jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joerg Meyer" <jme...@pts-consulting.jp>
Subject RE: Permissions
Date Wed, 26 Mar 2008 04:34:31 GMT
I am not sure if this will solve the problem, but we had a while ago a
double login issue as well.
Basicall when your wiki has two different "locations" then it will
occasionally require two logins.

The server our wiki is setup has several aliases but after the login the
wiki will relocate to its configuered location (jspwiki.properties). If
the domain/server name is different then the wiki requires a second
login.

i.e.
http://iruka/wiki login
Relocate to http://wiki/wiki
Have to login again

Hope this helps,
Joerg

-----Original Message-----
From: Derek Rothwell [mailto:derek@drothwell.co.uk] 
Sent: Sunday, March 23, 2008 4:24 AM
To: jspwiki-user@incubator.apache.org
Subject: Permissions

I want to set up permissions so that everybody has to log in to make any
changes, and to login for any revisions to be noted.

With the config below:

- when a user has a cookie, they can make a change, but then find it
isn't saved. The page revision is updated even though no change has been
made.
It's the page revision that's the problem.
- when a user has a cookie, JSPWiki detects who they are. They login and
find that they move to an "anonymous guest" state. They login a second
time and then they are properly asserted. It's the second login that's
the problem.

Please can you tell me how to correct this behaviour.

I'm using JSPWiki 2.6.1

Derek

// The first policy block is extremely loose, and unsuited for
public-facing wikis.
// Anonymous users are allowed to view, create, edit and comment on all
pages // (except group pages). Anonymous users can also register with
the wiki; // to edit their profile after registration, they must log in.
//
// Note: For Internet-facing wikis, you are strongly advised to remove
the // lines containing the "edit" and "createPages" permissions; this
will make // the wiki read-only for anonymous users.

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*",
"edit";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login"; };


// This next policy block is also pretty loose. It allows users who
claim to
// be someone (via their cookie) to view, create, edit and comment on
all
pages
// (except group pages). Anonymous users can also register with the
wiki;
// to edit their profile after registration, they must log in.

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*",
"edit";
//    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:*",
"view";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};


// Authenticated users can do most things: view, create, edit and 
// comment on all pages; upload files to existing ones; create and edit
// wiki groups; and rename existing pages. Authenticated users can
register
// with the wiki, edit their own profiles, and edit groups they create.

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};



Mime
View raw message