

Enrico



> -----Messaggio originale-----
> Da: lgilardoni61@gmail.com [mailto:lgilardoni61@gmail.com] 
> Inviato: lunedì 27 aprile 2009 11.23
> A: jspwiki-user@incubator.apache.org
> Oggetto: Help - Authorization
> 
> 
> Hi, I have a problem with authorization. What I'm trying to do:
> 
> 1) JSPWiki 2.8.1 (last patches - should be equiv to 2.8.2
> 2) Tomcat with web contaniner authorization and User/group db 
> - relying 
> on a third part user/group sets of tables - already cehcked 
> accessibles:
> INFO  [27 Apr 2009 11:11:20,843 
> com.ecyrd.jspwiki.auth.authorize.GroupManager:initialize@241]: 
> Authorizer GroupManager initialized successfully; loaded 10 group(s).
> 3) policy: any logged in user can see
> grant principal com.ecyrd.jspwiki.auth.authorize.Role 
> "Authenticated" {
>     permission 
> com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", 
> "view";
> };
> 4) one user from a container group (admin) and users from application 
> group WikiLexAdmin can do anything:
> 
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WikiLexAdmin" {
>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
>     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
> // note: cannot say grant principal 
> com.ecyrd.jspwiki.auth.authorize.Role "WikiLexAdmin" as this is NOT a 
> container group
> 
> 5) but only people in group WikiAuthor can modify:
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal 
> "WikiLexAuthor" {
>     permission 
> com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", 
> "modify,rename";
>     permission 
> com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", 
> "view";
>     permission 
> com.ecyrd.jspwiki.auth.permissions.WikiPermission "*:*", 
> "createPages";
> };
> 
> Now,  user from (container) group Admin can do  anything.  Users from 
> groups  WikiLexAdmin or WikiLexAuthor can only read - in spite, btw, 
> admin/SecurityConfig.jsp
> say everything should be ok:
> 
> Permission 	All 	Anonymous 	Asserted 	
> Authenticated 	WikiLexAdmin 
> Admin 	WikiLexAuthor
> v 	e 	m 	r 	d 	v 	e 	m 	
> r 	d 	v 	e 	m 	r 	d 	v 	
> e 	m 	r 	d 	v 	e 
> m 	r 	d 	v 	e 	m 	r 	d 	
> v 	e 	m 	r 	d
> PagePermission "WikiSandBox:Main" 	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	 
> PagePermission "WikiSandBox:Index" 	  	  	  	
>   	  	  	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	 
> PagePermission "WikiSandBox:GroupTest" 	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	 
> PagePermission "WikiSandBox:GroupAdmin" 	  	  	
>   	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	 
> GroupPermission "WikiSandBox:Admin" 	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	 
> GroupPermission "WikiSandBox:TestGroup" 	  	  	
>   	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	 
> GroupPermission "WikiSandBox:Foo" 	  	  	  	
>   	  	  	  	  	  
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  	  	  	
>   	  	  	  	  	  
>   	  	  	 
> WikiPermission "WikiSandBox","createGroups" 	  	  	
>   	  	  	  	 
> WikiPermission "WikiSandBox","createPages" 	  	  	
>   	  	  	  	 
> WikiPermission "WikiSandBox","login" 	  	  	  	
>   	  	  	 
> WikiPermission "WikiSandBox","editPreferences" 	  	
>   	  	  	  	  	 
> WikiPermission "WikiSandBox","editProfile" 	  	  	
>   	  	  	  	 
> AllPermission "WikiSandBox" 	  	  	  	  	
>   	  	 
> 
> 
> any idea of what could i'm doing wrong?
> 
> Any help appreciated.
> 
> Luca
> 


Mime
View raw message