Here is what I have changed:
------------------------------------------------------
jspwiki.policy: Commented out all the permissions for All, Ananymous and
Asserted roles and just kept the Admin and Authenticated roles.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
};
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
------------------------------------------------------
jspwiki.properties: Using a custom login module and enabled JAAS security:
jspwiki.loginModule.class =com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
jspwiki.security =jaas
------------------------------------------------------
web.xml: Added a filter and mappings for authenticating using SSO
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>com.hgst.wiki.sso.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>redirectUrl</param-name>
<param-value>/sso/wiki</param-value>
</init-param>
<init-param>
<param-name>logoutUrl</param-name>
<param-value>/portal/site/hiwire/template.LOGOUT/action.process/</param-value>
</init-param>
<init-param>
<param-name>hiwireUrl</param-name>
<param-value>/portal/site/hiwire</param-value>
</init-param>
</filter>
<filter-mapping >
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
------------------------------------------------------
The page I am trying to view has the following content:
[{ALLOW view Administrator}]
[{ALLOW edit Administrator}]
This is a wiki admin group.
------------------------------------------------------
Pls let me know if you need any other info.
-Bhavani
--- On Fri, 4/10/09, Janne Jalkanen <[email protected]> wrote:
From: Janne Jalkanen <[email protected]>
Subject: Re: Allow tag does not restrict access
To: [email protected]
Date: Friday, April 10, 2009, 1:14 PM
Can you please provide more information about your configuration?
What did you change from the stock setup?
/Janne
