You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2008/08/16 19:13:44 UTC

[jira] Updated: (JSPWIKI-345) Security Policy for a Single User

     [ https://issues.apache.org/jira/browse/JSPWIKI-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Janne Jalkanen updated JSPWIKI-345:
-----------------------------------

         Fix Version/s: 2.8
              Assignee: Andrew Jaquith
    Remaining Estimate:     (was: 168h)
     Original Estimate:     (was: 168h)

Chucking andrew's way; looks like a low-hanging fruit.

> Security Policy for a Single User
> ---------------------------------
>
>                 Key: JSPWIKI-345
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-345
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.3
>         Environment: Tomcat 6.0 on RHEL5.
>            Reporter: Paul Edelman
>            Assignee: Andrew Jaquith
>            Priority: Minor
>             Fix For: 2.8
>
>
> The procedure listed in http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSecurity regarding creating a security policy for an individual user does not appear to work.  After having followed the instructions several times we are unable to grant specific access to an individual user in JSPWiki.  To be certain that the changes had taken affected we did restart the application between changes.  We are certain that the user existed and could login with other default permissions.  We even removed all other custom policies to see if they were in conflict and added only the users policy.  After attempting login for the given user none of the permissions granted to them in the policy had effect.  The policy for the user was defined as such:
> grant principal "Username" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view, modify";
> };
> This is likely a matter of out dated documentation, or a misunderstanding of how to grant the principal.  We later added a group principal for a group containing only the user and the permissions went into affect without any problems.  We would rather like to not have to create a user and user group for each user we create that we want to give a special security policy to.
> Thanks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.