Re: [Jspwiki-users] ACL not working

[Janne Jalkanen]

How does your "jspwiki.policy" file look like?  Also, where exactly  
is your JAAS configuration and how does it look like?

/Janne
On 15 Oct 2007, at 17:53, [EMAIL PROTECTED] wrote:

Hello,

I hope you can help me with the following problem. I already wrote  
some lines on http://www.jspwiki.org/wiki/ 
BugACLCommandsBeingIgnored (as albert, obviously we are already two  
with this prob), the ACL I add to my Wiki are not working. I  
startet with a fresh Wiki, version 2.4.102 deployed on IBM  
Websphere 6.0, only changed the config-file by pointing to the  
right directories. So I use the custom-login, but in my tests  
before I also used container-login-modules. So here is what I tried:

1. create a page with this ACL: [{ALLOW view lars}] [{ALLOW edit  
lars}]
2. try to view the page -> success (I thought I could only view it  
as user lars or as a member of the group lars)
3. try to edit it -> success

I tried the same with first login as lars, create a page with ACLs,  
login as dirk, access was granted.  Debugging showed me, the  
problem is: every user has the AllPermission in the  
AuthorizationManager. But why??

Here is some log (where you can see, that I get access as anonymous  
to a page with ACL allowing view only for lars):

INFO com.ecyrd.jspwiki.WikiEngine  -  
*******************************************
INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki 2.4.102 starting. Whee!
DEBUG com.ecyrd.jspwiki.event.WikiEventManager  - instantiated  
WikiEventManager
DEBUG com.ecyrd.jspwiki.WikiEngine  - Configuring WikiEngine...
INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki working directory is  
'C:\DOKUME~1\i007\LOKALE~1\Temp\\JSPWiki-1489787084'
DEBUG com.ecyrd.jspwiki.PageManager  - Page provider class:  
'com.ecyrd.jspwiki.providers.CachingProvider'
DEBUG com.ecyrd.jspwiki.PageManager  - Initializing page provider  
class [EMAIL PROTECTED]
DEBUG com.ecyrd.jspwiki.providers.CachingProvider  - Initing  
CachingProvider
DEBUG com.ecyrd.jspwiki.providers.CachingProvider  - Cache expiry  
period is 30 s
DEBUG com.ecyrd.jspwiki.providers.CachingProvider  - Cache capacity  
1000 pages.
DEBUG com.ecyrd.jspwiki.providers.CachingProvider  - Initializing  
real provider class  
[EMAIL PROTECTED]
DEBUG com.ecyrd.jspwiki.providers.AbstractFileProvider  - Initing  
FileSystemProvider
INFO com.ecyrd.jspwiki.providers.AbstractFileProvider  - Wikipages  
are read from 'c:/temp/jspwiki'
INFO com.ecyrd.jspwiki.plugin.PluginManager  - Registering plugins
INFO com.ecyrd.jspwiki.diff.DifferenceManager  - Using difference  
provider: TraditionalDiffProvider
DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider  -  
Initing CachingAttachmentProvider
DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider  -  
Initializing real provider class  
[EMAIL PROTECTED]
DEBUG com.ecyrd.jspwiki.WikiEngine  - Attempting to locate / 
filters.xml from class path.
INFO com.ecyrd.jspwiki.WikiEngine  - Cannot find property file for  
filters (this is okay, expected to find it as: '/filters.xml')
INFO com.ecyrd.jspwiki.render.RenderingManager  - Rendering content  
with com.ecyrd.jspwiki.render.XHTMLRenderer.
DEBUG com.ecyrd.jspwiki.search.SearchManager  - Loaded search  
provider [EMAIL PROTECTED]
INFO com.ecyrd.jspwiki.ui.EditorManager  - Registering editor modules
INFO com.ecyrd.jspwiki.auth.PolicyLoader  - Java security policy  
already set to: C:\daten\IBM\rad6\wiki\IdgJSPWikiWeb\WebContent\WEB- 
INF\jspwiki.policy. (Leaving it alone...)
INFO com.ecyrd.jspwiki.auth.PolicyLoader  - Found 'jspwiki.jks'  
from 'C:\daten\IBM\rad6\wiki\IdgJSPWikiWeb\WebContent\WEB-INF'.  If  
you are having permission issues after an upgrade, please make sure  
that this file matches the one that came with your distribution  
archive.
INFO com.ecyrd.jspwiki.auth.AuthenticationManager  - Checking JAAS  
configuration...
INFO com.ecyrd.jspwiki.auth.AuthenticationManager  - JAAS already  
configured by some other application (leaving it alone...)
INFO com.ecyrd.jspwiki.auth.AuthenticationManager  - Checking  
security policy configuration...
INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer  -  
Examining file:/C:/daten/IBM/rad6/wiki/IdgWikiWeb/WebContent/WEB- 
INF/web.xml
DEBUG com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer  -  
Processing web.xml at file:/C:/daten/IBM/rad6/wiki/IdgWikiWeb/ 
WebContent/WEB-INF/web.xml
DEBUG com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer  -  
Resolved systemID=http://java.sun.com/dtd/web-app_2_3.dtd using  
local file file:/C:/daten/IBM/rad6/wiki/IdgWikiWeb/WebContent/WEB- 
INF/dtd/web-app_2_3.dtd
INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer  -  
JSPWiki is using custom authentication.
INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer  -  
Authorizer WebContainerAuthorizer initialized successfully.
INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  - Attempting to  
load group database class  
com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase
ERROR com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  - XML  
group database property jspwiki.xmlGroupDatabaseFile not found;  
trying C:\daten\IBM\rad6\wiki\IdgWikiWeb\WebContent\WEB-INF 
\groupdatabase.xml
INFO com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  - XML group  
database at C:\daten\IBM\rad6\wiki\IdgWikiWeb\WebContent\WEB-INF 
\groupdatabase.xml
DEBUG com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  - Database  
successfully initialized
INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  - Group  
database initialized.
DEBUG com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  - Database  
successfully initialized
INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  - Authorizer  
GroupManager initialized successfully; loaded 0 group(s).
DEBUG com.ecyrd.jspwiki.providers.AbstractFileProvider  - Getting  
all pages...
DEBUG com.ecyrd.jspwiki.ReferenceManager  - Initializing new  
ReferenceManager with 2 initial pages.
INFO com.ecyrd.jspwiki.ReferenceManager  - Starting cross reference  
scan of WikiPages
INFO com.ecyrd.jspwiki.ReferenceManager  - Unable to unserialize  
old refmgr information, rebuilding database: C:\DOKUME~1\i007 
\LOKALE~1\Temp\JSPWiki-1489787084\refmgr.ser (Das Handle ist ungültig.
DEBUG com.ecyrd.jspwiki.WikiSession  - Looking up WikiSession for  
NULL HttpRequest: returning guestSession()
DEBUG com.ecyrd.jspwiki.WikiContext  - Creating WikiContext for  
session ID=(null); target=Main
DEBUG com.ecyrd.jspwiki.WikiContext  - Do we need to log the user  
in? false
INFO com.ecyrd.jspwiki.auth.UserManager  - Attempting to load user  
database class com.ecyrd.jspwiki.auth.user.XMLUserDatabase
ERROR com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - XML user  
database property jspwiki.xmlUserDatabaseFile not found; trying C: 
\daten\IBM\rad6\wiki\IdgWikiWeb\WebContent\WEB-INF\userdatabase.xml
INFO com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - XML user  
database at C:\daten\IBM\rad6\wiki\IdgWikiWeb\WebContent\WEB-INF 
\userdatabase.xml
DEBUG com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - Database  
successfully initialized
INFO com.ecyrd.jspwiki.auth.UserManager  - UserDatabase initialized.
DEBUG com.ecyrd.jspwiki.WikiSession  - Looking up WikiSession for  
NULL HttpRequest: returning guestSession()
DEBUG com.ecyrd.jspwiki.WikiContext  - Creating WikiContext for  
session ID=(null); target=Main
DEBUG com.ecyrd.jspwiki.WikiContext  - Do we need to log the user  
in? false
DEBUG com.ecyrd.jspwiki.WikiEngine  - Page Main rendered, took  
0:00:00.080
DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider  -  
Listing attachments for WikiPage [jspwiki:Main,ver=-1,mod=Mon Oct  
15 09:55:25 CEST 2007]
DEBUG com.ecyrd.jspwiki.WikiSession  - Looking up WikiSession for  
NULL HttpRequest: returning guestSession()
DEBUG com.ecyrd.jspwiki.WikiContext  - Creating WikiContext for  
session ID=(null); target=Test
DEBUG com.ecyrd.jspwiki.WikiContext  - Do we need to log the user  
in? false
DEBUG com.ecyrd.jspwiki.WikiEngine  - Page Test rendered, took  
0:00:00.010
DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider  -  
Listing attachments for WikiPage [jspwiki:Test,ver=-1,mod=Mon Oct  
15 09:55:57 CEST 2007]
DEBUG com.ecyrd.jspwiki.ReferenceManager  - serialization done -  
took 0:00:00.010
INFO com.ecyrd.jspwiki.ReferenceManager  - Cross reference scan  
done in 0:00:00.150
INFO com.ecyrd.jspwiki.WikiEngine  - WikiEngine configured.
INFO com.ecyrd.jspwiki.WikiEngine  - Root path for this Wiki is: 'C: 
\daten\IBM\rad6\wiki\IdgWikiWeb\WebContent'
INFO com.ecyrd.jspwiki.WikiServlet  - WikiServlet initialized.
DEBUG com.ecyrd.jspwiki.util.WatchDog jspwiki:/app/jspwiki/Wiki.jsp  
- WebContainer : 0: Entering state Filtering for URL /app/jspwiki/ 
Wiki.jsp, expected completion in 90 s
INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  - Starting up  
background thread: WatchDog for 'jspwiki'.
DEBUG com.ecyrd.jspwiki.WikiSession jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Looking up  
WikiSession for NULL HttpRequest: returning guestSession()
DEBUG com.ecyrd.jspwiki.WikiContext jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Creating  
WikiContext for session ID=(null); target=test
DEBUG com.ecyrd.jspwiki.WikiContext jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Do we need to  
log the user in? false
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - page=test, ACL = ALLOW view lars
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Adding new acl entry for view
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - page=test, ACL = ALLOW edit lars
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Adding to old acl list: [WikiPrincipal (loginName):  
lars], edit
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.auth.SessionMonitor jspwiki:/app/jspwiki/ 
Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
Looking up WikiSession for session ID=VYLoGH8wxOuU5aGun9I9Ruh...  
not found. Creating guestSession()
DEBUG com.ecyrd.jspwiki.WikiContext jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Creating  
WikiContext for session ID=VYLoGH8wxOuU5aGun9I9Ruh; target=test
DEBUG com.ecyrd.jspwiki.WikiContext jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Do we need to  
log the user in? true
DEBUG com.ecyrd.jspwiki.auth.SessionMonitor jspwiki:/app/jspwiki/ 
Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
Looking up WikiSession for session ID=VYLoGH8wxOuU5aGun9I9Ruh...  
found it
DEBUG com.ecyrd.jspwiki.auth.login.WebContainerLoginModule jspwiki:/ 
app/jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - No userPrincipal found for session  
ID=VYLoGH8wxOuU5aGun9I9Ruh
DEBUG com.ecyrd.jspwiki.auth.login.WebContainerLoginModule jspwiki:/ 
app/jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - No remoteUser found for session ID=VYLoGH8wxOuU5aGun9I9Ruh
DEBUG com.ecyrd.jspwiki.auth.login.AnonymousLoginModule jspwiki:/ 
app/jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Logged in session ID=VYLoGH8wxOuU5aGun9I9Ruh
DEBUG com.ecyrd.jspwiki.auth.login.AnonymousLoginModule jspwiki:/ 
app/jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Added Principals [WikiPrincipal (unspecified):  
127.0.0.1],Role.ANONYMOUS,Role.ALL
DEBUG com.ecyrd.jspwiki.auth.login.AbstractLoginModule jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Removed Principal Guest
DEBUG com.ecyrd.jspwiki.auth.login.AbstractLoginModule jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Committed Principal Anonymous
DEBUG com.ecyrd.jspwiki.auth.login.AbstractLoginModule jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Committed Principal 127.0.0.1
DEBUG com.ecyrd.jspwiki.auth.login.AbstractLoginModule jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Committed Principal All
DEBUG com.ecyrd.jspwiki.util.WatchDog jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
WebContainer : 0: Entering state Generating VIEW response for  
WikiPage [jspwiki:test,ver=-1,mod=Mon Oct 15 09:55:57 CEST 2007],  
expected completion in 60 s
DEBUG com.ecyrd.jspwiki.ui.TemplateManager jspwiki:/app/jspwiki/ 
Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
Listings skins from /templates/default/skins
DEBUG com.ecyrd.jspwiki.tags.WikiTagBase jspwiki:/app/jspwiki/ 
Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
Inserting page WikiPage [jspwiki:test,ver=-1,mod=Mon Oct 15  
09:55:57 CEST 2007]
DEBUG com.ecyrd.jspwiki.render.RenderingManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Re-rendering and storing test::-1
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - page=test, ACL = ALLOW view lars
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Adding to old acl list: [WikiPrincipal (loginName):  
lars], view
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - page=test, ACL = ALLOW edit lars
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp - Adding to old acl list: [WikiPrincipal (loginName):  
lars], edit
DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.parser.JSPWikiMarkupParser jspwiki:/app/ 
jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/jspwiki/ 
Wiki.jsp -   user = lars:  
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test"," 
view") 
("com.ecyrd.jspwiki.auth.permissions.PagePermission","jspwiki:test","e 
dit"))
DEBUG com.ecyrd.jspwiki.WikiEngine jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp - Page test  
rendered, took 0:00:00.000
DEBUG com.ecyrd.jspwiki.providers.CachingAttachmentProvider  
jspwiki:/app/jspwiki/Wiki.jsp jspwiki:http://localhost:29034/app/ 
jspwiki/Wiki.jsp - Listing attachments for WikiPage  
[jspwiki:test,ver=-1,mod=Mon Oct 15 09:55:57 CEST 2007]
DEBUG com.ecyrd.jspwiki.util.WatchDog  - Checking watchdog  
'WebContainer : 0'
DEBUG com.ecyrd.jspwiki.util.WatchDog jspwiki:/app/jspwiki/Wiki.jsp  
jspwiki:http://localhost:29034/app/jspwiki/Wiki.jsp -  
WebContainer : 0: Exiting state Generating VIEW response for  
WikiPage [jspwiki:test,ver=-1,mod=Mon Oct 15 09:55:57 CEST 2007]


I would be glad if you could help me, i'll become desperate! :-)

Thanks,
Dirk
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList

_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList