Re: jspwiki.policy does not work

Tue, 20 Nov 2007 04:18:05 -0800

I suspect you have another policy being loaded by your container, which takes precedence over that of JSPWiki. Check the logs to verify. 

Petr Tomasek wrote:

Hi,

I have made changes to my jspwiki.policy file, but it is not
reflected. I need to set my jspwiki v2.4.104 private for 3 users. I
have removed all privileges from Anonymous and Asserted roles. But it
is still not enough, as any anonymous user can view any page. What do
I need to do? Below is my policy:

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Main", "view";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:Main", "view";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*", "modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "Dogs
United Wiki";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "Dogs
United Wiki";
};

You can see my wiki at http://www.dogsunited.cz/wiki. As you can see,
anyone can edit LeftMenu. I can enforce the policy only by using ACL
declarations. However, when I use [{ALLOW edit Users}], I am not able
to edit that page then, even though I am member of Users group. Even
Admin user cannot edit that page. What's wrong?

Thanks,

Petr

Reply via email to