incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "lgilardoni61@gmail.com" <lgilardon...@gmail.com>
Subject Re: RSS Feed issuse
Date Wed, 16 Mar 2011 13:15:21 GMT
  Not exactly.
Being forced by web.xml policy you cannot visit the site anonymously but 
you are instead forced to log in (as I assume you wish - otherwise where 
is the problem)
at the webapp (or container) level.
But the rss builder check internal jsp policies and see all pages 
accessibles, hence build the rss feed from all the pages.
Obviously you may wish also to protect at the application/container 
level also the rss feed itself, other than normal *.jsp urls

On 3/15/2011 6:08 PM, George, Kenneth V [NTK] wrote:
> So basically, if you are an anonymous user, you could still go through and view all content
of the wiki, regardless of authentication - correct?
>
> -----Original Message-----
> From: lgilardoni61@gmail.com [mailto:lgilardoni61@gmail.com]
> Sent: Tuesday, March 15, 2011 3:17 AM
> To: jspwiki-user@incubator.apache.org
> Subject: Re: RSS Feed issuse
>
>    This issue was already discussed a bit (see http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01752.html).
>
> However, i have a setup where the whole system is under access control, but with all
authenticated users allowed to see anything, and in this case I was able to manage my (and
likely your need):
>
> I setup forced authentication through web.xml and then defined the policy as following:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*", "view"; };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" { };
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>       permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:*", "view";
>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
>       permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
};
>
> Net effect is that tomcat manage and force authentication, but rss reader assume everything
is accessible ...
>
> Luca
>
> On 3/15/2011 8:42 AM, Florian Holeczek wrote:
>> Hi Kenneth,
>>
>> AFAIK this is not possible. Since the feed is public, it would leak protected information
otherwise. As long as the public is authorized to view a page, this one should show up in
the feed, too.
>>
>> Best regards
>>    Florian
>>
>>
>> ----- Ursprüngliche Mail -----
>> Von: "Kenneth V George [NTK]"<Kenneth.V.George@sprint.com>
>> An: jspwiki-user@incubator.apache.org
>> Gesendet: Montag, 14. März 2011 23:23:23
>> Betreff: RSS Feed issuse
>>
>> I have installed JSPWIKI 2.8.4 and setup RSS feeds.  The file was generated, BUT,
I am only getting updates on 2 pages (Main and About).  Neither of these is protected.  However,
I have made several changes to pages that ARE protected and these don't show up.  How do I
get these to show up since several people have VIEW/EDIT access to the pages and want to know
when things change?
>>
>> Thanks.
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information intended for the sole
use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.
>
>
> ________________________________
>
> This e-mail may contain Sprint Nextel proprietary information intended for the sole use
of the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.


Mime
View raw message