incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George, Kenneth V [NTK]" <Kenneth.V.Geo...@sprint.com>
Subject RE: RSS Feed issuse
Date Wed, 16 Mar 2011 15:32:05 GMT
Hmmm...ok



So, here is my situation (I don't think RSS feed is not the way to go)



The Wiki needs to be protected because we deal with some sensitive information.  Some pages
are even further protected to allow view/edit only for specific individuals.  What is the
best way to communicate to only those individuals who have access to specific pages that changes
have been made?



To further complicate matters, the permissions are similar to this:



Main Page - Must Be Authenticated

   |

   |

   +---> Sub-Page - Specific Group Access

                 |

                 |

                 +---> Sub-sub page - Specific individual Access



Now, I have each of the authenticated people’s email address.  Is there a plug-in for this
or do I need to create one that will deliver page changes based on rights via email?



-----Original Message-----
From: lgilardoni61@gmail.com [mailto:lgilardoni61@gmail.com]
Sent: Wednesday, March 16, 2011 8:15 AM
To: jspwiki-user@incubator.apache.org; George, Kenneth V [NTK]
Subject: Re: RSS Feed issuse



  Not exactly.

Being forced by web.xml policy you cannot visit the site anonymously but you are instead forced
to log in (as I assume you wish - otherwise where is the problem) at the webapp (or container)
level.

But the rss builder check internal jsp policies and see all pages accessibles, hence build
the rss feed from all the pages.

Obviously you may wish also to protect at the application/container level also the rss feed
itself, other than normal *.jsp urls



On 3/15/2011 6:08 PM, George, Kenneth V [NTK] wrote:

> So basically, if you are an anonymous user, you could still go through and view all content
of the wiki, regardless of authentication - correct?

>

> -----Original Message-----

> From: lgilardoni61@gmail.com [mailto:lgilardoni61@gmail.com]

> Sent: Tuesday, March 15, 2011 3:17 AM

> To: jspwiki-user@incubator.apache.org

> Subject: Re: RSS Feed issuse

>

>    This issue was already discussed a bit (see http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg01752.html).

>

> However, i have a setup where the whole system is under access control, but with all
authenticated users allowed to see anything, and in this case I was able to manage my (and
likely your need):

>

> I setup forced authentication through web.xml and then defined the policy as following:

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {

> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",

> "view"; };

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" { };

>

> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {

>       permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";

>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission

> "*:*", "view";

>       permission com.ecyrd.jspwiki.auth.permissions.GroupPermission

> "*:<groupmember>", "edit";

>       permission com.ecyrd.jspwiki.auth.permissions.WikiPermission

> "*", "createPages,createGroups"; };

>

> Net effect is that tomcat manage and force authentication, but rss reader assume everything
is accessible ...

>

> Luca

>

> On 3/15/2011 8:42 AM, Florian Holeczek wrote:

>> Hi Kenneth,

>>

>> AFAIK this is not possible. Since the feed is public, it would leak protected information
otherwise. As long as the public is authorized to view a page, this one should show up in
the feed, too.

>>

>> Best regards

>>    Florian

>>

>>

>> ----- Ursprüngliche Mail -----

>> Von: "Kenneth V George [NTK]"<Kenneth.V.George@sprint.com>

>> An: jspwiki-user@incubator.apache.org

>> Gesendet: Montag, 14. März 2011 23:23:23

>> Betreff: RSS Feed issuse

>>

>> I have installed JSPWIKI 2.8.4 and setup RSS feeds.  The file was generated, BUT,
I am only getting updates on 2 pages (Main and About).  Neither of these is protected.  However,
I have made several changes to pages that ARE protected and these don't show up.  How do I
get these to show up since several people have VIEW/EDIT access to the pages and want to know
when things change?

>>

>> Thanks.

>>

>> ________________________________

>>

>> This e-mail may contain Sprint Nextel proprietary information intended for the sole
use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.

>

>

> ________________________________

>

> This e-mail may contain Sprint Nextel proprietary information intended for the sole use
of the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.





________________________________

This e-mail may contain Sprint Nextel proprietary information intended for the sole use of
the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message