incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harry Metske <harry.met...@gmail.com>
Subject Re: Allow tag does not restrict access
Date Fri, 10 Apr 2009 16:54:21 GMT
Eric,Bhavani,

could you also paste the relevant parts of the page you try to protect ?
So basically the ALLOW tag you are using .

Harry

2009/4/10 Carlson, Eric R <eric.carlson@kroger.com>

> I've been having the exact same problem, and haven't been making any
> headway on it, so I've gone over the FAQ to see if I can find the cause.
>
> First, I'm running JSPWiki 2.8.1.
>
> I have two user-ids I can access.   One is defined as an administrator, the
> second one isn't.  I was able to verify this by logging on to both of them,
> going into 'My Prefs', and clicking on the 'Profile' tab.  UserA shows :
> Roles - All, Authenticated; Groups - None.   UserB shows : Roles - All,
> Authenticated; Groups - Admin.
>
> I am not currently able to run the SecurityConfig.jsp application (see my
> other message), so I can't include the output here.
>
> I have enabled the security log, and set the logging level to DEBUG.
> While I see messages in the log each time I log in, I don't see any sort of
> messages in the security when I access a new page.  I'm not sure if I should
> expect to see such messages, but the FAQ says to check the security log, and
> I don't see anything there, other than logon messages.
>
> I've also cleared all cookies and temporary internet files, and still get
> the same problem.
>
> Here's what I have configured in jspwiki.policy :
>
> --------------------------------
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "view";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile"
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
>  };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify,rename";
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
>  };
>
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
>    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
>    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> };
>
> -------------------------------
>
>                                                Eric R. Carlson
>
> Eric.Carlson@kroger.com
>
> -----Original Message-----
> From: Harry Metske [mailto:harry.metske@gmail.com]
> Sent: Friday, April 10, 2009 4:23 AM
> To: jspwiki-user@incubator.apache.org; bhanu0608@yahoo.com
> Subject: Re: Allow tag does not restrict access
>
> Since we get quite a few of these questions, I started a FAQ on
> Authorization:
>
> http://www.jspwiki.org/wiki/FAQAuthorization
>
> feel free to add content........
>
> Harry
>
> 2009/4/9 Bhavani <bhanu0608@yahoo.com>
>
> > HI,
> >
> > We recently started implementing jspwiki. JAAS security is enabled and
> > everything works fine. But I am not able to control access to page edits
> > using the allow tag. Also everyone is able to edit the admin group. Even
> > people who are not members of the group can edit the group. So please
> help
> > me with the following questions.
> >
> > 1. What am I missing that the allow tag is not working as it should be ?
> > 2. Is there a way to control non-members from editing the groups?
> >
> > -Bhavani
> >
> >
> >
> >
> >
>
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain information that is confidential and
> protected by law from unauthorized disclosure. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message