Enrico Maria Carmona ha scritto:
Hi Luca
What about "Web Container Restrictions" section in SecurityConfig.jsp?
Does Authenticated (or Anonymous) role have Edit permission in web.xml?
Enrico
That's odd indeed. I see:
Action Page Roles
Anonymous WikiLexAuthor * WikiLexAdmin Admin Authenticated
View pages /Wiki.jsp
Comment on existing pages /Comment.jsp
Edit pages /Edit.jsp
Upload attachments /Upload.jsp
Create a new group /NewGroup.jsp
Rename an existing page /Rename.jsp
Delete pages /Delete.jsp
Note that I removed admin/authenticated constraints, basically allowing
anyone to read, as any user in my case is web authenticated
and after that I need to have everyone with read access at least (I was
forced to do this as otherwise the rss in my case ended up always
empty ... but this was a check I completely forgot and possbly messing
up things - I will check)
<auth-constraint>
<!-- changed
<role-name>Admin</role-name>
<role-name>Authenticated</role-name>
-->
<role-name>*</role-name>
</auth-constraint>
Btw, by I found a workaround by using
com.ecyrd.jspwiki.auth.authorize.Role
after having added my Author group also to the web container groups (completely unuseful but making everything working).
-----Messaggio originale-----
Da: [email protected] [mailto:[email protected]]
Inviato: lunedì 27 aprile 2009 11.23
A: [email protected]
Oggetto: Help - Authorization
Hi, I have a problem with authorization. What I'm trying to do:
1) JSPWiki 2.8.1 (last patches - should be equiv to 2.8.2
2) Tomcat with web contaniner authorization and User/group db
- relying
on a third part user/group sets of tables - already cehcked
accessibles:
INFO [27 Apr 2009 11:11:20,843
com.ecyrd.jspwiki.auth.authorize.GroupManager:initial...@241]:
Authorizer GroupManager initialized successfully; loaded 10 group(s).
3) policy: any logged in user can see
grant principal com.ecyrd.jspwiki.auth.authorize.Role
"Authenticated" {
permission
com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
};
4) one user from a container group (admin) and users from application
group WikiLexAdmin can do anything:
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WikiLexAdmin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
// note: cannot say grant principal
com.ecyrd.jspwiki.auth.authorize.Role "WikiLexAdmin" as this is NOT a
container group
5) but only people in group WikiAuthor can modify:
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal
"WikiLexAuthor" {
permission
com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
permission
com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
permission
com.ecyrd.jspwiki.auth.permissions.WikiPermission "*:*",
"createPages";
};
Now, user from (container) group Admin can do anything. Users from
groups WikiLexAdmin or WikiLexAuthor can only read - in spite, btw,
admin/SecurityConfig.jsp
say everything should be ok:
Permission All Anonymous Asserted
Authenticated WikiLexAdmin
Admin WikiLexAuthor
v e m r d v e m
r d v e m r d v
e m r d v e
m r d v e m r d
v e m r d
PagePermission "WikiSandBox:Main"
PagePermission "WikiSandBox:Index"
PagePermission "WikiSandBox:GroupTest"
PagePermission "WikiSandBox:GroupAdmin"
GroupPermission "WikiSandBox:Admin"
GroupPermission "WikiSandBox:TestGroup"
GroupPermission "WikiSandBox:Foo"
WikiPermission "WikiSandBox","createGroups"
WikiPermission "WikiSandBox","createPages"
WikiPermission "WikiSandBox","login"
WikiPermission "WikiSandBox","editPreferences"
WikiPermission "WikiSandBox","editProfile"
AllPermission "WikiSandBox"
any idea of what could i'm doing wrong?
Any help appreciated.
Luca
