Yes, that is exactly what I'm trying to achieve. It would be nice to see what the jspwiki.org logs say when an anonymous user tries to view that page.
"Harry Metske" <[EMAIL PROTECTED]> writes: > Do you mean something like this : > > http://www.jspwiki.org/wiki/PermTest > > This page has the following text, and is not viewable by anonymous users: > > [{ALLOW edit metskem}] > [{ALLOW view Asserted}] > > You should not be able to see the source of this page ! > > Harry > > 2007/11/25, Kalle Kivimaa <[EMAIL PROTECTED]>: >> >> Yes, because I want *most* of my wiki to be visible to everybody, and >> I understood that an ACL takes precedence over the policy file. >> >> From http://doc.jspwiki.org/2.4/wiki/Security >> "By default, wiki pages do not have access control lists. When a page >> doesn't have an ACL, the default security policy for the page >> applies." >> >> I read that as saying that the security policy is *only* used if there >> is no ACL. >> >> Janne Jalkanen <[EMAIL PROTECTED]> writes: >> >> > Um. You're granting read permissions to Anonymous in your policy file. >> > >> > /Janne >> > >> > On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote: >> > >> >> OK, after finally getting my Tomcat to actually use the security >> >> policy correctly, I still have the problem of the page ACL's not being >> >> used. The JAAS config file is loaded correctly, as is the policy file >> >> (policy file access restrictions work correctly). >> >> >> >> Any ideas what I'm doing wrong? >> >> >> >> Page header: >> >> [{ALLOW view Asserted}] >> >> >> >> Policy file: >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { >> >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission >> >> "*:*", "view"; >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> >> "*", "editPreferences"; >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> >> "*", "editProfile"; >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> >> "*", "login"; >> >> }; >> >> >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission >> >> "*", "login"; >> >> }; >> >> >> >> Log file: >> >> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL >> >> HttpRequest: returning guestSession() >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= >> >> (null); target=TaloInfo >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = >> >> ALLOW view Asserted >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry >> >> for view >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: >> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" >> >> ,"view")) >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: >> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","kalle:TaloInfo" >> >> ,"view")) >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL >> >> HttpRequest: returning guestSession() >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= >> >> (null); target=TaloInfo >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false >> >> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG >> >> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http:// >> >> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took >> >> 0:00:00.005 >> >> >> >> -- >> >> * Sufficiently advanced magic is indistinguishable from technology >> >> (T.P) * >> >> * PGP public key available @ http://www.iki.fi/ >> >> killer * >> > >> > >> >> -- >> * Sufficiently advanced magic is indistinguishable from technology (T.P >> ) * >> * PGP public key available @ http://www.iki.fi/killer >> * >> > > > > -- > met vriendelijke groet, > Harry Metske > Telnr. +31-548-512395 > Mobile +31-6-51898081 -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer *
