You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Carol Hassler <Ca...@wicourts.gov> on 2011/11/09 20:53:33 UTC

Re: wiki security and the policy file

Hi all,
 
Anyone have any ideas why the jspwiki.policy code below won't work with
JSPwiki 2.8.4?
 
thanks

>>> "Carol Hassler" <Ca...@wicourts.gov> 10/25/2011 12:17 PM
>>>
Thanks for your response.

As a last-ditch effort, I tried to give this wiki group full
permission
in the jspwiki.policy file by copying the "Admin" group info and
changing the group name (maybe I got this wrong?):

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WSLLAdmins" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};


Prior to trying that, I had also tried:

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WSLLAdmins" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*",
"delete";
};


All test members were already in the wiki group "WSLLAdmins". 

I should note that all other restrictions we set in the policy file DO
work. So we restricted users who weren't signed in from editing the
wiki
and that continues to work totally fine. That's why I was wondering if
I
was using the wrong syntax for this other "WSLLAdmins" wiki group.


I don't have access to the log files (long story). I'll see if I can
find out more. In the meantime, is there something obviously wrong
with
either of the commands included above? Maybe I just misunderstood how
those work.

thanks!
Carol


>>> Florian Holeczek <fl...@holeczek.de> 10/25/2011 11:33 AM >>>
Hello Carol,

could you post the policy settings you're trying to set?
Do the log files tell anything?
Which groups are the relevant users in?
Which Servlet Container / Application Server are you using, and which
version and vendor of Java is it run with? Is it running without a
security manager (see JSPWIKI-129)?
Please also have a look at the mail thread in
http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg02855.html

Regards
Florian


----- Ursprüngliche Mail -----
Von: "Carol Hassler" <Ca...@wicourts.gov>
An: jspwiki-user@incubator.apache.org
Gesendet: Dienstag, 25. Oktober 2011 17:41:52
Betreff: wiki security and the policy file

Hello,

I am trying to set up limited permissions for a specific wiki group
(call the group "WikiAdmins") to delete pages. I don't want to grant
them the full power of the Admin group, so I'm trying to set limited
permissions via the policy file.

I've been following instructions here:
http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-ModifyingTheDefaultSecurityPolicy

And can't seem to get these permissions to work. I even tried copying
directly the "Admin" permissions already in the policy file, pasting
those onto the end of the file and changing the group name to
"WikiAdmins", but that doesn't seem to work for me either.

Does anyone have any suggestions for what I'm missing here? We're on
v.2.8.4.

Thanks!
Carol

Re: wiki security and the policy file

Posted by Florian Holeczek <fl...@holeczek.de>.
Hi Carol,

just an idea, you would have to try it out: You wrote that it's a wiki group. Which way do you authenticate? Maybe the jspwiki.policy settings can only be applied to principals the auth source is providing, and wiki-internal groups etc. won't get "injected" into the auth stuff.

You could switch the log level to debug in order to see more of what's going on.

Regards
 Florian


----- Ursprüngliche Mail -----
Von: "Carol Hassler" <Ca...@wicourts.gov>
An: jspwiki-user@incubator.apache.org
Gesendet: Mittwoch, 9. November 2011 20:53:33
Betreff: Re: wiki security and the policy file

Hi all,
 
Anyone have any ideas why the jspwiki.policy code below won't work with
JSPwiki 2.8.4?
 
thanks

>>> "Carol Hassler" <Ca...@wicourts.gov> 10/25/2011 12:17 PM
>>>
Thanks for your response.

As a last-ditch effort, I tried to give this wiki group full
permission
in the jspwiki.policy file by copying the "Admin" group info and
changing the group name (maybe I got this wrong?):

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WSLLAdmins" {
    permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};


Prior to trying that, I had also tried:

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "WSLLAdmins" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*",
"delete";
};


All test members were already in the wiki group "WSLLAdmins". 

I should note that all other restrictions we set in the policy file DO
work. So we restricted users who weren't signed in from editing the
wiki
and that continues to work totally fine. That's why I was wondering if
I
was using the wrong syntax for this other "WSLLAdmins" wiki group.


I don't have access to the log files (long story). I'll see if I can
find out more. In the meantime, is there something obviously wrong
with
either of the commands included above? Maybe I just misunderstood how
those work.

thanks!
Carol


>>> Florian Holeczek <fl...@holeczek.de> 10/25/2011 11:33 AM >>>
Hello Carol,

could you post the policy settings you're trying to set?
Do the log files tell anything?
Which groups are the relevant users in?
Which Servlet Container / Application Server are you using, and which
version and vendor of Java is it run with? Is it running without a
security manager (see JSPWIKI-129)?
Please also have a look at the mail thread in
http://www.mail-archive.com/jspwiki-user@incubator.apache.org/msg02855.html

Regards
Florian


----- Ursprüngliche Mail -----
Von: "Carol Hassler" <Ca...@wicourts.gov>
An: jspwiki-user@incubator.apache.org
Gesendet: Dienstag, 25. Oktober 2011 17:41:52
Betreff: wiki security and the policy file

Hello,

I am trying to set up limited permissions for a specific wiki group
(call the group "WikiAdmins") to delete pages. I don't want to grant
them the full power of the Admin group, so I'm trying to set limited
permissions via the policy file.

I've been following instructions here:
http://doc.jspwiki.org/2.4/wiki/Wiki.Admin.Security#section-Wiki.Admin.Security-ModifyingTheDefaultSecurityPolicy

And can't seem to get these permissions to work. I even tried copying
directly the "Admin" permissions already in the policy file, pasting
those onto the end of the file and changing the group name to
"WikiAdmins", but that doesn't seem to work for me either.

Does anyone have any suggestions for what I'm missing here? We're on
v.2.8.4.

Thanks!
Carol