OK, after finally getting my Tomcat to actually use the security
policy correctly, I still have the problem of the page ACL's not being
used. The JAAS config file is loaded correctly, as is the policy file
(policy file access restrictions work correctly).
Any ideas what I'm doing wrong?
Page header:
[{ALLOW view Asserted}]
Policy file:
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
Log file:
2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?
false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
HttpRequest: returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session
ID=(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?
false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = ALLOW view
Asserted
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry for view
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo","view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
HttpRequest: returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session
ID=(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Do we need to log the user in?
false
2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
0:00:00.005
--
* Sufficiently advanced magic is indistinguishable from technology (T.P) *
* PGP public key available @ http://www.iki.fi/killer *
