Return-Path: X-Original-To: apmail-incubator-jspwiki-user-archive@minotaur.apache.org Delivered-To: apmail-incubator-jspwiki-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7AAA2D408 for ; Fri, 2 Nov 2012 10:32:20 +0000 (UTC) Received: (qmail 9177 invoked by uid 500); 2 Nov 2012 10:32:20 -0000 Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org Received: (qmail 7006 invoked by uid 500); 2 Nov 2012 10:32:14 -0000 Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-user@incubator.apache.org Delivered-To: mailing list jspwiki-user@incubator.apache.org Received: (qmail 6958 invoked by uid 99); 2 Nov 2012 10:32:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2012 10:32:13 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [195.246.221.32] (HELO webmail2.mercurio.it) (195.246.221.32) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2012 10:32:07 +0000 Received: by webmail2.mercurio.it (Postfix, from userid 33) id F1BF63BB3E; Fri, 2 Nov 2012 11:31:40 +0100 (CET) Received: from ( [unknown]) by webmail.mercurio.it (Horde Framework) with HTTP; Fri, 02 Nov 2012 11:31:40 +0100 Message-ID: <20121102113140.28374s61k0p9mhwk@webmail.mercurio.it> Date: Fri, 02 Nov 2012 11:31:40 +0100 From: Roberto Venturi To: jspwiki-user@incubator.apache.org, Christophe Dupriez Cc: "jspwiki-user@incubator.apache.org" Subject: Re: JSPWiki, jspwiki.policy, Tomcat 7 References: <56B844BD-74C3-4E0C-8156-FC3DCC5AED7F@poisoncentre.be> In-Reply-To: <56B844BD-74C3-4E0C-8156-FC3DCC5AED7F@poisoncentre.be> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.7) X-Virus-Checked: Checked by ClamAV on apache.org Hi all, I do not know differences between Tomcat releases but my be your problem is like mine with WebSphere: in my environment the policy file is ignored and everyone can do anything. Di you have the same problem? Here is my solution. In the class "org.apache.wiki.auth.Authorization.Manager.java" there is the "checkStaticPermission" method who makes a "AccessController.checkPermission(permission)" call. WebSphere (as installed and tuned by IBM for my company) answers ALWAYS "true" for Jspwiki permissions so the result is that everybody can do anything. I proposed my changes to this mailing list because I'm not familiar with jra and team working :-( but I'm happy to partecipate if someone will be so patient to teach me the steps. Basically I added a new configuration variable (jspwiki.properties) "JVMwideSecurity" normally set to "true" (false for my environment). Then I modified the mentioned class (and "org.apache.wiki.auth.SecurityVerifier.java" too) to skip the "AccessController.checkPermission" method and go directly to the "allowedByLocalPolicy" one. Of course modified sources are available. Hopeing to be helpful, regards, Roberto Venturi Christophe Dupriez ha scritto: > Hi ! > > I am getting a bit mad trying to have a JSPWiki 2.8.4 instance > working perfectly under Tomcat 6 Win32 bits to work under Tomcat 7 > Win64 bits, container managed authentication and roles assignment > (Waffle), recognizing the policies. > It behaves like if the jspwiki.policy was not taken into account at > all under Tomcat 7 Win64bits. > > Does anyone knows something about: > 1) Differences between Tomcat 6 and Tomcat 7 in term of > accessing policy files management? > 2) Versions of JSPWiki that would take into account those differences? > 3) Examples of good working configuration files? > > Thanks! > > Christophe -- Messaggio inviato da WebMail - http://www.mercurio.it -------------------------------------------------------