JSPWiki security policies cannot express concepts like "allow access
to everything EXCEPT page X." What you will have to do is use ACLs on
pages that begin with "Private" to restrict access to the groups you
want.
Future versions of JSPWiki will have the concept of "spaces," which
will address this issue more gracefully.
Andrew
On May 29, 2008, at 11:04, Weijian Fang <[EMAIL PROTECTED]> wrote:
Hi,
I am using JSPWiki 2.6.2. I want to implement the following access
contorl policies:
1. anyone, either anonymous or authenticated, can view any page,
except pages whose names begin with "Private", e.g.,
"PrivateProjectInformation";
2. only users with proper roles can view or edit pages whose names
begin with "Private".
Policy 2 can be implemented if Policy 1 is not in place. It can be
done by putting the following into jspwiki.policy:
grant
principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Private*", "view";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Private*", "edit";
}
I don't know how to implement both policies at the same time. Any
suggestion? Thank you very much in advance!
Cheers,
Weijian
