Hi Harry, hi all!
Harry Metske schrieb:
> [..] Are you sure you are not JSPWiki Admin (have the role mentioned at the
> bottom of jspwiki.policy) ?
>
I ve tried this now as an simple user without any adminrole, but I can
still see the restricted page! :-(
Now, I send you some more Infos and some lines of my files:
Wikiversion: 2.6.0
My WikiPage
--------------------------------------------------------------------------------------
[{ALLOW view Janne,Mike Morris}]
Hi! Can you see this?
--------------------------------------------------------------------------------------
tomcat-user.xml:
--------------------------------------------------------------------------------------
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="Admin"/>
<role rolename="user"/>
<user username="admin" password="admin" roles="Admin"/>
<user username="me" password="me" roles="user"/>
</tomcat-users>
--------------------------------------------------------------------------------------
part of web.xml
--------------------------------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!--
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
-->
<auth-method>BASIC</auth-method>
<realm-name>Wiki Editor</realm-name>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>user</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
--------------------------------------------------------------------------------------
By the way: I add the pattern
<url-pattern>/Wiki.jsp</url-pattern>
to the <web-resource-collection>, cause noone should have any access to
this wiki. I hope this is ok?!
If some one has any hint, I would very happy!
Best
Troll
> Harry
>
>
> 2008/1/21, Troll <[EMAIL PROTECTED]>:
>
>> Hi All!
>>
>> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
>> the lines at the end of web.xml file, created my own tomcat-users.xml
>> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
>> all fine.
>>
>> Now the question: is it possible to use the ACL features like
>>
>> [{ALLOW view Janne,Mike Morris}]
>>
>> with this tomcat auth-method? And if it will work, what is to do? Is
>> there something I have to activate? I tried this statement above, but I
>> regognize new changes: I can view my testpage, and that even though I m
>> neither Janne nor Mike Morris ;-)
>>
>> Thanks for your help!
>> Troll
>>
>>
>
>
>
>
