Thanks the replies. I understand the delays, as this is not my day job, probably much like the kind people on this list. I upgraded to 2.0.4 and I can now create publications wherein I restrict access to a select group of members. Overall, I think it was an improvement, though I couldn't find a prebuilt version. Unfortunately, after doing this, it sometimes tells me that user "lenya" doesn't have access to author a page. I don't recall doing anything to the lenya user. I'm not sure which XML file needs to be edited to restore lenya. (I'll switch to real users when I have something approaching decent). There's two main websites (publications), a public and a private. So far, the private one seems to work the way I want, it's just the public one that's giving me fits.
Below is what I have for subtree-policy.acml: <?xml version="1.0" encoding="UTF-8"?> <ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0"; ssl="false"> <ac:group id="editor"> <ac:role id="edit" method="grant" /> </ac:group> <ac:group id="reviewer"> <ac:role id="review" method="grant" /> </ac:group> <ac:group id="admin"> <ac:role id="admin" method="grant" /> </ac:group> <ac:group id="sitemanager"> <ac:role id="sitemanager" method="grant" /> </ac:group> <ac:world> <ac:role id="edit" method="deny" /> </ac:world> <ac:world> <ac:role id="sitemanager" method="deny" /> </ac:world> </ac:policy> Thanks, Ben On Fri, Oct 25, 2013 at 1:01 PM, florent andré < florent.andre-...@4sengines.com> wrote: > Hi, > > First, please forgive for the time to answer, my web/mail provider was > hacked a I lost my mail account. > > 1.2.5 is pretty old and I don't have so much knowledge on it. > > What I can suggest you is to mimic the configuration in the "authoring" > publication part that don't allow visitor to view the content. > > In 2.0.x version, deny access is done by don't give access more than deny > access. > > Exemple for authoring zone <ac:world><ac:role id="session" method="grant"/> > > ++ > > > On 10/17/2013 06:23 AM, Ben Pracht wrote: > >> I'm using a prebuilt Lenya 1.2.5. I'm trying to *not* have to write >> code to do this. >> >> I'm doing a non-public site for a local club in my area that I want to >> have members sign on before even seeing any content. I'd essentially >> like to deny the world, even localhost, unless they first authenticate. >> >> Below is what I'm working with. I'm sorry if I omitted anything, I just >> could not make sense of the security mechanism enough to know what's >> relevant. >> >> An example URL I'd like blocked is: >> http://localhost:8888/MembersOnly/live/Welcome.html >> >> >> lenya/pubs/MembersOnly/config/ac/policies/live/Welcome/ >> subtree-policy.acml >> lenya/pubs/MembersOnly/config/ac/policies/live/subtree-policy.acml >> lenya/pubs/MembersOnly/config/ac/policies/subtree-policy.acml >> >> Each of the above look like this: >> >> >> My ac.xconf looks like: >> >> <policy xmlns="http://apache.org/cocoon/lenya/ac/1.0";> >> >> <world> >> <role id="visit" method="deny"/> >> </world> >> >> </policy> >> >> <access-controller type="bypassable"> >> >> <accreditable-manager type="file"> >> <parameter name="directory" >> value="context:///lenya/pubs/MembersOnly/config/ac/passwd"/> >> >> <user-manager> >> <user-type class="org.apache.lenya.ac.file.FileUser" >> create-use-case="userAddUser">Local User</user-type> >> <!-- uncomment the following line if you want LDAP support --> >> <!-- <user-type class="org.apache.lenya.ac.ldap.LDAPUser" >> create-use-case="userAddUserLdap">LDAP User</user-type> --> >> </user-manager> >> </accreditable-manager> >> >> <policy-manager type="document"> >> <policy-manager type="file"> >> <parameter name="directory" >> value="context:///lenya/pubs/MembersOnly/config/ac/policies"/> >> </policy-manager> >> </policy-manager> >> >> <authorizer type="policy"/> >> >> <authorizer type="usecase"> >> <parameter name="configuration" >> value="context:///lenya/pubs/MembersOnly/config/ac/usecase- >> policies.xml"/> >> </authorizer> >> >> <authorizer type="workflow"/> >> >> </access-controller> >> >> ---------- Log file snippet ------- >> 24995 2013-10-12 00:31:35,383 [PoolThread-4] DEBUG >> lenya.ac.cache.get():161 - Caching object >> [org.apache.lenya.ac.impl.DefaultPolicy@65089d7] for further requests of >> [file:/C:/java/eclipse/ClubSoftware/Lenya/lenya/pubs/ >> MembersOnly/config/ac/policies/live/Welcome/subtree-policy.acml]. >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.policymanager.file.buildPolicy():149 - Policy exists: [true] >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.authorizer.policy.saveRoles():156 - Adding roles [ visit ] to >> request [org.apache.cocoon.environment.http.HttpRequest@2457c24c] >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.authorizer.policy.authorize():111 - Authorized: true >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():121 - Authorizer >> [org.apache.lenya.ac.impl.PolicyAuthorizer@6566aa35] returned [true] >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():108 - >> --------------------------------------------------------- >> >> 24996 2013-10-12 00:31:35,384 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():109 - Invoking >> authorizer [org.apache.lenya.cms.ac.usecase.UsecaseAuthorizer@26456721] >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.authorizer.usecase.authorize():104 - No usecase to authorize. >> Granting access. >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():121 - Authorizer >> [org.apache.lenya.cms.ac.usecase.UsecaseAuthorizer@26456721] returned >> [true] >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():108 - >> --------------------------------------------------------- >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():109 - Invoking >> authorizer [org.apache.lenya.cms.ac.workflow.WorkflowAuthorizer@7e1b0beb] >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.authorizer.workflow.authorize():69 - Authorizing workflow for >> event [null] >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():121 - Authorizer >> [org.apache.lenya.cms.ac.workflow.WorkflowAuthorizer@7e1b0beb] returned >> [true] >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():130 - >> ========================================================= >> >> 24997 2013-10-12 00:31:35,385 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():131 - Authorization >> complete, result: [true] >> >> 24998 2013-10-12 00:31:35,386 [PoolThread-4] DEBUG >> lenya.ac.accesscontroller.bypassable.authorize():132 - >> ========================================================= >> >> 24998 2013-10-12 00:31:35,386 [PoolThread-4] DEBUG >> sitemap.decommission():342 - ComponentFactory decommissioning instance >> of org.apache.lenya.cms.cocoon.acting.DelegatingAuthorizerAction. >> >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@lenya.apache.org > For additional commands, e-mail: user-h...@lenya.apache.org > >
