Hi Luca What about "Web Container Restrictions" section in SecurityConfig.jsp? Does Authenticated (or Anonymous) role have Edit permission in web.xml?
Enrico > -----Messaggio originale----- > Da: [email protected] [mailto:[email protected]] > Inviato: lunedì 27 aprile 2009 11.23 > A: [email protected] > Oggetto: Help - Authorization > > > Hi, I have a problem with authorization. What I'm trying to do: > > 1) JSPWiki 2.8.1 (last patches - should be equiv to 2.8.2 > 2) Tomcat with web contaniner authorization and User/group db > - relying > on a third part user/group sets of tables - already cehcked > accessibles: > INFO [27 Apr 2009 11:11:20,843 > com.ecyrd.jspwiki.auth.authorize.GroupManager:initial...@241]: > Authorizer GroupManager initialized successfully; loaded 10 group(s). > 3) policy: any logged in user can see > grant principal com.ecyrd.jspwiki.auth.authorize.Role > "Authenticated" { > permission > com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", > "view"; > }; > 4) one user from a container group (admin) and users from application > group WikiLexAdmin can do anything: > > grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WikiLexAdmin" { > permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*"; > }; > grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" { > permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*"; > }; > // note: cannot say grant principal > com.ecyrd.jspwiki.auth.authorize.Role "WikiLexAdmin" as this is NOT a > container group > > 5) but only people in group WikiAuthor can modify: > grant principal com.ecyrd.jspwiki.auth.GroupPrincipal > "WikiLexAuthor" { > permission > com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", > "modify,rename"; > permission > com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", > "view"; > permission > com.ecyrd.jspwiki.auth.permissions.WikiPermission "*:*", > "createPages"; > }; > > Now, user from (container) group Admin can do anything. Users from > groups WikiLexAdmin or WikiLexAuthor can only read - in spite, btw, > admin/SecurityConfig.jsp > say everything should be ok: > > Permission All Anonymous Asserted > Authenticated WikiLexAdmin > Admin WikiLexAuthor > v e m r d v e m > r d v e m r d v > e m r d v e > m r d v e m r d > v e m r d > PagePermission "WikiSandBox:Main" > > > > > > PagePermission "WikiSandBox:Index" > > > > > PagePermission "WikiSandBox:GroupTest" > > > > > > PagePermission "WikiSandBox:GroupAdmin" > > > > > > GroupPermission "WikiSandBox:Admin" > > > > > > GroupPermission "WikiSandBox:TestGroup" > > > > > > GroupPermission "WikiSandBox:Foo" > > > > > > WikiPermission "WikiSandBox","createGroups" > > WikiPermission "WikiSandBox","createPages" > > WikiPermission "WikiSandBox","login" > > WikiPermission "WikiSandBox","editPreferences" > > WikiPermission "WikiSandBox","editProfile" > > AllPermission "WikiSandBox" > > > > any idea of what could i'm doing wrong? > > Any help appreciated. > > Luca >
