Yes, because I want *most* of my wiki to be visible to everybody, and I understood that an ACL takes precedence over the policy file.
>From http://doc.jspwiki.org/2.4/wiki/Security "By default, wiki pages do not have access control lists. When a page doesn't have an ACL, the default security policy for the page applies." I read that as saying that the security policy is *only* used if there is no ACL. Janne Jalkanen <[EMAIL PROTECTED]> writes: > Um. You're granting read permissions to Anonymous in your policy file. > > /Janne > > On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote: > >> OK, after finally getting my Tomcat to actually use the security >> policy correctly, I still have the problem of the page ACL's not being >> used. The JAAS config file is loaded correctly, as is the policy file >> (policy file access restrictions work correctly). >> >> Any ideas what I'm doing wrong? >> >> Page header: >> [{ALLOW view Asserted}] >> >> Policy file: >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission >> "*:*", "view"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> "*", "editPreferences"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> "*", "editProfile"; >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> "*", "login"; >> }; >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> "*", "login"; >> }; >> >> Log file: >> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL >> HttpRequest: returning guestSession() >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= >> (null); target=TaloInfo >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = >> ALLOW view Asserted >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry >> for view >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" >> ,"view")) >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" >> ,"view")) >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL >> HttpRequest: returning guestSession() >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= >> (null); target=TaloInfo >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG >> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http:// >> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took >> 0:00:00.005 >> >> -- >> * Sufficiently advanced magic is indistinguishable from technology >> (T.P) * >> * PGP public key available @ http://www.iki.fi/ >> killer * > > -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer *
