Return-Path: 
 <jspwiki-user-return-3068-apmail-incubator-jspwiki-user-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-jspwiki-user-archive@minotaur.apache.org
Delivered-To: apmail-incubator-jspwiki-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C5F3ED5D7
	for <apmail-incubator-jspwiki-user-archive@minotaur.apache.org>;
 Mon,  6 Aug 2012 14:46:56 +0000 (UTC)
Received: (qmail 19704 invoked by uid 500); 6 Aug 2012 14:46:56 -0000
Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org
Received: (qmail 19667 invoked by uid 500); 6 Aug 2012 14:46:56 -0000
Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:jspwiki-user-help@incubator.apache.org>
List-Unsubscribe: <mailto:jspwiki-user-unsubscribe@incubator.apache.org>
List-Post: <mailto:jspwiki-user@incubator.apache.org>
List-Id: <jspwiki-user.incubator.apache.org>
Reply-To: jspwiki-user@incubator.apache.org
Delivered-To: mailing list jspwiki-user@incubator.apache.org
Received: (qmail 19657 invoked by uid 99); 6 Aug 2012 14:46:56 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2012 14:46:56 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of juanpablo.santos@gmail.com
 designates 209.85.214.175 as permitted sender)
Received: from [209.85.214.175] (HELO mail-ob0-f175.google.com)
 (209.85.214.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2012 14:46:50 +0000
Received: by mail-ob0-f175.google.com with SMTP id 16so2347249obc.6
        for <multiple recipients>; Mon, 06 Aug 2012 07:46:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=HYWNuuHq1MB4967MLRx9Em+yBMy5yTlYlWX7o4/r80c=;
        b=oYYlOI2J2FLQJyxLIbBUUzTjXQ0ndCN+dYtvL9sVB96S8/kapRWPUvbhpJl2Phfj1r
         6B5c5OKEnqQ7vfkRWgmLOjn2XnjOvpXcTDUf95k5TFsYtA/wdRydGzHRnxFSjaEPi0vU
         X9Yc/QN3O1lhee+vm6fWr9V+dctX/CMgTDlPRaA6JlMLd7iNyVF/fIWm+TUIauSDTnbS
         gFSjMadYQOgMGvJeDwiv07ukYhbB0BIx8VfFlR7m7BJaTQ6XE2A1QHCyQ0IK3Kg/dlOl
         BqbUiUcIV18z7sOAJ1md3nOGxNQPywYxOIVpu/kodq7F1EdHoMDe8wS8vle9l3nLH3FP
         Dn9w==
MIME-Version: 1.0
Received: by 10.182.231.6 with SMTP id tc6mr19598270obc.63.1344264389809; Mon,
 06 Aug 2012 07:46:29 -0700 (PDT)
Received: by 10.76.124.108 with HTTP; Mon, 6 Aug 2012 07:46:29 -0700 (PDT)
In-Reply-To: <20120806162109.64303qk55xxpjfls@webmail.mercurio.it>
References: <20120806162109.64303qk55xxpjfls@webmail.mercurio.it>
Date: Mon, 6 Aug 2012 16:46:29 +0200
Message-ID: 
 <CAMufup586-cELPwqV3wmrj6P9cmbROHEvZ9NCK=X5qwxFoqPBg@mail.gmail.com>
Subject: Re: How to test if a permission is a Wikipermission
From: =?UTF-8?Q?Juan_Pablo_Santos_Rodr=C3=ADguez?=
 <juanpablo.santos@gmail.com>
To: jspwiki-user@incubator.apache.org
Cc: jspwiki-dev@incubator.apache.org
Content-Type: multipart/alternative; boundary=f46d0446312c7055af04c699f1c9

--f46d0446312c7055af04c699f1c9
Content-Type: text/plain; charset=UTF-8

Hello Roberto,

first apologies on not commenting on the previous e-mail. I've cc'ed
jspwiki-dev, which seems a more appropiate place to make this question.

I don't have the source right here but maybe you could check if permission
instanceof WikiPermission?

Also, don't know if you checked, but
http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay
give you some insights. I'll try to have a look at this, but seems to
me the appropiate way may go through developing your own JSPWiki
Authorizer. This way you could avoid patching "core" src and yet have your
own customized behaviour.

Regarding including source/patches/fixes, the best place is to file a JIRA,
see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept
contributions :-)


br,
juan pablo

On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <Roven@mercurio.it> wrote:

> Hi,
> another chapter of my "search of the holy grail" with JSPWiki & websphere
> security policies :-)
>
> --------------
> File: org.apache.auth.Authorization.**Manager.java
> Method: checkStaticPermission
> Code:
>         try
>         {
>             // Check the JVM-wide security policy first
>             AccessController.**checkPermission( permission );
>             return Boolean.TRUE;
>         }
>         catch( AccessControlException e )
> --------------
> the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in
> precedent email because it manages all "non wiki" permissions. So I need a
> test on "permission" to see if it's or not a "wiki permission".
> I'm trying substituting the statement with a "brutal" block as
> --------------
> String pName = permission.getName();
> if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("**
> Wiki"))
>                     return Boolean.TRUE;
> --------------
> And, it was time, here is the question: there is a "more nice" way to do
> the test?
>
> Tanks for your patience :-)
> Roberto
>
>
>
>
>
>
>
>
> --
> Messaggio inviato da WebMail - http://www.mercurio.it
> ------------------------------**-------------------------
>

--f46d0446312c7055af04c699f1c9--