Um. You're granting read permissions to Anonymous in your policy file.
/Janne
On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote:
OK, after finally getting my Tomcat to actually use the security
policy correctly, I still have the problem of the page ACL's not being
used. The JAAS config file is loaded correctly, as is the policy file
(policy file access restrictions work correctly).
Any ideas what I'm doing wrong?
Page header:
[{ALLOW view Asserted}]
Policy file:
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "login";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "login";
};
Log file:
2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
HttpRequest: returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL =
ALLOW view Asserted
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry
for view
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
,"view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp
kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo"
,"view"))
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL
HttpRequest: returning guestSession()
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID=
(null); target=TaloInfo
2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false
2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG
com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http://
localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took
0:00:00.005
--
* Sufficiently advanced magic is indistinguishable from technology
(T.P) *
* PGP public key available @ http://www.iki.fi/
killer *
