You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jspwiki.apache.org by mkabcde <ma...@cas.de> on 2008/05/15 17:30:27 UTC

Group based PagePermission in jspwiki.policy

Hello everybody!

I encounter an unexpected behaviour with JSPWiki's access control system.
(JSPWiki version 2.6.1)
Unfortunately I did not find any older posts that could help me solving this
problem.

I have a user "test" that is a member of the group "Editors".
The jspwiki.policy grants the following permissions to this group:

grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Editors" {
     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view,edit,rename,comment,upload";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};

All the pages I try to edit do NOT have an ACL like [{ALLOW edit Admin}].
However, I cannot edit a page.
The log shows:

2008-05-15 17:07:21,798 [http-9080-7] INFO com.ecyrd.jspwiki.WikiContext
JSPWiki:/JSPWiki/Edit.jsp
JSPWiki:http://css-80-003.home.cas.de:9080/JSPWiki/Edit.jsp - User test has
no access - forbidden
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:REST-Spezifikation","edit"))

Am I missing something?
Is there any chance to get debug information on the permissions granted to
the current user?

Any help is appreciated.

Best regards

Martin

-- 
View this message in context: http://www.nabble.com/Group-based-PagePermission-in-jspwiki.policy-tp17255965p17255965.html
Sent from the JspWiki - User mailing list archive at Nabble.com.

Re: Group based PagePermission in jspwiki.policy

Posted by Martin Kirchner <ma...@cas.de>.

Harry,

Thanks for your reply. 
The user "test" is a member of the group "Editors".
The security log (level=DEBUG) is not helpful. It just contains an
authentication event:

2008-05-19 12:03:02,355 DEBUG - WikiSecurityEvent.LOGIN_AUTHENTICATED
[source=com.ecyrd.jspwiki.auth.AuthenticationManager@22e2f131,
princpal=com.ecyrd.jspwiki.auth.WikiPrincipal test,
target=com.ecyrd.jspwiki.WikiSession@67825df8]

Regards,
Martin


Harry Metske wrote:
> 
> Martin,
> 
> maybe you can first check the group membership that is in effect, click
> "My
> Prefs" and then the View Group tab.
> You can also increase the debuglevel in jspwiki.properties
> (log4j.logger.SecurityLog)
> 
> regards,
> Harry
> 
> 2008/5/15 mkabcde <ma...@cas.de>:
> 
>>
>> Hello everybody!
>>
>> I encounter an unexpected behaviour with JSPWiki's access control system.
>> (JSPWiki version 2.6.1)
>> Unfortunately I did not find any older posts that could help me solving
>> this
>> problem.
>>
>> I have a user "test" that is a member of the group "Editors".
>> The jspwiki.policy grants the following permissions to this group:
>>
>> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Editors" {
>>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
>> "view,edit,rename,comment,upload";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "createPages,createGroups";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "editPreferences";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "editProfile";
>>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
>> "login";
>> };
>>
>> All the pages I try to edit do NOT have an ACL like [{ALLOW edit Admin}].
>> However, I cannot edit a page.
>> The log shows:
>>
>> 2008-05-15 17:07:21,798 [http-9080-7] INFO com.ecyrd.jspwiki.WikiContext
>> JSPWiki:/JSPWiki/Edit.jsp
>> JSPWiki:http://css-80-003.home.cas.de:9080/JSPWiki/Edit.jsp - User test
>> has
>> no access - forbidden
>>
>> (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:REST-Spezifikation","edit"))
>>
>> Am I missing something?
>> Is there any chance to get debug information on the permissions granted
>> to
>> the current user?
>>
>> Any help is appreciated.
>>
>> Best regards
>>
>> Martin
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Group-based-PagePermission-in-jspwiki.policy-tp17255965p17255965.html
>> Sent from the JspWiki - User mailing list archive at Nabble.com.
>>
>>
> 
> 
> -- 
> met vriendelijke groet,
> Harry Metske
> Telnr. +31-548-512395
> Mobile +31-6-51898081
> 
> 

-- 
View this message in context: http://www.nabble.com/Group-based-PagePermission-in-jspwiki.policy-tp17255965p17315170.html
Sent from the JspWiki - User mailing list archive at Nabble.com.

Re: Group based PagePermission in jspwiki.policy

Posted by Harry Metske <ha...@gmail.com>.

Martin,

maybe you can first check the group membership that is in effect, click "My
Prefs" and then the View Group tab.
You can also increase the debuglevel in jspwiki.properties
(log4j.logger.SecurityLog)

regards,
Harry

2008/5/15 mkabcde <ma...@cas.de>:

>
> Hello everybody!
>
> I encounter an unexpected behaviour with JSPWiki's access control system.
> (JSPWiki version 2.6.1)
> Unfortunately I did not find any older posts that could help me solving
> this
> problem.
>
> I have a user "test" that is a member of the group "Editors".
> The jspwiki.policy grants the following permissions to this group:
>
> grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Editors" {
>     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
> "view,edit,rename,comment,upload";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createPages,createGroups";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editPreferences";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "editProfile";
>     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "login";
> };
>
> All the pages I try to edit do NOT have an ACL like [{ALLOW edit Admin}].
> However, I cannot edit a page.
> The log shows:
>
> 2008-05-15 17:07:21,798 [http-9080-7] INFO com.ecyrd.jspwiki.WikiContext
> JSPWiki:/JSPWiki/Edit.jsp
> JSPWiki:http://css-80-003.home.cas.de:9080/JSPWiki/Edit.jsp - User test
> has
> no access - forbidden
>
> (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:REST-Spezifikation","edit"))
>
> Am I missing something?
> Is there any chance to get debug information on the permissions granted to
> the current user?
>
> Any help is appreciated.
>
> Best regards
>
> Martin
>
> --
> View this message in context:
> http://www.nabble.com/Group-based-PagePermission-in-jspwiki.policy-tp17255965p17255965.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>
>


-- 
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081

Re: Group based PagePermission in jspwiki.policy

Posted by Martin Kirchner <ma...@cas.de>.

Hello again!

Obviously my problem had something to do with caching. I set the
jspwiki.usePageCache property in jspwiki.properties to false and it worked
as expected.

Thanks for your help.

Best regards, 

Martin
-- 
View this message in context: http://www.nabble.com/Group-based-PagePermission-in-jspwiki.policy-tp17255965p17359939.html
Sent from the JspWiki - User mailing list archive at Nabble.com.