Security Policy for a Single User
---------------------------------
Key: JSPWIKI-345
URL: https://issues.apache.org/jira/browse/JSPWIKI-345
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Affects Versions: 2.6.3
Environment: Tomcat 6.0 on RHEL5.
Reporter: Paul Edelman
Priority: Minor
The procedure listed in
http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSecurity
regarding creating a security policy for an individual user does not appear to
work. After having followed the instructions several times we are unable to
grant specific access to an individual user in JSPWiki. To be certain that the
changes had taken affected we did restart the application between changes. We
are certain that the user existed and could login with other default
permissions. We even removed all other custom policies to see if they were in
conflict and added only the users policy. After attempting login for the given
user none of the permissions granted to them in the policy had effect. The
policy for the user was defined as such:
grant principal "Username" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view,
modify";
};
This is likely a matter of out dated documentation, or a misunderstanding of
how to grant the principal. We later added a group principal for a group
containing only the user and the permissions went into affect without any
problems. We would rather like to not have to create a user and user group for
each user we create that we want to give a special security policy to.
Thanks.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
