Alex O'Ree created JSPWIKI-1249:
-----------------------------------
Summary: Container based authentcation, can't get admin permissions
Key: JSPWIKI-1249
URL: https://issues.apache.org/jira/browse/JSPWIKI-1249
Project: JSPWiki
Issue Type: Bug
Reporter: Alex O'Ree
related to JSPWIKI-841 and JSPWIKI-1176 but this is different.
All attach all the configuration files and the branch i'm working on but
basically i have the following configuration
* Tomcat hosted JSPWiki
* Tomcat users xml file has the following groups
** wikiadmin
** wikiusers
* Tomcat users xml file has the following users
** jspadmin in wikiadmin,wikiusers
** jspuser in wikiusers
* JSPWiki web.xml
** set for HTTP_BASIC authentication
** the roles for Admin were all changed to wikiadmin
** the roles for Authenticated were changed to wikiuser
* JSPWiki Policy file was changed from AllPermsions: Admin to AllPermissions:
wikiadmin (which made no difference)
So my goal is to get admin privileges without using the "Admin" group/role by
renaming it. This has failed.
I've also added a new jspwiki property for providing an aliasing mechanism for
externally defined roles to the "Admin" jspwiki role. I can see it getting
attached to the user however i still not able to get the delete permission
anywhere.
This might be caused by the DefaultAuthorizationManager#allowedByLocalPolicy
which calls from jdk api but I can't seem to figure out what's going on here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
