Juan Pablo,
Thanks for responding. I tried your suggestion but it's still not
working. Below is my complete jspwiki.policy.
Thanks,
Gary
grant principal org.apache.wiki.auth.authorize.Role "All" {
permission org.apache.wiki.auth.permissions.PagePermission "*:*",
"view";
permission org.apache.wiki.auth.permissions.PagePermission
"*:LeftMenu/mylogo.png", "view";
permission org.apache.wiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission org.apache.wiki.auth.permissions.WikiPermission "*",
"editProfile";
permission org.apache.wiki.auth.permissions.WikiPermission "*",
"login";
};
// read-only for Anonymous users
grant principal org.apache.wiki.auth.authorize.Role "Anonymous" {
permission org.apache.wiki.auth.permissions.PagePermission "*:*",
"view";
};
// read-only for Asserted users
grant principal org.apache.wiki.auth.authorize.Role "Asserted" {
} permission org.apache.wiki.auth.permissions.PagePermission "*:*",
"view";
;
// read-only for Authenticated users
grant principal org.apache.wiki.auth.authorize.Role "Authenticated" {
permission org.apache.wiki.auth.permissions.PagePermission "*:*",
"view";
};
// Members of the group "RegisteredUsers" can create, edit and rename pages.
// They can also view all the groups.
grant principal org.apache.wiki.auth.GroupPrincipal "RegisteredUsers" {
permission org.apache.wiki.auth.permissions.PagePermission "*:*",
"modify,rename";
permission org.apache.wiki.auth.permissions.GroupPermission "*:*",
"view";
permission org.apache.wiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
permission org.apache.wiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
};
grant principal org.apache.wiki.auth.GroupPrincipal "Admin" {
permission org.apache.wiki.auth.permissions.AllPermission "*";
};
grant principal org.apache.wiki.auth.authorize.Role "Admin" {
permission org.apache.wiki.auth.permissions.AllPermission "*";
};
On 12/7/2020 6:00 AM, Juan Pablo Santos Rodríguez wrote:
Hi Gary,
inside JSPWiki, Attachments are considered a special type of Pages, so the
same policy rules & syntax should apply. In this case, the following
permission inside the anonymous role block should be enough:
permission org.apache.wiki.auth.permissions.PagePermission
"*:LeftMenu/mylogo.png", "view";
Also, LeftMenu usually is a page that should be shown to all users, so the
following permission, also inside the anonymous role block, should also do
the trick and allow anonymous view on both Page and Attachment:
permission org.apache.wiki.auth.permissions.PagePermission "*:LeftMenu",
"view";
HTH,
juan pablo
On Sat, Dec 5, 2020 at 6:20 PM Gary Kephart <gary_keph...@pobox.com> wrote:
I have a site that I've set up as read-only except for users who are in
a particular group. For the most part, that works well. What doesn't
seem to work is showing the site logo to users who are not logged in.
When I try to directly access
http://mysite.org/attach/LeftMenu/mylogo.png when logged off, I get the
Forbidden page, where it mentions "It is also possible that JSPWiki
cannot find its security policy, or that the policy is not configured
correctly. Either of these cases would cause JSPWiki to block access, too."
Is attachment policy different than page policy? Do you have to be able
to modify a page in order to view an attachment? What do I need to do to
fix this? I've read
https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki.Admin.Security and
don't see anything there that addresses this specifically.
Thanks,
Gary
