OK, I think I found my problem. Among the differences I found between
vanilla JSPWiki and our local installation was the jspwiki.policy file.
The vanilla policy file has lines similar to this:
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "createPages";
Our modified policy file has this modification:
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"MyWiki:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"MyWiki:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"MyWiki", "createPages";
In other words, assuming we did this right in the context of JSPWiki
2.4, we made the wiki name explicit so that you could load two wikis
(with incompatible policies) into the same instance of Tomcat, and
keep the two policies from colliding in Tomcat's global security
policy space.
Changing the wiki name back to a wildcard seems to correct the
problem, and since we gave up running two wikis in the same Tomcat
instance (and JSPWiki 2,6 doesn't use global security policies
anyway), there no longer seems to be any need to use explicit wiki
names in (most parts of) the policy.
Other than maybe the Admin permission definitions, is there ever any
situation where it makes any sense at all to replace the * with the
name of your wiki?
On Feb 25, 2008, at 1:43 AM, Janne Jalkanen wrote:
Unfortunately, it cannot be turned off (without editing the
javascript). But what it requires is a view permission to your
wiki. How could your users be editing the wiki if they do not have
view permissions?
/Janne
On 25 Feb 2008, at 07:12, Steve Dahl wrote:
In both JSPWiki 2.6.0 and 2.6.1, I have users of our wiki who are
having problems with the plain page editor.
While editing in the plain editor, if you start a link using the
[ ] syntax, a list pops up showing all pages that match what
you've typed so far. For members of the Admin group, this looks
like an interesting feature. But for all other users of our wiki,
a dialog pops up saying something to the effect of "No permission
to use this AJAX method!".
It doesn't seem to matter which browser (so far tested on Firefox,
IE, and Safari). But it does matter whether the user is Admin or not.
This seems to only affect the plain editor. WikiWizard and FCK are
not causing problems for our users.
We're running JSPWiki in Tomcat 5.5, accessing it by way of
Apache2 in order to use HTTPS.
While we'd like to have a fix for this problem, we'd also like to
know whether there's a way to turn off that pop up list
altogether, especially if turning it off is much easier than
finding out why we're having problems with it.
Thanks.
