incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kinicky <kini...@gmail.com>
Subject security configuration
Date Fri, 15 May 2009 18:47:56 GMT
Hi guys,

i'm trying to configure the permissions for my users, but i can't stop
receiving the "Forbidden - sorry but you are not allowed to do that" error.
This error always happen when i try to edit, comment some pages so i guess
is something with my web.xml... but i dont seeanything wrong with it.

my landscape: i'm using JSPWiki 2.8 with tomcat 6 authentication using
JNDIRealm and MS-AS.

*this is my policy.properties:*
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
    //permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
};

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
    //permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
    //permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
};

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};

*this is my server.xml from tomcat:*
      <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
              connectionURL="ldap://server:389"
              connectionName="user"
              connectionPassword="passw"
              referrals="follow"
              userBase="OU=Usuarios, OU=Cit, DC=cit"
              userSearch="(sAMAccountName={0})"

userSubtree="true"

      />

*and this is my web.xml*
  <security-constraint>
       <web-resource-collection>
           <web-resource-name>Administrative Area</web-resource-name>
           <url-pattern>/Delete.jsp</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>Admin</role-name>
       </auth-constraint>
       <user-data-constraint>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Authenticated area</web-resource-name>
           <url-pattern>/Edit.jsp</url-pattern>
           <url-pattern>/Comment.jsp</url-pattern>
           <url-pattern>/Login.jsp</url-pattern>
           <url-pattern>/NewGroup.jsp</url-pattern>
           <url-pattern>/Rename.jsp</url-pattern>
           <url-pattern>/Upload.jsp</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>HEAD</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <web-resource-collection>
           <web-resource-name>Read-only Area</web-resource-name>
           <url-pattern>/attach</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>

       <auth-constraint>
           <role-name>Admin</role-name>
           <role-name>Authenticated</role-name>
       </auth-constraint>

       <user-data-constraint>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
           <form-login-page>/LoginForm.jsp</form-login-page>
           <form-error-page>/LoginForm.jsp</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>
           This logical role includes all authenticated users
       </description>
       <role-name>Authenticated</role-name>
   </security-role>

   <security-role>
       <description>
           This logical role includes all administrative users
       </description>
       <role-name>Admin</role-name>
   </security-role>

</web-app>


i'll appreciate very much if someone can help me!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message