I want to set up permissions so that everybody has to log in to make any
changes, and to login for any revisions to be noted.
With the config below:
- when a user has a cookie, they can make a change, but then find it isn't
saved. The page revision is updated even though no change has been made.
It's the page revision that's the problem.
- when a user has a cookie, JSPWiki detects who they are. They login and
find that they move to an "anonymous guest" state. They login a second time
and then they are properly asserted. It's the second login that's the
problem.
Please can you tell me how to correct this behaviour.
I'm using JSPWiki 2.6.1
Derek
// The first policy block is extremely loose, and unsuited for public-facing
wikis.
// Anonymous users are allowed to view, create, edit and comment on all
pages
// (except group pages). Anonymous users can also register with the wiki;
// to edit their profile after registration, they must log in.
//
// Note: For Internet-facing wikis, you are strongly advised to remove the
// lines containing the "edit" and "createPages" permissions; this will make
// the wiki read-only for anonymous users.
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"edit";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};
// This next policy block is also pretty loose. It allows users who claim to
// be someone (via their cookie) to view, create, edit and comment on all
pages
// (except group pages). Anonymous users can also register with the wiki;
// to edit their profile after registration, they must log in.
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"edit";
// permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};
// Authenticated users can do most things: view, create, edit and
// comment on all pages; upload files to existing ones; create and edit
// wiki groups; and rename existing pages. Authenticated users can register
// with the wiki, edit their own profiles, and edit groups they create.
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};
