Hello Roberto, first apologies on not commenting on the previous e-mail. I've cc'ed jspwiki-dev, which seems a more appropiate place to make this question.
I don't have the source right here but maybe you could check if permission instanceof WikiPermission? Also, don't know if you checked, but http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay give you some insights. I'll try to have a look at this, but seems to me the appropiate way may go through developing your own JSPWiki Authorizer. This way you could avoid patching "core" src and yet have your own customized behaviour. Regarding including source/patches/fixes, the best place is to file a JIRA, see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept contributions :-) br, juan pablo On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <ro...@mercurio.it> wrote: > Hi, > another chapter of my "search of the holy grail" with JSPWiki & websphere > security policies :-) > > -------------- > File: org.apache.auth.Authorization.**Manager.java > Method: checkStaticPermission > Code: > try > { > // Check the JVM-wide security policy first > AccessController.**checkPermission( permission ); > return Boolean.TRUE; > } > catch( AccessControlException e ) > -------------- > the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in > precedent email because it manages all "non wiki" permissions. So I need a > test on "permission" to see if it's or not a "wiki permission". > I'm trying substituting the statement with a "brutal" block as > -------------- > String pName = permission.getName(); > if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("** > Wiki")) > return Boolean.TRUE; > -------------- > And, it was time, here is the question: there is a "more nice" way to do > the test? > > Tanks for your patience :-) > Roberto > > > > > > > > > -- > Messaggio inviato da WebMail - http://www.mercurio.it > ------------------------------**------------------------- >
