I have no console access to www.jspwiki.org, but if I do the same on my own wiki, I get the following in the log :
2007-11-25 14:55:42,142 [TP-Processor10] INFO com.ecyrd.jspwiki.WikiContextJSPWiki:/JSPWiki/Wiki.jsp JSPWiki: http://www.computerhok.nl/JSPWiki/Wiki.jsp - User 10.0.0.101 has no access - redirecting (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Perm Test","view")) Harry 2007/11/25, Kalle Kivimaa <[EMAIL PROTECTED]>: > > Yes, that is exactly what I'm trying to achieve. It would be nice to > see what the jspwiki.org logs say when an anonymous user tries to view > that page. > > "Harry Metske" <[EMAIL PROTECTED]> writes: > > > Do you mean something like this : > > > > http://www.jspwiki.org/wiki/PermTest > > > > This page has the following text, and is not viewable by anonymous > users: > > > > [{ALLOW edit metskem}] > > [{ALLOW view Asserted}] > > > > You should not be able to see the source of this page ! > > > > Harry > > > > 2007/11/25, Kalle Kivimaa <[EMAIL PROTECTED]>: > >> > >> Yes, because I want *most* of my wiki to be visible to everybody, and > >> I understood that an ACL takes precedence over the policy file. > >> > >> From http://doc.jspwiki.org/2.4/wiki/Security > >> "By default, wiki pages do not have access control lists. When a page > >> doesn't have an ACL, the default security policy for the page > >> applies." > >> > >> I read that as saying that the security policy is *only* used if there > >> is no ACL. > >> > >> Janne Jalkanen <[EMAIL PROTECTED]> writes: > >> > >> > Um. You're granting read permissions to Anonymous in your policy > file. > >> > > >> > /Janne > >> > > >> > On 25 Nov 2007, at 14:47, Kalle Kivimaa wrote: > >> > > >> >> OK, after finally getting my Tomcat to actually use the security > >> >> policy correctly, I still have the problem of the page ACL's not > being > >> >> used. The JAAS config file is loaded correctly, as is the policy > file > >> >> (policy file access restrictions work correctly). > >> >> > >> >> Any ideas what I'm doing wrong? > >> >> > >> >> Page header: > >> >> [{ALLOW view Asserted}] > >> >> > >> >> Policy file: > >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { > >> >> permission com.ecyrd.jspwiki.auth.permissions.PagePermission > >> >> "*:*", "view"; > >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission > >> >> "*", "editPreferences"; > >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission > >> >> "*", "editProfile"; > >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission > >> >> "*", "login"; > >> >> }; > >> >> > >> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { > >> >> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission > >> >> "*", "login"; > >> >> }; > >> >> > >> >> Log file: > >> >> 2007-11-25 14:42:58,883 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp > >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo null > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL > >> >> HttpRequest: returning guestSession() > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= > >> >> (null); target=TaloInfo > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp > >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - page=TaloInfo, ACL = > >> >> ALLOW view Asserted > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp > >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - Adding new acl entry > >> >> for view > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.auth.acl.DefaultAclManager kalle:/kalle/Wiki.jsp > >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: > >> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission > ","kalle:TaloInfo" > >> >> ,"view")) > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.parser.JSPWikiMarkupParser kalle:/kalle/Wiki.jsp > >> >> kalle:http://localhost:8180/kalle/Wiki.jsp - user = Asserted: > >> >> (("com.ecyrd.jspwiki.auth.permissions.PagePermission > ","kalle:TaloInfo" > >> >> ,"view")) > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiSession kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Looking up WikiSession for NULL > >> >> HttpRequest: returning guestSession() > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Creating WikiContext for session ID= > >> >> (null); target=TaloInfo > >> >> 2007-11-25 14:42:58,884 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiContext kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Do we need to log the user in? false > >> >> 2007-11-25 14:42:58,889 [http-8180-Processor22] DEBUG > >> >> com.ecyrd.jspwiki.WikiEngine kalle:/kalle/Wiki.jsp kalle:http:// > >> >> localhost:8180/kalle/Wiki.jsp - Page TaloInfo rendered, took > >> >> 0:00:00.005 > >> >> > >> >> -- > >> >> * Sufficiently advanced magic is indistinguishable from technology > >> >> (T.P) * > >> >> * PGP public key available @ http://www.iki.fi/ > >> >> killer * > >> > > >> > > >> > >> -- > >> * Sufficiently advanced magic is indistinguishable from technology (T.P > >> ) * > >> * PGP public key available @ http://www.iki.fi/killer > >> * > >> > > > > > > > > -- > > met vriendelijke groet, > > Harry Metske > > Telnr. +31-548-512395 > > Mobile +31-6-51898081 > > -- > * Sufficiently advanced magic is indistinguishable from technology (T.P > ) * > * PGP public key available @ http://www.iki.fi/killer > * > -- met vriendelijke groet, Harry Metske Telnr. +31-548-512395 Mobile +31-6-51898081
