Eric,Bhavani, could you also paste the relevant parts of the page you try to protect ? So basically the ALLOW tag you are using .
Harry 2009/4/10 Carlson, Eric R <[email protected]> > I've been having the exact same problem, and haven't been making any > headway on it, so I've gone over the FAQ to see if I can find the cause. > > First, I'm running JSPWiki 2.8.1. > > I have two user-ids I can access. One is defined as an administrator, the > second one isn't. I was able to verify this by logging on to both of them, > going into 'My Prefs', and clicking on the 'Profile' tab. UserA shows : > Roles - All, Authenticated; Groups - None. UserB shows : Roles - All, > Authenticated; Groups - Admin. > > I am not currently able to run the SecurityConfig.jsp application (see my > other message), so I can't include the output here. > > I have enabled the security log, and set the logging level to DEBUG. > While I see messages in the log each time I log in, I don't see any sort of > messages in the security when I access a new page. I'm not sure if I should > expect to see such messages, but the FAQ says to check the security log, and > I don't see anything there, other than logon messages. > > I've also cleared all cookies and temporary internet files, and still get > the same problem. > > Here's what I have configured in jspwiki.policy : > > -------------------------------- > > grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" { > permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", > "view"; > permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", > "editPreferences"; > permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", > "editProfile" > permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", > "login"; > }; > > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { > }; > > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" { > }; > > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" { > permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", > "modify,rename"; > permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", > "view"; > permission com.ecyrd.jspwiki.auth.permissions.GroupPermission > "*:<groupmember>", "edit"; > permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", > "createPages,createGroups"; > }; > > grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" { > permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*"; > }; > > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" { > permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*"; > }; > > ------------------------------- > > Eric R. Carlson > > [email protected] > > -----Original Message----- > From: Harry Metske [mailto:[email protected]] > Sent: Friday, April 10, 2009 4:23 AM > To: [email protected]; [email protected] > Subject: Re: Allow tag does not restrict access > > Since we get quite a few of these questions, I started a FAQ on > Authorization: > > http://www.jspwiki.org/wiki/FAQAuthorization > > feel free to add content........ > > Harry > > 2009/4/9 Bhavani <[email protected]> > > > HI, > > > > We recently started implementing jspwiki. JAAS security is enabled and > > everything works fine. But I am not able to control access to page edits > > using the allow tag. Also everyone is able to edit the admin group. Even > > people who are not members of the group can edit the group. So please > help > > me with the following questions. > > > > 1. What am I missing that the allow tag is not working as it should be ? > > 2. Is there a way to control non-members from editing the groups? > > > > -Bhavani > > > > > > > > > > > > This e-mail message, including any attachments, is for the sole use of the > intended recipient(s) and may contain information that is confidential and > protected by law from unauthorized disclosure. Any unauthorized review, use, > disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply e-mail and destroy all copies > of the original message. >
