Thanks for your ideas, Roberto! My error was that I forgot to add the JVM security options in the launch of the Tomcat7 service (Windows): now it works.
Have a nice w.e.! Christophe Dupriez Centre Antipoisons-Antigifcentrum C/o Hôpital Central de la Base Reine Astrid Rue Bruyn 1120 Bruxelles Belgique tel 32-(0)2.264.96.36 fax 32-(0)2.264.96.46 _____ From: Roberto Venturi [mailto:[email protected]] To: [email protected], Christophe Dupriez [mailto:[email protected]] Cc: [email protected] [mailto:[email protected]] Sent: Fri, 02 Nov 2012 11:31:40 +0100 Subject: Re: JSPWiki, jspwiki.policy, Tomcat 7 Hi all, I do not know differences between Tomcat releases but my be your problem is like mine with WebSphere: in my environment the policy file is ignored and everyone can do anything. Di you have the same problem? Here is my solution. In the class "org.apache.wiki.auth.Authorization.Manager.java" there is the "checkStaticPermission" method who makes a "AccessController.checkPermission(permission)" call. WebSphere (as installed and tuned by IBM for my company) answers ALWAYS "true" for Jspwiki permissions so the result is that everybody can do anything. I proposed my changes to this mailing list because I'm not familiar with jra and team working :-( but I'm happy to partecipate if someone will be so patient to teach me the steps. Basically I added a new configuration variable (jspwiki.properties) "JVMwideSecurity" normally set to "true" (false for my environment). Then I modified the mentioned class (and "org.apache.wiki.auth.SecurityVerifier.java" too) to skip the "AccessController.checkPermission" method and go directly to the "allowedByLocalPolicy" one. Of course modified sources are available. Hopeing to be helpful, regards, Roberto Venturi Christophe Dupriez <[email protected]> ha scritto: > Hi ! > > I am getting a bit mad trying to have a JSPWiki 2.8.4 instance > working perfectly under Tomcat 6 Win32 bits to work under Tomcat 7 > Win64 bits, container managed authentication and roles assignment > (Waffle), recognizing the policies. > It behaves like if the jspwiki.policy was not taken into account at > all under Tomcat 7 Win64bits. > > Does anyone knows something about: > 1) Differences between Tomcat 6 and Tomcat 7 in term of > accessing policy files management? > 2) Versions of JSPWiki that would take into account those differences? > 3) Examples of good working configuration files? > > Thanks! > > Christophe -- Messaggio inviato da WebMail - http://www.mercurio.it -------------------------------------------------------
