Re: [Jspwiki-users] Limiting permissions with jspwiki.policy

Fri, 06 Jul 2007 11:41:14 -0700 

Tim,
You are half-right. Group permissions do not apply unless a person is authenticated. So, both permission blocks would apply because a user for who is considered to be part of "PUBLIC" is, by definition, also authenticated. 


Consider using Role "All" instead of GroupPrincipal "Public". The  
"All" role applies to all users, regardless of whether they are  
authenticated. You could also simply add a privilege block for Role  
"Asserted" or Role "Anonymous" if you wanted to be more granular.


Andrew

Thus,
On Jul 6, 2007, at 3:33 PM, Tim Koop wrote:


I want to add a group called PUBLIC that can only view certain  
pages, not edit or anything else like the other normal people do.


So I added this to jspwiki.policy:

grant signedBy "jspwiki",
 principal com.ecyrd.jspwiki.auth.GroupPrincipal "PUBLIC" {

   permission com.ecyrd.jspwiki.auth.permissions.PagePermission  
"*:Public*", "view";

};


But I still have that section that will still let PUBLIC users do  
everything else, since they are still Authenticated:


grant signedBy "jspwiki",
 principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {

   permission com.ecyrd.jspwiki.auth.permissions.PagePermission  
"*:*", "edit,rename";
   permission com.ecyrd.jspwiki.auth.permissions.GroupPermission  
"*:*", "view";
   permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
"*", "createPages";
   permission com.ecyrd.jspwiki.auth.permissions.WikiPermission  
"*", "login";

};



I think I need to remove these permissions for the PUBLIC group, or  
somehow not give them these permissions in the first place.  Any  
ideas?


Thanks.

--
Tim Koop
_______________________________________________

This is the Jspwiki-users mailing list, in which we discuss the  
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues. For  
development discussion, please join jspwiki-dev.

http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList


_______________________________________________

This is the Jspwiki-users mailing list, in which we discuss the 
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues. 
For development discussion, please join jspwiki-dev.

http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList






















					Reply via email to