You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Roberto Venturi <Ro...@Mercurio.It> on 2012/08/06 16:21:09 UTC
How to test if a permission is a Wikipermission
Hi,
another chapter of my "search of the holy grail" with JSPWiki &
websphere security policies :-)
--------------
File: org.apache.auth.Authorization.Manager.java
Method: checkStaticPermission
Code:
try
{
// Check the JVM-wide security policy first
AccessController.checkPermission( permission );
return Boolean.TRUE;
}
catch( AccessControlException e )
--------------
the "return Boolean.TRUE;" can't be disabled (with "//") as I
suggested in precedent email because it manages all "non wiki"
permissions. So I need a test on "permission" to see if it's or not a
"wiki permission".
I'm trying substituting the statement with a "brutal" block as
--------------
String pName = permission.getName();
if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("Wiki"))
return Boolean.TRUE;
--------------
And, it was time, here is the question: there is a "more nice" way to
do the test?
Tanks for your patience :-)
Roberto
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
Thanks!
Posted by Roberto Venturi <Ro...@Mercurio.It>.
Thanks for answer: I'm studying it :-)
"if (permission instanceof WikiPermission)"
as my girlfriend love to say "I get the target almost always ... just
in a more complex way than others" :-) thanks for the simplest
solution ;-)
(of course it works!)
Roberto
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
Re: New and clean JSPWiki with old & dusty proprietary
authenticator
Posted by Florian Holeczek <fl...@holeczek.de>.
If there was already a web container authentication available for that old thing, you could also switch JSPWiki to web container authentication.
Regards
Florian
----- Ursprüngliche Mail -----
Von: "Florian Holeczek" <fl...@holeczek.de>
An: jspwiki-dev@incubator.apache.org
Gesendet: Freitag, 10. August 2012 08:58:13
Betreff: Re: New and clean JSPWiki with old & dusty proprietary authenticator
Hi Roberto,
AFAIK you have to implement a JAAS LoginModule, see org.apache.wiki.auth.login.AbstractLoginModule (see the rest of this package for examples).
Also see doc/aaa-diagram.pdf for a bigger picture.
Regards
Florian
----- Ursprüngliche Mail -----
Von: "Roberto Venturi" <Ro...@Mercurio.It>
An: jspwiki-dev@incubator.apache.org
Gesendet: Dienstag, 7. August 2012 17:26:20
Betreff: New and clean JSPWiki with old & dusty proprietary authenticator
Hi everybody,
suppose you have a custom, proprietary, not standard, old & dusty
authentication engine (it's really so).
Suppose that all users call a standard page to enter into JSPWiki
(rovenLoginPage.jsp as an example)
After some handshake with the "old & dusty auth. manager", the
rovenLoginPage.jsp knows everything about the caller (user name, id,
groups, shoes's number, eye's color, etc..) but here is the question:
how can it force theese authenticated values into wiki engine (shoes's
number is not important, really :-) )?
If you want not suppose so much . . . :-) :-)
I need a page who, when called, set "Mickey Mouse" as wiki user and
assign him to group "mouses".
Thanks again,
Roberto
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
Re: New and clean JSPWiki with old & dusty proprietary
authenticator
Posted by Florian Holeczek <fl...@holeczek.de>.
Hi Roberto,
AFAIK you have to implement a JAAS LoginModule, see org.apache.wiki.auth.login.AbstractLoginModule (see the rest of this package for examples).
Also see doc/aaa-diagram.pdf for a bigger picture.
Regards
Florian
----- Ursprüngliche Mail -----
Von: "Roberto Venturi" <Ro...@Mercurio.It>
An: jspwiki-dev@incubator.apache.org
Gesendet: Dienstag, 7. August 2012 17:26:20
Betreff: New and clean JSPWiki with old & dusty proprietary authenticator
Hi everybody,
suppose you have a custom, proprietary, not standard, old & dusty
authentication engine (it's really so).
Suppose that all users call a standard page to enter into JSPWiki
(rovenLoginPage.jsp as an example)
After some handshake with the "old & dusty auth. manager", the
rovenLoginPage.jsp knows everything about the caller (user name, id,
groups, shoes's number, eye's color, etc..) but here is the question:
how can it force theese authenticated values into wiki engine (shoes's
number is not important, really :-) )?
If you want not suppose so much . . . :-) :-)
I need a page who, when called, set "Mickey Mouse" as wiki user and
assign him to group "mouses".
Thanks again,
Roberto
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
New and clean JSPWiki with old & dusty proprietary authenticator
Posted by Roberto Venturi <Ro...@Mercurio.It>.
Hi everybody,
suppose you have a custom, proprietary, not standard, old & dusty
authentication engine (it's really so).
Suppose that all users call a standard page to enter into JSPWiki
(rovenLoginPage.jsp as an example)
After some handshake with the "old & dusty auth. manager", the
rovenLoginPage.jsp knows everything about the caller (user name, id,
groups, shoes's number, eye's color, etc..) but here is the question:
how can it force theese authenticated values into wiki engine (shoes's
number is not important, really :-) )?
If you want not suppose so much . . . :-) :-)
I need a page who, when called, set "Mickey Mouse" as wiki user and
assign him to group "mouses".
Thanks again,
Roberto
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
Re: How to test if a permission is a Wikipermission
Posted by Roberto Venturi <Ro...@Mercurio.It>.
Hello everybody,
the test suggested by JPSR is ok only for 1/4 :-)
I had to change the test in
-----
if ( ! (permission instanceof AllPermission)
&& ! (permission instanceof GroupPermission)
&& ! (permission instanceof PagePermission)
&& ! (permission instanceof WikiPermission)
)
return Boolean.TRUE;
-----
But the direction was important :-) Thanks.
I will try to understand hoe JIRA works to submit the patch ;-)
Regards,
Roberto
Quoting "Juan Pablo Santos Rodríguez" <ju...@gmail.com>:
> Hello Roberto,
>
> first apologies on not commenting on the previous e-mail. I've cc'ed
> jspwiki-dev, which seems a more appropiate place to make this question.
>
> I don't have the source right here but maybe you could check if permission
> instanceof WikiPermission?
>
> Also, don't know if you checked, but
> http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay
> give you some insights. I'll try to have a look at this, but seems to
> me the appropiate way may go through developing your own JSPWiki
> Authorizer. This way you could avoid patching "core" src and yet have your
> own customized behaviour.
>
> Regarding including source/patches/fixes, the best place is to file a JIRA,
> see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept
> contributions :-)
>
>
> br,
> juan pablo
>
> On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <Ro...@mercurio.it> wrote:
>
>> Hi,
>> another chapter of my "search of the holy grail" with JSPWiki & websphere
>> security policies :-)
>>
>> --------------
>> File: org.apache.auth.Authorization.**Manager.java
>> Method: checkStaticPermission
>> Code:
>> try
>> {
>> // Check the JVM-wide security policy first
>> AccessController.**checkPermission( permission );
>> return Boolean.TRUE;
>> }
>> catch( AccessControlException e )
>> --------------
>> the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in
>> precedent email because it manages all "non wiki" permissions. So I need a
>> test on "permission" to see if it's or not a "wiki permission".
>> I'm trying substituting the statement with a "brutal" block as
>> --------------
>> String pName = permission.getName();
>> if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("**
>> Wiki"))
>> return Boolean.TRUE;
>> --------------
>> And, it was time, here is the question: there is a "more nice" way to do
>> the test?
>>
>> Tanks for your patience :-)
>> Roberto
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Messaggio inviato da WebMail - http://www.mercurio.it
>> ------------------------------**-------------------------
>>
>
--
Messaggio inviato da WebMail - http://www.mercurio.it
-------------------------------------------------------
Re: How to test if a permission is a Wikipermission
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hello Roberto,
first apologies on not commenting on the previous e-mail. I've cc'ed
jspwiki-dev, which seems a more appropiate place to make this question.
I don't have the source right here but maybe you could check if permission
instanceof WikiPermission?
Also, don't know if you checked, but
http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay
give you some insights. I'll try to have a look at this, but seems to
me the appropiate way may go through developing your own JSPWiki
Authorizer. This way you could avoid patching "core" src and yet have your
own customized behaviour.
Regarding including source/patches/fixes, the best place is to file a JIRA,
see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept
contributions :-)
br,
juan pablo
On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <Ro...@mercurio.it> wrote:
> Hi,
> another chapter of my "search of the holy grail" with JSPWiki & websphere
> security policies :-)
>
> --------------
> File: org.apache.auth.Authorization.**Manager.java
> Method: checkStaticPermission
> Code:
> try
> {
> // Check the JVM-wide security policy first
> AccessController.**checkPermission( permission );
> return Boolean.TRUE;
> }
> catch( AccessControlException e )
> --------------
> the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in
> precedent email because it manages all "non wiki" permissions. So I need a
> test on "permission" to see if it's or not a "wiki permission".
> I'm trying substituting the statement with a "brutal" block as
> --------------
> String pName = permission.getName();
> if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("**
> Wiki"))
> return Boolean.TRUE;
> --------------
> And, it was time, here is the question: there is a "more nice" way to do
> the test?
>
> Tanks for your patience :-)
> Roberto
>
>
>
>
>
>
>
>
> --
> Messaggio inviato da WebMail - http://www.mercurio.it
> ------------------------------**-------------------------
>
Re: How to test if a permission is a Wikipermission
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hello Roberto,
first apologies on not commenting on the previous e-mail. I've cc'ed
jspwiki-dev, which seems a more appropiate place to make this question.
I don't have the source right here but maybe you could check if permission
instanceof WikiPermission?
Also, don't know if you checked, but
http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-CustomizingTheAuthorizationProcessmay
give you some insights. I'll try to have a look at this, but seems to
me the appropiate way may go through developing your own JSPWiki
Authorizer. This way you could avoid patching "core" src and yet have your
own customized behaviour.
Regarding including source/patches/fixes, the best place is to file a JIRA,
see http://www.jspwiki.org/wiki/ContributingChanges, we gladly accept
contributions :-)
br,
juan pablo
On Mon, Aug 6, 2012 at 4:21 PM, Roberto Venturi <Ro...@mercurio.it> wrote:
> Hi,
> another chapter of my "search of the holy grail" with JSPWiki & websphere
> security policies :-)
>
> --------------
> File: org.apache.auth.Authorization.**Manager.java
> Method: checkStaticPermission
> Code:
> try
> {
> // Check the JVM-wide security policy first
> AccessController.**checkPermission( permission );
> return Boolean.TRUE;
> }
> catch( AccessControlException e )
> --------------
> the "return Boolean.TRUE;" can't be disabled (with "//") as I suggested in
> precedent email because it manages all "non wiki" permissions. So I need a
> test on "permission" to see if it's or not a "wiki permission".
> I'm trying substituting the statement with a "brutal" block as
> --------------
> String pName = permission.getName();
> if (pName==null || pName.length()<4 || !pName.substring(0,4).equals("**
> Wiki"))
> return Boolean.TRUE;
> --------------
> And, it was time, here is the question: there is a "more nice" way to do
> the test?
>
> Tanks for your patience :-)
> Roberto
>
>
>
>
>
>
>
>
> --
> Messaggio inviato da WebMail - http://www.mercurio.it
> ------------------------------**-------------------------
>