hmm..
not sure if <role-name>*</role-name> work.
You can try removing
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
from
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
the only elements needed here are /Delete.jsp and /Login.jsp:
(from http://doc.jspwiki.org/2.4/wiki/Security )
When JSPWiki starts up, it parses the JSPWiki's web application
descriptor (WEB-INF/web.xml)
and identifies whether certain constraints exist. Specifically, it checks
to see if
a logical role is required to access /Delete.jsp and Login.jsp.
If you have uncommented the <security-constraint> block, this will be
true,
and JSPWiki will conclude that is should use container authentication
instead of custom.
E.g. my web.xml is pretty loose and jspwiki.policy manage the permissions:
--------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>CONTAINER_WIKI_ADMIN_GROUP</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Login.jsp</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>CONTAINER_WIKI_ADMIN_GROUP</role-name>
<role-name>CONTAINER_USER</role-name>
</auth-constraint>
</security-constraint>
-------------------
> -----Messaggio originale-----
> Da: [email protected] [mailto:[email protected]]
> Inviato: lunedì 27 aprile 2009 14.51
> A: [email protected]
> Oggetto: Re: R: Help - Authorization
>
>
> Enrico Maria Carmona ha scritto:
> > Hi Luca
> >
> > What about "Web Container Restrictions" section in
> SecurityConfig.jsp?
> > Does Authenticated (or Anonymous) role have Edit permission
> in web.xml?
> >
> > Enrico
> >
> >
> That's odd indeed. I see:
> Action Page Roles
> Anonymous WikiLexAuthor * WikiLexAdmin Admin
> Authenticated
> View pages /Wiki.jsp
>
> Comment on existing pages /Comment.jsp
>
> Edit pages /Edit.jsp
>
> Upload attachments /Upload.jsp
>
> Create a new group /NewGroup.jsp
>
> Rename an existing page /Rename.jsp
>
> Delete pages /Delete.jsp
>
>
>
> Note that I removed admin/authenticated constraints,
> basically allowing
> anyone to read, as any user in my case is web authenticated
> and after that I need to have everyone with read access at
> least (I was
> forced to do this as otherwise the rss in my case ended up always
> empty ... but this was a check I completely forgot and
> possbly messing
> up things - I will check)
>
> <auth-constraint>
> <!-- changed
> <role-name>Admin</role-name>
> <role-name>Authenticated</role-name>
> -->
> <role-name>*</role-name>
> </auth-constraint>
>
> Btw, by I found a workaround by using
>
> com.ecyrd.jspwiki.auth.authorize.Role
>
> after having added my Author group also to the web container
> groups (completely unuseful but making everything working).
>
>
> >
> >
> >> -----Messaggio originale-----
> >> Da: [email protected] [mailto:[email protected]]
> >> Inviato: lunedì 27 aprile 2009 11.23
> >> A: [email protected]
> >> Oggetto: Help - Authorization
> >>
> >>
> >> Hi, I have a problem with authorization. What I'm trying to do:
> >>
> >> 1) JSPWiki 2.8.1 (last patches - should be equiv to 2.8.2
> >> 2) Tomcat with web contaniner authorization and User/group db
> >> - relying
> >> on a third part user/group sets of tables - already cehcked
> >> accessibles:
> >> INFO [27 Apr 2009 11:11:20,843
> >> com.ecyrd.jspwiki.auth.authorize.GroupManager:initial...@241]:
> >> Authorizer GroupManager initialized successfully; loaded
> 10 group(s).
> >> 3) policy: any logged in user can see
> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role
> >> "Authenticated" {
> >> permission
> >> com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> >> "view";
> >> };
> >> 4) one user from a container group (admin) and users from
> application
> >> group WikiLexAdmin can do anything:
> >>
> >> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal
> "WikiLexAdmin" {
> >> permission
> com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> >> };
> >> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
> >> permission
> com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
> >> };
> >> // note: cannot say grant principal
> >> com.ecyrd.jspwiki.auth.authorize.Role "WikiLexAdmin" as
> this is NOT a
> >> container group
> >>
> >> 5) but only people in group WikiAuthor can modify:
> >> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal
> >> "WikiLexAuthor" {
> >> permission
> >> com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> >> "modify,rename";
> >> permission
> >> com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> >> "view";
> >> permission
> >> com.ecyrd.jspwiki.auth.permissions.WikiPermission "*:*",
> >> "createPages";
> >> };
> >>
> >> Now, user from (container) group Admin can do anything.
> Users from
> >> groups WikiLexAdmin or WikiLexAuthor can only read - in
> spite, btw,
> >> admin/SecurityConfig.jsp
> >> say everything should be ok:
> >>
> >> Permission All Anonymous Asserted
> >> Authenticated WikiLexAdmin
> >> Admin WikiLexAuthor
> >> v e m r d v e m
> >> r d v e m r d v
> >> e m r d v e
> >> m r d v e m r d
> >> v e m r d
> >> PagePermission "WikiSandBox:Main"
> >>
> >>
> >>
> >>
> >>
> >> PagePermission "WikiSandBox:Index"
> >>
> >>
> >>
> >>
> >> PagePermission "WikiSandBox:GroupTest"
> >>
> >>
> >>
> >>
> >>
> >> PagePermission "WikiSandBox:GroupAdmin"
> >>
> >>
> >>
> >>
> >>
> >> GroupPermission "WikiSandBox:Admin"
> >>
> >>
> >>
> >>
> >>
> >> GroupPermission "WikiSandBox:TestGroup"
> >>
> >>
> >>
> >>
> >>
> >> GroupPermission "WikiSandBox:Foo"
> >>
> >>
> >>
> >>
> >>
> >> WikiPermission "WikiSandBox","createGroups"
> >>
> >> WikiPermission "WikiSandBox","createPages"
> >>
> >> WikiPermission "WikiSandBox","login"
> >>
> >> WikiPermission "WikiSandBox","editPreferences"
> >>
> >> WikiPermission "WikiSandBox","editProfile"
> >>
> >> AllPermission "WikiSandBox"
> >>
> >>
> >>
> >> any idea of what could i'm doing wrong?
> >>
> >> Any help appreciated.
> >>
> >> Luca
> >>
> >>
> >
> >
>
>
