No I didn't, thanks Dirk that's exactly what I was looking for :-) -- Christian Rösch http://www.icongmbh.de Application Development icon Systemhaus GmbH Tel. +49(711)806098-0 Sophienstrasse 40 70178 Stuttgart Fax. +49(711)806098-299
Geschäftsführer: Uwe Seltmann HRB Stuttgart 17655 USt-IdNr.: DE 811944121 ++++++++++++++++++++++++++++++++++++++++++ Wir ziehen um! Ab 1.8 finden Sie uns hier: Hauptstätter Straße 70, 70178 Stuttgart Telefonisch erreichen Sie uns wie gewohnt! ++++++++++++++++++++++++++++++++++++++++++ -----Ursprüngliche Nachricht----- Von: Dirk Frederickx [mailto:[email protected]] Gesendet: Dienstag, 3. Juli 2012 21:54 An: [email protected] Betreff: Re: How to hide content for some users Did you check the standard If-plugin ? http://www.jspwiki.org/wiki/IfPlugin dirk On Tue, Jul 3, 2012 at 1:25 PM, Rösch, Christian < [email protected]> wrote: > Hello Foster, > > yes that seems tob e what I'm looking for. > So does it work already with JSPWiki 2.8? > > If not I'll have a look at it and see if I could adapt it to the > newest version of JSPWiki. > > > > -- > Christian Rösch http://www.icongmbh.de > Application Development > icon Systemhaus GmbH Tel. +49(711)806098-0 > Sophienstraße 40 > 70178 Stuttgart Fax. +49(711)806098-299 > > Geschäftsführer: Uwe Seltmann > HRB Stuttgart 17655 > USt-IdNr.: DE 811944121 > > +++++++++++++++++++++++++++++++++++++++++ > icon Events: www.icongmbh.de/events.html > +++++++++++++++++++++++++++++++++++++++++ > > > -----Ursprüngliche Nachricht----- > Von: Foster Schucker [mailto:[email protected]] > Gesendet: Dienstag, 3. Juli 2012 13:09 > An: [email protected] > Betreff: Re: How to hide content for some users > > I had written a plugin that would allow partial page displays to be > shown, I think this is what you are looking for. > > If it is, let me know and I'll mail you the code. Its for a very old > version of JSPWiki, when the base went off on a different direction > for page auth it was too hard to fit into the new scheme. > > Foster > > -------- > AuthPlugin > > The purpose of the Auth Plugin is to allow page level security for > 2.0.x JSPWiki. It is an Authorization plugin, it uses Container > Managed Security < > http://localhost:8080/schucker/Wiki.jsp?page=ContainerManagedSecurity> > to perform the Authentication (and to help control access to some of > the JSP files) (Also see Auth Plugin Detail > <http://localhost:8080/schucker/Wiki.jsp?page=AuthPluginDetail>) (The > Auth Test <http://localhost:8080/schucker/Wiki.jsp?page=AuthTest> page > has some samples) > > [{Auth allow='admin' deny='Janne' edit='editor'}] > > > Parameters > > *allow* (optional)[1] > <http://localhost:8080/schucker/Wiki.jsp?page=AuthPlugin#ref-AuthPlugin-1> > a list of user names and/or roles that have access to this page[1] > < > http://localhost:8080/schucker/Wiki.jsp?page=AuthPlugin#ref-AuthPlugin-1>. > > > *deny* (optional) > a list of user names and/or roles that should be denied access to > this page > > *edit* (optional) > a list of user names and/or roles that have edit access to this > page > > In the example given, everyone in the admin group has access, except > for Janne and those people that have the 'editor' role can edit this page. > > ---------------------------------------------------------------------- > -- > > > How to use it > > There are two different ways to use Auth. First is to control the > viewing of a block of text inside of a page: > > Everyone will see this text > [{Auth allow='editor' > > Only those people with ''editor'' roles will see this text }] This > text will also be seen by everyone. > > Only the text inside the body of the Auth plugin is controlled. The > plugin can be used any number of times on a page. (Plugins can be > nested, so you can do: > > Everyone will see this text > [{Auth allow='editor' > > Only those people with ''editor'' roles will see this text [{Auth > allow='admin' > > Only those people with ''editor'' and ''admin'' roles will see this > text }] Only ''editors'' will see this line }] This text will also be > seen by everyone. > > (A common error is not having the blank line after the Auth plugin and > not having matched plugin closes) > > The second way is to control access to the entire page. > > [{Auth allow='ATeam' deny='BA' edit='ATeam'}] > > Plane trip for next week is on, I love it when a plan comes together! > > Everyone on the ATeam except for BA can see this page, and all of the > ATeam can edit this page. > ---------------------------------------------------------------------- > -- > > > How it works > > Auth Plugin -- Simply it takes the parameters passed and looks in the > user and role list to see if they match[2] > <http://localhost:8080/schucker/Wiki.jsp?page=AuthPlugin#ref-AuthPlugi > n-2 > >: > > if (checkthisguy.isEqualIgnoreCase(request.getRemoteUser()) {..} if > (req.isUserInRole(checkthisguy)) {..} > > If there is not a match for the allow a AssertionError("Not allowed to > see this page") is thrown. This error is caught by the upper most > layer of the container, and it will produce an error page with this > message on it. (Tested with Resin and Weblogic, your container may or > may not work) > > If the user is allowed to view the page then an entry is also made in > the session variable *pageview*. A similar entry is made in *pageedit* > if they can edit the page. > > In most cases the user will not be able to click on the /Edit this > page/ link since if they can's see the page, they are looking at an > error page that does not have a link on it. > > While */Security through Obscurity/* works for some, some users may > elect to put the entire URL in by hand. To protect against this you > will need to edit your Edit.jsp file to check and see if they are > allowed to edit this file. And while you are at it, you should also > change the Diff.jsp and PageInfo.jsp files. > > Finally, things like Recent Changes will still find the /hidden/ pages > for a user. This means that they will know there is a page called > *TopSecretPlans* even though they can't view it. If this is a concern > to you, you can do one of two things: > > 1. Call your /hidden/ pages something like *Hidden_TopSecretPlans* and > change your Recent Changes to ignore files that start with Hidden_. > 2. Use the new 2.1 Wiki with the full featured Authorization And > Authentication. > > ---------------------------------------------------------------------- > -- > > > Disclaimer > > This is how I do it, you may not get it to work without some (high) > level of effort on your part. I can try to help you, but plan to spend > some time, this is not just a plugin you can drop in and use -- > FosterSchucker > <http://localhost:8080/schucker/Wiki.jsp?page=FosterSchucker> > ---------------------------------------------------------------------- > -- > > > 3 August 2004 > > I've uploaded a new version that fixes a bug if there are many roles > in the list. I've also made it a static method and move all of the > null checking,wildcards,etc. into the method *userInList*. This allows > Auth to be safely called from other places (like tags, pages, etc.) > > I've uploaded the source to the Auth plugin and the source for > AuthTag, if you want a compiled version (jar file) let me know. > > New exposed method > > public static boolean userInList(HttpServletRequest request, String > accesslist, String username) > > sample call > > if (Auth.userInList(request,"editor,admin,superuser",null) { ... } > > Will check to see if this user is in any of those roles. > > TLD for AuthTag > > <tag> > <name>Auth</name> > <tagclass>com.ecyrd.jspwiki.tags.AuthTag</tagclass> > <bodycontent>JSP</bodycontent> > <attribute> > <name>allow</name> > <required>false</required> > </attribute> > <attribute> > <name>deny</name> > <required>false</required> > </attribute> > </tag> > > ---------------------------------------------------------------------- > -- [#1]The default in the code is to deny access to a page by default. > While the allow parameter is not /required/ it's a good idea to have > it in there, you can make a page that no user can see. > [#2]The site Administrator is still responsible for putting the user, > password and role(s) into the system. > > Category Third Party Plugin > <http://localhost:8080/schucker/Wiki.jsp?page=CategoryThirdPartyPlugin > > >
