[
https://issues.apache.org/jira/browse/JSPWIKI-1249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18040841#comment-18040841
]
Alex O'Ree commented on JSPWIKI-1249:
-------------------------------------
good news, i have a solution for this. Some minor code changes are required and
a bunch of documentation and how tos.
> Container based authentcation, can't get admin permissions
> ----------------------------------------------------------
>
> Key: JSPWIKI-1249
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1249
> Project: JSPWiki
> Issue Type: Bug
> Reporter: Alex O'Ree
> Priority: Major
>
> related to JSPWIKI-841 and JSPWIKI-1176 but this is different.
> All attach all the configuration files and the branch i'm working on but
> basically i have the following configuration
> * Tomcat hosted JSPWiki
> * Tomcat users xml file has the following groups
> ** wikiadmin
> ** wikiusers
> * Tomcat users xml file has the following users
> ** jspadmin in wikiadmin,wikiusers
> ** jspuser in wikiusers
> * JSPWiki web.xml
> ** set for HTTP_BASIC authentication
> ** the roles for Admin were all changed to wikiadmin
> ** the roles for Authenticated were changed to wikiuser
> * JSPWiki Policy file was changed from AllPermsions: Admin to
> AllPermissions: wikiadmin (which made no difference)
> So my goal is to get admin privileges without using the "Admin" group/role by
> renaming it. This has failed.
> I've also added a new jspwiki property for providing an aliasing mechanism
> for externally defined roles to the "Admin" jspwiki role. I can see it
> getting attached to the user however i still not able to get the delete
> permission anywhere.
>
> This might be caused by the DefaultAuthorizationManager#allowedByLocalPolicy
> which calls from jdk api but I can't seem to figure out what's going on here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
