Help - Authorization

[lgilardon...@gmail.com]

Hi, I have a problem with authorization. What I'm trying to do:
1) JSPWiki 2.8.1 (last patches - should be equiv to 2.8.2
2) Tomcat with web contaniner authorization and User/group db - relying 
on a third part user/group sets of tables - already cehcked accessibles:
INFO  [27 Apr 2009 11:11:20,843 
com.ecyrd.jspwiki.auth.authorize.GroupManager:initial...@241]: 
Authorizer GroupManager initialized successfully; loaded 10 group(s).
3) policy: any logged in user can see
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", 
"view";
};
4) one user from a container group (admin) and users from application 
group WikiLexAdmin can do anything:

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WikiLexAdmin" {
   permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
   permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
// note: cannot say grant principal 
com.ecyrd.jspwiki.auth.authorize.Role "WikiLexAdmin" as this is NOT a 
container group

5) but only people in group WikiAuthor can modify:
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WikiLexAuthor" {
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", 
"modify,rename";
   permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", 
"view";
   permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*:*", 
"createPages";
};

Now,  user from (container) group Admin can do  anything.  Users from 
groups  WikiLexAdmin or WikiLexAuthor can only read - in spite, btw, 
admin/SecurityConfig.jsp
say everything should be ok:

Permission 	All 	Anonymous 	Asserted 	Authenticated 	WikiLexAdmin 
Admin 	WikiLexAuthor
v 	e 	m 	r 	d 	v 	e 	m 	r 	d 	v 	e 	m 	r 	d 	v 	e 	m 	r 	d 	v 	e 
m 	r 	d 	v 	e 	m 	r 	d 	v 	e 	m 	r 	d
PagePermission "WikiSandBox:Main" 	  	  	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	 
PagePermission "WikiSandBox:Index" 	  	  	  	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	 
PagePermission "WikiSandBox:GroupTest" 	  	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	  	 
PagePermission "WikiSandBox:GroupAdmin" 	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	  	  	 
GroupPermission "WikiSandBox:Admin" 	  	  	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	 
GroupPermission "WikiSandBox:TestGroup" 	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	  	  	 
GroupPermission "WikiSandBox:Foo" 	  	  	  	  	  	  	  	  	  
 	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  	  
 	  	  	 
WikiPermission "WikiSandBox","createGroups" 	  	  	  	  	  	  	 
WikiPermission "WikiSandBox","createPages" 	  	  	  	  	  	  	 
WikiPermission "WikiSandBox","login" 	  	  	  	  	  	  	 
WikiPermission "WikiSandBox","editPreferences" 	  	  	  	  	  	  	 
WikiPermission "WikiSandBox","editProfile" 	  	  	  	  	  	  	 
AllPermission "WikiSandBox" 	  	  	  	  	  	  	 


any idea of what could i'm doing wrong?

Any help appreciated.

Luca