jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harry Metske <harry.met...@gmail.com>
Subject Re: Allow tag does not restrict access
Date Mon, 13 Apr 2009 19:41:31 GMT
Well,

you can find it here :
http://www.ecyrd.com/~jalkanen/JSPWiki/2.8.2/JSPWiki-2.8.2-bin.zip

Actually, we don't have a link to this on our Download page, shouldn't it be
there ?

Harry

2009/4/10 Carlson, Eric R <eric.carlson@kroger.com>

> Andrew,
>
>        I guess I'm confused - I'm running version 2.8.1, which I thought is
> the same version that has been out there since release...  The download page
> says it dates from 21-Nov-2008.   Are you referring to a different version,
> version 3?
>
>                                                Eric R. Carlson
>
> Eric.Carlson@kroger.com
>                                                         (513)-387-7739
>
>
> -----Original Message-----
> From: Andrew Jaquith [mailto:andrew.r.jaquith@gmail.com]
> Sent: Friday, April 10, 2009 12:49 PM
> To: jspwiki-user@incubator.apache.org
> Subject: Re: Allow tag does not restrict access
>
> Eric -- you've provided me with enough information to try to verify
> your issue. I'll try to do that over the next few days.
>
> In the meantime, could you try the latest nightly build, and see if it
> produces different results?
>
> Regards, Andrew
>
> On Fri, Apr 10, 2009 at 10:35 AM, Carlson, Eric R
> <eric.carlson@kroger.com> wrote:
> > I've been having the exact same problem, and haven't been making any
> headway on it, so I've gone over the FAQ to see if I can find the cause.
> >
> > First, I'm running JSPWiki 2.8.1.
> >
> > I have two user-ids I can access.   One is defined as an administrator,
> the second one isn't.  I was able to verify this by logging on to both of
> them, going into 'My Prefs', and clicking on the 'Profile' tab.  UserA shows
> : Roles - All, Authenticated; Groups - None.   UserB shows : Roles - All,
> Authenticated; Groups - Admin.
> >
> > I am not currently able to run the SecurityConfig.jsp application (see my
> other message), so I can't include the output here.
> >
> > I have enabled the security log, and set the logging level to DEBUG.
> While I see messages in the log each time I log in, I don't see any sort of
> messages in the security when I access a new page.  I'm not sure if I should
> expect to see such messages, but the FAQ says to check the security log, and
> I don't see anything there, other than logon messages.
> >
> > I've also cleared all cookies and temporary internet files, and still get
> the same problem.
> >
> > Here's what I have configured in jspwiki.policy :
> >
> > --------------------------------
> >
> > grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
> >    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "view";
> >    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
> >    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile"
> >    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> >  };
> >
> > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> > };
> >
> > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
> > };
> >
> > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
> >    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "modify,rename";
> >    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
> >    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
> >    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
> >  };
> >
> > grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
> >    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> > };
> >
> > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
> >    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> > };
> >
> > -------------------------------
> >
> >                                                Eric R. Carlson
> >
> Eric.Carlson@kroger.com
> >
> > -----Original Message-----
> > From: Harry Metske [mailto:harry.metske@gmail.com]
> > Sent: Friday, April 10, 2009 4:23 AM
> > To: jspwiki-user@incubator.apache.org; bhanu0608@yahoo.com
> > Subject: Re: Allow tag does not restrict access
> >
> > Since we get quite a few of these questions, I started a FAQ on
> > Authorization:
> >
> > http://www.jspwiki.org/wiki/FAQAuthorization
> >
> > feel free to add content........
> >
> > Harry
> >
> > 2009/4/9 Bhavani <bhanu0608@yahoo.com>
> >
> >> HI,
> >>
> >> We recently started implementing jspwiki. JAAS security is enabled and
> >> everything works fine. But I am not able to control access to page edits
> >> using the allow tag. Also everyone is able to edit the admin group. Even
> >> people who are not members of the group can edit the group. So please
> help
> >> me with the following questions.
> >>
> >> 1. What am I missing that the allow tag is not working as it should be ?
> >> 2. Is there a way to control non-members from editing the groups?
> >>
> >> -Bhavani
> >>
> >>
> >>
> >>
> >>
> >
> > This e-mail message, including any attachments, is for the sole use of
> the intended recipient(s) and may contain information that is confidential
> and protected by law from unauthorized disclosure. Any unauthorized review,
> use, disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message