You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by David Francisco <he...@dmfranc.com> on 2012/09/17 14:41:11 UTC
Problem granting permission to use wookie's proxy
Hello everyone,
I am trying to grant permission to communicate with external resources to
new widgets, by default.
For example, if the widget has the configuration <access origin="*"/>, I
want it to be able to communicate with external resources without admin
intervention. However, when the widget is deployed, a new policy rule is
added to the policies file with the value DENY (instead of ALLOW).
I also tried to add "* * allow" to the policies file, but it didn't work
either.
Is there any way to automatically grant the permissions the widget is
asking for?
This problem appeared to me since I upgraded from Wookie 0.9 to Wookie 0.11.
Best regards and thank you in advance for your help,
David Francisco
Re: Problem granting permission to use wookie's proxy
Posted by David Francisco <he...@dmfranc.com>.
Yes, I saw it yesterday. I was having some problems running the latest code
but I patched the stable release and it's working. Thank you!
David Francisco
+351 918771302
http://dmfranc.com
2012/9/20 Scott Wilson <sc...@gmail.com>
> I've committed a fix for this - it turns out when using POST it was using
> a default of DENY rather than ALLOW for new access requests. If you update
> to the latest code in subversion it should now work OK.
>
> On 17 Sep 2012, at 15:45, David Francisco wrote:
>
> > Hello again,
> >
> > Thank you for the fast reply. I tried to drop the same widget into the
> > deploy folder and it worked as you described.
> > The behavior I mentioned seems to happen when I do a POST request to
> > /wookie/widgets (with admin credentials).
> >
> > Concerning the "* * ALLOW" workaround, since the above operation adds
> > a DENYdirective into the policies file, is it possible that my "*
> > * ALLOW" is being overridden (the DENY line is added below mine, so
> perhaps
> > it gets priority)?
> >
> > Kind regards,
> > David Francisco
> >
> >
> > 2012/9/17 Scott Wilson <sc...@gmail.com>
> >
> >> Hi David,
> >>
> >> On 17 Sep 2012, at 13:41, David Francisco wrote:
> >>
> >>> Hello everyone,
> >>>
> >>> I am trying to grant permission to communicate with external resources
> to
> >>> new widgets, by default.
> >>>
> >>> For example, if the widget has the configuration <access origin="*"/>,
> I
> >>> want it to be able to communicate with external resources without admin
> >>> intervention. However, when the widget is deployed, a new policy rule
> is
> >>> added to the policies file with the value DENY (instead of ALLOW).
> >>
> >> I just tried this, creating a new widget including:
> >>
> >> <access origin="*"/>
> >>
> >> ... and dropped it into /deploy. In policies I get:
> >>
> >> http\://labs.cetis.ac.uk/test * ALLOW
> >>
> >> ... which is what I would expect.
> >>
> >> Can you create an issue in the tracker (
> >> https://issues.apache.org/jira/browse/WOOKIE) and attach a .wgt file or
> >> config.xml that exhibits the problem?
> >>
> >> .
> >>> I also tried to add "* * allow" to the policies file, but it didn't
> work
> >>> either.
> >>
> >> Are you sure you're editing the policies file on the actual server? If
> >> you're running a dev copy locally it will be in
> >> build/webapp/wookie/WEB-INF/policies
> >>
> >>> Is there any way to automatically grant the permissions the widget is
> >>> asking for?
> >>
> >> Either of the approaches you tried above *should* work.
> >>
> >>>
> >>> This problem appeared to me since I upgraded from Wookie 0.9 to Wookie
> >> 0.11.
> >>>
> >>> Best regards and thank you in advance for your help,
> >>> David Francisco
> >>
> >>
>
>
Re: Problem granting permission to use wookie's proxy
Posted by Scott Wilson <sc...@gmail.com>.
I've committed a fix for this - it turns out when using POST it was using a default of DENY rather than ALLOW for new access requests. If you update to the latest code in subversion it should now work OK.
On 17 Sep 2012, at 15:45, David Francisco wrote:
> Hello again,
>
> Thank you for the fast reply. I tried to drop the same widget into the
> deploy folder and it worked as you described.
> The behavior I mentioned seems to happen when I do a POST request to
> /wookie/widgets (with admin credentials).
>
> Concerning the "* * ALLOW" workaround, since the above operation adds
> a DENYdirective into the policies file, is it possible that my "*
> * ALLOW" is being overridden (the DENY line is added below mine, so perhaps
> it gets priority)?
>
> Kind regards,
> David Francisco
>
>
> 2012/9/17 Scott Wilson <sc...@gmail.com>
>
>> Hi David,
>>
>> On 17 Sep 2012, at 13:41, David Francisco wrote:
>>
>>> Hello everyone,
>>>
>>> I am trying to grant permission to communicate with external resources to
>>> new widgets, by default.
>>>
>>> For example, if the widget has the configuration <access origin="*"/>, I
>>> want it to be able to communicate with external resources without admin
>>> intervention. However, when the widget is deployed, a new policy rule is
>>> added to the policies file with the value DENY (instead of ALLOW).
>>
>> I just tried this, creating a new widget including:
>>
>> <access origin="*"/>
>>
>> ... and dropped it into /deploy. In policies I get:
>>
>> http\://labs.cetis.ac.uk/test * ALLOW
>>
>> ... which is what I would expect.
>>
>> Can you create an issue in the tracker (
>> https://issues.apache.org/jira/browse/WOOKIE) and attach a .wgt file or
>> config.xml that exhibits the problem?
>>
>> .
>>> I also tried to add "* * allow" to the policies file, but it didn't work
>>> either.
>>
>> Are you sure you're editing the policies file on the actual server? If
>> you're running a dev copy locally it will be in
>> build/webapp/wookie/WEB-INF/policies
>>
>>> Is there any way to automatically grant the permissions the widget is
>>> asking for?
>>
>> Either of the approaches you tried above *should* work.
>>
>>>
>>> This problem appeared to me since I upgraded from Wookie 0.9 to Wookie
>> 0.11.
>>>
>>> Best regards and thank you in advance for your help,
>>> David Francisco
>>
>>
Re: Problem granting permission to use wookie's proxy
Posted by Scott Wilson <sc...@gmail.com>.
On 17 Sep 2012, at 15:45, David Francisco wrote:
> Hello again,
>
> Thank you for the fast reply. I tried to drop the same widget into the
> deploy folder and it worked as you described.
> The behavior I mentioned seems to happen when I do a POST request to
> /wookie/widgets (with admin credentials).
>
OK, so it only happens using the REST API - that does narrow it down.
> Concerning the "* * ALLOW" workaround, since the above operation adds
> a DENYdirective into the policies file, is it possible that my "*
> * ALLOW" is being overridden (the DENY line is added below mine, so perhaps
> it gets priority)?
Yes, thats right, a matching DENY policy overrides an ALLOW.
>
> Kind regards,
> David Francisco
>
>
> 2012/9/17 Scott Wilson <sc...@gmail.com>
>
>> Hi David,
>>
>> On 17 Sep 2012, at 13:41, David Francisco wrote:
>>
>>> Hello everyone,
>>>
>>> I am trying to grant permission to communicate with external resources to
>>> new widgets, by default.
>>>
>>> For example, if the widget has the configuration <access origin="*"/>, I
>>> want it to be able to communicate with external resources without admin
>>> intervention. However, when the widget is deployed, a new policy rule is
>>> added to the policies file with the value DENY (instead of ALLOW).
>>
>> I just tried this, creating a new widget including:
>>
>> <access origin="*"/>
>>
>> ... and dropped it into /deploy. In policies I get:
>>
>> http\://labs.cetis.ac.uk/test * ALLOW
>>
>> ... which is what I would expect.
>>
>> Can you create an issue in the tracker (
>> https://issues.apache.org/jira/browse/WOOKIE) and attach a .wgt file or
>> config.xml that exhibits the problem?
>>
>> .
>>> I also tried to add "* * allow" to the policies file, but it didn't work
>>> either.
>>
>> Are you sure you're editing the policies file on the actual server? If
>> you're running a dev copy locally it will be in
>> build/webapp/wookie/WEB-INF/policies
>>
>>> Is there any way to automatically grant the permissions the widget is
>>> asking for?
>>
>> Either of the approaches you tried above *should* work.
>>
>>>
>>> This problem appeared to me since I upgraded from Wookie 0.9 to Wookie
>> 0.11.
>>>
>>> Best regards and thank you in advance for your help,
>>> David Francisco
>>
>>
Re: Problem granting permission to use wookie's proxy
Posted by David Francisco <he...@dmfranc.com>.
Hello again,
Thank you for the fast reply. I tried to drop the same widget into the
deploy folder and it worked as you described.
The behavior I mentioned seems to happen when I do a POST request to
/wookie/widgets (with admin credentials).
Concerning the "* * ALLOW" workaround, since the above operation adds
a DENYdirective into the policies file, is it possible that my "*
* ALLOW" is being overridden (the DENY line is added below mine, so perhaps
it gets priority)?
Kind regards,
David Francisco
2012/9/17 Scott Wilson <sc...@gmail.com>
> Hi David,
>
> On 17 Sep 2012, at 13:41, David Francisco wrote:
>
> > Hello everyone,
> >
> > I am trying to grant permission to communicate with external resources to
> > new widgets, by default.
> >
> > For example, if the widget has the configuration <access origin="*"/>, I
> > want it to be able to communicate with external resources without admin
> > intervention. However, when the widget is deployed, a new policy rule is
> > added to the policies file with the value DENY (instead of ALLOW).
>
> I just tried this, creating a new widget including:
>
> <access origin="*"/>
>
> ... and dropped it into /deploy. In policies I get:
>
> http\://labs.cetis.ac.uk/test * ALLOW
>
> ... which is what I would expect.
>
> Can you create an issue in the tracker (
> https://issues.apache.org/jira/browse/WOOKIE) and attach a .wgt file or
> config.xml that exhibits the problem?
>
> .
> > I also tried to add "* * allow" to the policies file, but it didn't work
> > either.
>
> Are you sure you're editing the policies file on the actual server? If
> you're running a dev copy locally it will be in
> build/webapp/wookie/WEB-INF/policies
>
> > Is there any way to automatically grant the permissions the widget is
> > asking for?
>
> Either of the approaches you tried above *should* work.
>
> >
> > This problem appeared to me since I upgraded from Wookie 0.9 to Wookie
> 0.11.
> >
> > Best regards and thank you in advance for your help,
> > David Francisco
>
>
Re: Problem granting permission to use wookie's proxy
Posted by Scott Wilson <sc...@gmail.com>.
Hi David,
On 17 Sep 2012, at 13:41, David Francisco wrote:
> Hello everyone,
>
> I am trying to grant permission to communicate with external resources to
> new widgets, by default.
>
> For example, if the widget has the configuration <access origin="*"/>, I
> want it to be able to communicate with external resources without admin
> intervention. However, when the widget is deployed, a new policy rule is
> added to the policies file with the value DENY (instead of ALLOW).
I just tried this, creating a new widget including:
<access origin="*"/>
... and dropped it into /deploy. In policies I get:
http\://labs.cetis.ac.uk/test * ALLOW
... which is what I would expect.
Can you create an issue in the tracker (https://issues.apache.org/jira/browse/WOOKIE) and attach a .wgt file or config.xml that exhibits the problem?
.
> I also tried to add "* * allow" to the policies file, but it didn't work
> either.
Are you sure you're editing the policies file on the actual server? If you're running a dev copy locally it will be in build/webapp/wookie/WEB-INF/policies
> Is there any way to automatically grant the permissions the widget is
> asking for?
Either of the approaches you tried above *should* work.
>
> This problem appeared to me since I upgraded from Wookie 0.9 to Wookie 0.11.
>
> Best regards and thank you in advance for your help,
> David Francisco