You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Troll <js...@webof.de> on 2008/01/21 17:41:06 UTC
Question: ACL and Tomcat Auth
Hi All!
I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
the lines at the end of web.xml file, created my own tomcat-users.xml
file and changed the server.xml in $CATALINA_HOME/conf. So far it works
all fine.
Now the question: is it possible to use the ACL features like
[{ALLOW view Janne,Mike Morris}]
with this tomcat auth-method? And if it will work, what is to do? Is
there something I have to activate? I tried this statement above, but I
regognize new changes: I can view my testpage, and that even though I m
neither Janne nor Mike Morris ;-)
Thanks for your help!
Troll
Re: Question: ACL and Tomcat Auth
Posted by Harry Metske <ha...@gmail.com>.
We would need the jspwiki.policy file too I think, and preferably also the
jspwiki.log file, and the Security log. Also first try to run your wiki with
a higher (security) debug level. You can set the levels in the
jspwiki.properties file.
Harry
2008/1/21, Troll <js...@webof.de>:
>
> Hi Harry, hi all!
>
> Harry Metske schrieb:
> > [..] Are you sure you are not JSPWiki Admin (have the role mentioned at
> the
> > bottom of jspwiki.policy) ?
> >
> I ve tried this now as an simple user without any adminrole, but I can
> still see the restricted page! :-(
>
> Now, I send you some more Infos and some lines of my files:
>
> Wikiversion: 2.6.0
>
>
> My WikiPage
>
> --------------------------------------------------------------------------------------
> [{ALLOW view Janne,Mike Morris}]
>
> Hi! Can you see this?
>
> --------------------------------------------------------------------------------------
>
> tomcat-user.xml:
>
> --------------------------------------------------------------------------------------
> <?xml version='1.0' encoding='utf-8'?>
> <tomcat-users>
> <role rolename="Admin"/>
> <role rolename="user"/>
> <user username="admin" password="admin" roles="Admin"/>
> <user username="me" password="me" roles="user"/>
> </tomcat-users>
>
> --------------------------------------------------------------------------------------
>
>
> part of web.xml
>
> --------------------------------------------------------------------------------------
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrative Area</web-resource-name>
> <url-pattern>/Delete.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Wiki.jsp</url-pattern>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <web-resource-collection>
> <web-resource-name>Read-only Area</web-resource-name>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Admin</role-name>
> <role-name>user</role-name>
> </auth-constraint>
>
>
> </security-constraint>
>
> <login-config>
> <!--
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/LoginForm.jsp</form-login-page>
> <form-error-page>/LoginForm.jsp</form-error-page>
> </form-login-config>
> -->
> <auth-method>BASIC</auth-method>
> <realm-name>Wiki Editor</realm-name>
>
> </login-config>
>
> <security-role>
> <description>
> This logical role includes all authenticated users
> </description>
> <role-name>user</role-name>
> </security-role>
>
> <security-role>
> <description>
> This logical role includes all administrative users
> </description>
> <role-name>Admin</role-name>
> </security-role>
>
> --------------------------------------------------------------------------------------
>
> By the way: I add the pattern
>
> <url-pattern>/Wiki.jsp</url-pattern>
>
> to the <web-resource-collection>, cause noone should have any access to
> this wiki. I hope this is ok?!
>
> If some one has any hint, I would very happy!
>
> Best
> Troll
>
> > Harry
> >
> >
> > 2008/1/21, Troll <js...@webof.de>:
> >
> >> Hi All!
> >>
> >> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
> >> the lines at the end of web.xml file, created my own tomcat-users.xml
> >> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
> >> all fine.
> >>
> >> Now the question: is it possible to use the ACL features like
> >>
> >> [{ALLOW view Janne,Mike Morris}]
> >>
> >> with this tomcat auth-method? And if it will work, what is to do? Is
> >> there something I have to activate? I tried this statement above, but I
> >> regognize new changes: I can view my testpage, and that even though I m
> >> neither Janne nor Mike Morris ;-)
> >>
> >> Thanks for your help!
> >> Troll
> >>
> >>
> >
> >
> >
> >
>
>
--
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081
Re: Question: ACL and Tomcat Auth
Posted by Troll <js...@webof.de>.
Hi Harry, hi all!
Harry Metske schrieb:
> [..] Are you sure you are not JSPWiki Admin (have the role mentioned at the
> bottom of jspwiki.policy) ?
>
I ve tried this now as an simple user without any adminrole, but I can
still see the restricted page! :-(
Now, I send you some more Infos and some lines of my files:
Wikiversion: 2.6.0
My WikiPage
--------------------------------------------------------------------------------------
[{ALLOW view Janne,Mike Morris}]
Hi! Can you see this?
--------------------------------------------------------------------------------------
tomcat-user.xml:
--------------------------------------------------------------------------------------
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="Admin"/>
<role rolename="user"/>
<user username="admin" password="admin" roles="Admin"/>
<user username="me" password="me" roles="user"/>
</tomcat-users>
--------------------------------------------------------------------------------------
part of web.xml
--------------------------------------------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<!--
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
-->
<auth-method>BASIC</auth-method>
<realm-name>Wiki Editor</realm-name>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>user</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
--------------------------------------------------------------------------------------
By the way: I add the pattern
<url-pattern>/Wiki.jsp</url-pattern>
to the <web-resource-collection>, cause noone should have any access to
this wiki. I hope this is ok?!
If some one has any hint, I would very happy!
Best
Troll
> Harry
>
>
> 2008/1/21, Troll <js...@webof.de>:
>
>> Hi All!
>>
>> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
>> the lines at the end of web.xml file, created my own tomcat-users.xml
>> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
>> all fine.
>>
>> Now the question: is it possible to use the ACL features like
>>
>> [{ALLOW view Janne,Mike Morris}]
>>
>> with this tomcat auth-method? And if it will work, what is to do? Is
>> there something I have to activate? I tried this statement above, but I
>> regognize new changes: I can view my testpage, and that even though I m
>> neither Janne nor Mike Morris ;-)
>>
>> Thanks for your help!
>> Troll
>>
>>
>
>
>
>
Re: Question: ACL and Tomcat Auth
Posted by Troll <js...@webof.de>.
Hey Harry,
Harry Metske schrieb:
> [...] Are you sure you are not JSPWiki Admin (have the role mentioned at the
> bottom of jspwiki.policy) ?
>
Thats a very good point!!! ;-) Yes, of course! I m the ADMIN :-) Argh!
I'll try it the next time. This could be the reason ;-)
Thank you for opening my eyes ;-)
Troll
> Harry
>
>
> 2008/1/21, Troll <js...@webof.de>:
>
>> Hi All!
>>
>> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
>> the lines at the end of web.xml file, created my own tomcat-users.xml
>> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
>> all fine.
>>
>> Now the question: is it possible to use the ACL features like
>>
>> [{ALLOW view Janne,Mike Morris}]
>>
>> with this tomcat auth-method? And if it will work, what is to do? Is
>> there something I have to activate? I tried this statement above, but I
>> regognize new changes: I can view my testpage, and that even though I m
>> neither Janne nor Mike Morris ;-)
>>
>> Thanks for your help!
>> Troll
>>
>>
>
>
>
>
Re: Question: ACL and Tomcat Auth
Posted by Harry Metske <ha...@gmail.com>.
Troll,
this should work, after changing the ACL you don't have to recycle anything.
Are you sure you are not JSPWiki Admin (have the role mentioned at the
bottom of jspwiki.policy) ?
Harry
2008/1/21, Troll <js...@webof.de>:
>
> Hi All!
>
> I ve protected my jspwiki by the tomcat auth mechanism. I uncommented
> the lines at the end of web.xml file, created my own tomcat-users.xml
> file and changed the server.xml in $CATALINA_HOME/conf. So far it works
> all fine.
>
> Now the question: is it possible to use the ACL features like
>
> [{ALLOW view Janne,Mike Morris}]
>
> with this tomcat auth-method? And if it will work, what is to do? Is
> there something I have to activate? I tried this statement above, but I
> regognize new changes: I can view my testpage, and that even though I m
> neither Janne nor Mike Morris ;-)
>
> Thanks for your help!
> Troll
>
--
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081