Hi all,
I do not know differences between Tomcat releases but my be your
problem is like mine with WebSphere: in my environment the policy file
is ignored and everyone can do anything. Di you have the same problem?
Here is my solution.
In the class "org.apache.wiki.auth.Authorization.Manager.java" there
is the "checkStaticPermission" method who makes a
"AccessController.checkPermission(permission)" call.
WebSphere (as installed and tuned by IBM for my company) answers
ALWAYS "true" for Jspwiki permissions so the result is that everybody
can do anything.
I proposed my changes to this mailing list because I'm not familiar
with jra and team working :-( but I'm happy to partecipate if someone
will be so patient to teach me the steps.
Basically I added a new configuration variable (jspwiki.properties)
"JVMwideSecurity" normally set to "true" (false for my environment).
Then I modified the mentioned class (and
"org.apache.wiki.auth.SecurityVerifier.java" too) to skip the
"AccessController.checkPermission" method and go directly to the
"allowedByLocalPolicy" one.
Of course modified sources are available.
Hopeing to be helpful, regards,
Roberto Venturi
Christophe Dupriez <[email protected]> ha scritto:
Hi !
I am getting a bit mad trying to have a JSPWiki 2.8.4 instance
working perfectly under Tomcat 6 Win32 bits to work under Tomcat 7
Win64 bits, container managed authentication and roles assignment
(Waffle), recognizing the policies.
It behaves like if the jspwiki.policy was not taken into account at
all under Tomcat 7 Win64bits.
Does anyone knows something about:
1) Differences between Tomcat 6 and Tomcat 7 in term of
accessing policy files management?
2) Versions of JSPWiki that would take into account those differences?
3) Examples of good working configuration files?
Thanks!
Christophe
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
