You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by David Clemmons <dc...@sbcglobal.net> on 2010/04/19 05:27:43 UTC
ACL problem
I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
work. For instance, I have a page with [{ALLOW view DavidClemmons}] but anonymous users can still view this.
David Clemmons
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Here is the policy file:
// $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $
//
// This file contains the local security policy for JSPWiki.
// It provides the permissions rules for the JSPWiki
// environment, and should be suitable for most purposes.
// JSPWiki will load this policy when the wiki webapp starts.
//
// As noted, this is the 'local' policy for this instance of JSPWiki.
// You can also use the standard Java 2 security policy mechanisms
// to create a consolidated 'global policy' (JVM-wide) that will be checked first,
// before this local policy. This is ideal for situations in which you are
// running multiple instances of JSPWiki in your web container.
// To set a global security policy for all running instances of JSPWiki,
// you will need to specify the location of the global policy by setting the
// JVM system property 'java.security.policy' in the command line script
// you use to start your web container. See the documentation
// pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you
// don't know what this means, don't worry about it.
//
// Also, if you are running JSPWiki with a security policy, you will probably
// want to copy the contents of the file jspwiki-container.policy into your
// container's policy. See that file for more details.
//
// ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------
// The first policy block grants privileges that all users need, regardless of
// the roles or groups they belong to. Everyone can register with the wiki and
// log in. Everyone can edit their profile after they authenticate.
// Everyone can also view all wiki pages unless otherwise protected by an ACL.
// If that seems too loose for your needs, you can restrict page-viewing
// privileges by moving the PagePermission 'view' grant to one of the other blocks.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
// The second policy block is extremely loose, and unsuited for public-facing wikis.
// Anonymous users are allowed to create, edit and comment on all pages.
//
// Note: For Internet-facing wikis, you are strongly advised to remove the
// lines containing the "modify" and "createPages" permissions; this will make
// the wiki read-only for anonymous users.
// Note that "modify" implies *both* "edit" and "upload", so if you wish to
// allow editing only, then replace "modify" with "edit".
// grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
// };
// This next policy block is also pretty loose. It allows users who claim to
// be someone (via their cookie) to create, edit and comment on all pages,
// as well as upload files.
// They can also view the membership list of groups.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
};
// Authenticated users can do most things: view, create, edit and
// comment on all pages; upload files to existing ones; create and edit
// wiki groups; and rename existing pages. Authenticated users can also
// edit groups they are members of.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
};
// Administrators (principals or roles possessing AllPermission)
// are allowed to delete any page, and can edit, rename and delete
// groups. You should match the permission target (here, 'JSPWiki')
// with the value of the 'jspwiki.applicationName' property in
// jspwiki.properties. Two administative groups are set up below:
// the wiki group "Admin" (stored by default in wiki page GroupAdmin)
// and the container role "Admin" (managed by the web container).
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Thu, April 22, 2010 3:58:57 AM
Subject: Re: ACL problem
David,
the list does not accept attachments, can you put them inline, or put them
somewhere on a public host ?
regards,
Harry
2010/4/22 David Clemmons <d_...@yahoo.com>
> Attached is the policy and log file.
> Thank You,
> David Clemmons
>
>
> ------------------------------
> *From:* Harry Metske <ha...@gmail.com>
> *To:* jspwiki-user@incubator.apache.org
> *Sent:* Wed, April 21, 2010 11:52:42 AM
> *Subject:* Re: ACL problem
>
> David,
>
> can you share your jspwiki.policy file and the logfiles with us ?
> Your problem description is not enough for us to help you.
>
> regards,
> Harry
>
> 2010/4/19 David Clemmons <dc...@sbcglobal.net>
>
> > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> > anonymous users can still view this.
> >
> >
> > David Clemmons
> >
>
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Sorry about that here is the log file:
2010-04-20 15:26:02,484 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - *******************************************
2010-04-20 15:26:02,484 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - JSPWiki 2.8.3 starting. Whee!
2010-04-20 15:26:02,546 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - Servlet container: IBM WebSphere Application Server/6.1
2010-04-20 15:26:02,578 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - JSPWiki working directory is 'C:\\jspwiki'
2010-04-20 15:26:03,296 [server.startup : 2] INFO com.ecyrd.jspwiki.providers.AbstractFileProvider - Wikipages are read from 'C:\\jspwiki'
2010-04-20 15:26:03,296 [server.startup : 2] INFO com.ecyrd.jspwiki.providers.VersioningFileProvider - Using directory C:\jspwiki\OLD for storing old versions of pages
2010-04-20 15:26:03,328 [server.startup : 2] INFO com.ecyrd.jspwiki.plugin.PluginManager - Registering plugins
2010-04-20 15:26:03,406 [server.startup : 2] INFO com.ecyrd.jspwiki.diff.DifferenceManager - Using difference provider: TraditionalDiffProvider
2010-04-20 15:26:03,421 [server.startup : 2] INFO com.ecyrd.jspwiki.providers.CachingAttachmentProvider - Initing CachingAttachmentProvider
2010-04-20 15:26:03,515 [server.startup : 2] INFO com.ecyrd.jspwiki.search.LuceneSearchProvider - Lucene enabled, cache will be in: C:\jspwiki\lucene
2010-04-20 15:26:03,593 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.EditorManager - Registering editor modules
2010-04-20 15:26:03,625 [JSPWiki Lucene Indexer] INFO com.ecyrd.jspwiki.search.LuceneSearchProvider - Files found in Lucene directory, not reindexing.
2010-04-20 15:26:03,625 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer - Examining file:/C:/projects/StrutsProd_workspace/JSPWiki/WebContent/WEB-INF/web.xml
2010-04-20 15:26:03,687 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer - JSPWiki is using custom authentication.
2010-04-20 15:26:03,687 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer - Authorizer WebContainerAuthorizer initialized successfully.
2010-04-20 15:26:03,765 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.AuthorizationManager - Initialized default security policy: C:\projects\StrutsProd_workspace\JSPWiki\WebContent\WEB-INF\jspwiki.policy
2010-04-20 15:26:03,765 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.GroupManager - Attempting to load group database class com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase
2010-04-20 15:26:03,781 [server.startup : 2] WARN com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase - XML group database property jspwiki.xmlGroupDatabaseFile not found; trying C:\projects\StrutsProd_workspace\JSPWiki\WebContent\WEB-INF\groupdatabase.xml
2010-04-20 15:26:03,781 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase - XML group database at C:\projects\StrutsProd_workspace\JSPWiki\WebContent\WEB-INF\groupdatabase.xml
2010-04-20 15:26:03,828 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.GroupManager - Group database initialized.
2010-04-20 15:26:03,828 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.authorize.GroupManager - Authorizer GroupManager initialized successfully; loaded 3 group(s).
2010-04-20 15:26:03,906 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Using JDK 1.5 Platform MBeanServer
2010-04-20 15:26:04,156 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - com.ibm.ws.management.PlatformMBeanServer
2010-04-20 15:26:04,156 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - WebSphere
2010-04-20 15:26:04,171 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Registered new admin bean Core bean
2010-04-20 15:26:04,187 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Registered new admin bean User administration
2010-04-20 15:26:04,203 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Registered new admin bean Search manager
2010-04-20 15:26:04,218 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Registered new admin bean Plugins
2010-04-20 15:26:04,218 [server.startup : 2] INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager - Registered new admin bean Plain editor
2010-04-20 15:26:04,234 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - Registering filters
2010-04-20 15:26:04,250 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - Cannot find property file for filters (this is okay, expected to find it as: '/WEB-INF/filters.xml')
2010-04-20 15:26:04,250 [server.startup : 2] INFO com.ecyrd.jspwiki.render.RenderingManager - Rendering content with com.ecyrd.jspwiki.render.XHTMLRenderer.
2010-04-20 15:26:04,312 [server.startup : 2] INFO com.ecyrd.jspwiki.ReferenceManager - Starting cross reference scan of WikiPages
2010-04-20 15:26:04,390 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.UserManager - Attempting to load user database class com.ecyrd.jspwiki.auth.user.XMLUserDatabase
2010-04-20 15:26:04,406 [server.startup : 2] WARN com.ecyrd.jspwiki.auth.user.AbstractUserDatabase - XML user database property jspwiki.xmlUserDatabaseFile not found; trying C:\projects\StrutsProd_workspace\JSPWiki\WebContent\WEB-INF\userdatabase.xml
2010-04-20 15:26:04,406 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.user.AbstractUserDatabase - XML user database at C:\projects\StrutsProd_workspace\JSPWiki\WebContent\WEB-INF\userdatabase.xml
2010-04-20 15:26:04,406 [server.startup : 2] INFO com.ecyrd.jspwiki.auth.UserManager - UserDatabase initialized.
2010-04-20 15:26:05,312 [server.startup : 2] INFO com.ecyrd.jspwiki.ReferenceManager - Cross reference scan done in 0:00:01.000
2010-04-20 15:26:05,312 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - WikiEngine configured.
2010-04-20 15:26:05,312 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiEngine - Root path for this Wiki is: 'C:\projects\StrutsProd_workspace\JSPWiki\WebContent'
2010-04-20 15:26:05,312 [server.startup : 2] INFO com.ecyrd.jspwiki.WikiServlet - WikiServlet initialized.
2010-04-20 15:26:46,046 [WebContainer : 1] INFO com.ecyrd.jspwiki.util.UtilJ2eeCompat - serverInfo: IBM WebSphere Application Server/6.1
2010-04-20 15:26:50,765 [WebContainer : 1] INFO JSPWiki JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
2010-04-20 17:31:23,078 [WebContainer : 0] INFO SecurityLog JSPWiki:/JSPWiki/Login.jsp JSPWiki:http://localhost:9081/JSPWiki/Login.jsp - WikiSecurityEvent.LOGIN_AUTHENTICATED [source=com.ecyrd.jspwiki.auth.AuthenticationManager@314e314e, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal dclemmons, target=com.ecyrd.jspwiki.WikiSession@32883288]
2010-04-20 17:31:23,078 [WebContainer : 0] INFO JSPWiki JSPWiki:/JSPWiki/Login.jsp JSPWiki:http://localhost:9081/JSPWiki/Login.jsp - Successfully authenticated user dclemmons (custom auth)
2010-04-20 17:31:23,078 [WebContainer : 0] INFO JSPWiki JSPWiki:/JSPWiki/Login.jsp JSPWiki:http://localhost:9081/JSPWiki/Login.jsp - Redirecting user to http://localhost:9081/JSPWiki/Wiki.jsp?page=DavidS%20Page
2010-04-20 17:31:29,250 [WebContainer : 0] INFO JSPWiki JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Editing page DavidS Page. User=DavidClemmons, host=127.0.0.1
2010-04-20 17:32:27,078 [WebContainer : 0] INFO JSPWiki JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Saving page DavidS Page. User=DavidClemmons, host=127.0.0.1
2010-04-20 17:32:30,109 [WebContainer : 0] INFO SecurityLog JSPWiki:/JSPWiki/Logout.jsp JSPWiki:http://localhost:9081/JSPWiki/Logout.jsp - WikiSecurityEvent.LOGOUT [source=com.ecyrd.jspwiki.auth.AuthenticationManager@314e314e, princpal=com.ecyrd.jspwiki.auth.WikiPrincipal dclemmons, target=null]
2010-04-20 17:32:40,593 [WebContainer : 0] INFO JSPWiki JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
2010-04-20 19:57:43,609 [Non-deferrable Alarm : 0] INFO com.ecyrd.jspwiki.WikiServlet - WikiServlet shutdown.
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Thu, April 22, 2010 3:58:57 AM
Subject: Re: ACL problem
David,
the list does not accept attachments, can you put them inline, or put them
somewhere on a public host ?
regards,
Harry
2010/4/22 David Clemmons <d_...@yahoo.com>
> Attached is the policy and log file.
> Thank You,
> David Clemmons
>
>
> ------------------------------
> *From:* Harry Metske <ha...@gmail.com>
> *To:* jspwiki-user@incubator.apache.org
> *Sent:* Wed, April 21, 2010 11:52:42 AM
> *Subject:* Re: ACL problem
>
> David,
>
> can you share your jspwiki.policy file and the logfiles with us ?
> Your problem description is not enough for us to help you.
>
> regards,
> Harry
>
> 2010/4/19 David Clemmons <dc...@sbcglobal.net>
>
> > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> > anonymous users can still view this.
> >
> >
> > David Clemmons
> >
>
Re: ACL problem
Posted by Terry Steichen <te...@net-frame.com>.
Well, it would seem to be the equivalent of your hasAllPermission
boolean.
On Sun, 2010-04-25 at 18:33 -0700, David Clemmons wrote:
> What does this do and what code do you put it in?
>
> Thanks,David Clemmons
>
>
>
>
> ________________________________
> From: Terry Steichen <te...@net-frame.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Sun, April 25, 2010 2:19:31 PM
> Subject: Re: ACL problem
>
> Not sure if this will help, but I use the following throughout my code:
> boolean admin = wikiContext.hasAdminPermissions()
>
>
>
> On Sun, 2010-04-25 at 12:59 -0700, David Clemmons wrote:
>
> > The same thing happens after I clear cache. No I can't reproduce it in the sandbox. I downloaded source and put some println statements is AuthorizationManager.java as follows:
> >
> > Permission allPermission = new AllPermission( m_engine.getApplicationName() );
> > boolean hasAllPermission = checkStaticPermission( session, allPermission );
> > //hasAllPermission = false;
> > System.err.println("AuthorizationManager AllPermission: "+hasAllPermission);
> > if ( hasAllPermission )
> > {
> > System.err.println("AuthorizationManager the user: "+user+" has AllPermssion");
> > fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
> > return true;
> > }
> > System.err.println("AuthorizationManager the user does not have AllPermssion");
> >
> > The result is:
> > [4/25/10 12:57:13:187 PDT] 00000033 SystemErr R AuthorizationManager the user: [WikiPrincipal (unspecified): 127.0.0.1] has AllPermssion
> >
> > If I override hasAllPermission to false it works.
> >
> >
> > David Clemmons
> >
> >
> >
> >
> > ________________________________
> > From: Harry Metske <ha...@gmail.com>
> > To: jspwiki-user@incubator.apache.org
> > Sent: Sun, April 25, 2010 10:25:32 AM
> > Subject: Re: ACL problem
> >
> > what happens if you clear the browser cache after logging out ?
> >
> > And, can you reproduce it on http://sandbox.jspwiki.org ?
> >
> > regards,
> > Harry
> >
> > 2010/4/25 David Clemmons <d_...@yahoo.com>
> >
> > > Harry,
> > > Here's the bottom of my jspwiki.log file:
> > > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > > com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp -
> > > Committed Principal 127.0.0.1
> > > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > > 2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki
> > > JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp -
> > > Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
> > > 2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG
> > > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > >
> > > Here's is the page I edited:
> > > [{ALLOW view DavidClemmons}]
> > >
> > > This is my David's page and should not be seen by anyone but me.
> > >
> > >
> > >
> > > JSPWiki says G’day (anonymous guest)
> > >
> > > Am I coding the ACL correctly?
> > >
> > > Is my JAVA version correct?
> > >
> > > java -version
> > > java version "1.5.0"
> > > Java(TM) 2 Runtime Environment, Standard Edition (build
> > > pwi32devifx-20070323 (if
> > > ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
> > > IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32
> > > j9vmwi3223ifx-2007
> > > 0323 (JIT enabled)
> > > J9VM - 20070322_12058_lHdSMR
> > > JIT - 20070109_1805ifx3_r8
> > > GC - WASIFIX_2007)
> > > JCL - 20070131
> > >
> > >
> > >
> > > David Clemmons
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
What does this do and what code do you put it in?
Thanks,David Clemmons
________________________________
From: Terry Steichen <te...@net-frame.com>
To: jspwiki-user@incubator.apache.org
Sent: Sun, April 25, 2010 2:19:31 PM
Subject: Re: ACL problem
Not sure if this will help, but I use the following throughout my code:
boolean admin = wikiContext.hasAdminPermissions()
On Sun, 2010-04-25 at 12:59 -0700, David Clemmons wrote:
> The same thing happens after I clear cache. No I can't reproduce it in the sandbox. I downloaded source and put some println statements is AuthorizationManager.java as follows:
>
> Permission allPermission = new AllPermission( m_engine.getApplicationName() );
> boolean hasAllPermission = checkStaticPermission( session, allPermission );
> //hasAllPermission = false;
> System.err.println("AuthorizationManager AllPermission: "+hasAllPermission);
> if ( hasAllPermission )
> {
> System.err.println("AuthorizationManager the user: "+user+" has AllPermssion");
> fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
> return true;
> }
> System.err.println("AuthorizationManager the user does not have AllPermssion");
>
> The result is:
> [4/25/10 12:57:13:187 PDT] 00000033 SystemErr R AuthorizationManager the user: [WikiPrincipal (unspecified): 127.0.0.1] has AllPermssion
>
> If I override hasAllPermission to false it works.
>
>
> David Clemmons
>
>
>
>
> ________________________________
> From: Harry Metske <ha...@gmail.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Sun, April 25, 2010 10:25:32 AM
> Subject: Re: ACL problem
>
> what happens if you clear the browser cache after logging out ?
>
> And, can you reproduce it on http://sandbox.jspwiki.org ?
>
> regards,
> Harry
>
> 2010/4/25 David Clemmons <d_...@yahoo.com>
>
> > Harry,
> > Here's the bottom of my jspwiki.log file:
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp -
> > Committed Principal 127.0.0.1
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki
> > JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp -
> > Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
> > 2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> >
> > Here's is the page I edited:
> > [{ALLOW view DavidClemmons}]
> >
> > This is my David's page and should not be seen by anyone but me.
> >
> >
> >
> > JSPWiki says G’day (anonymous guest)
> >
> > Am I coding the ACL correctly?
> >
> > Is my JAVA version correct?
> >
> > java -version
> > java version "1.5.0"
> > Java(TM) 2 Runtime Environment, Standard Edition (build
> > pwi32devifx-20070323 (if
> > ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
> > IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32
> > j9vmwi3223ifx-2007
> > 0323 (JIT enabled)
> > J9VM - 20070322_12058_lHdSMR
> > JIT - 20070109_1805ifx3_r8
> > GC - WASIFIX_2007)
> > JCL - 20070131
> >
> >
> >
> > David Clemmons
Re: ACL problem
Posted by Terry Steichen <te...@net-frame.com>.
Not sure if this will help, but I use the following throughout my code:
boolean admin = wikiContext.hasAdminPermissions()
On Sun, 2010-04-25 at 12:59 -0700, David Clemmons wrote:
> The same thing happens after I clear cache. No I can't reproduce it in the sandbox. I downloaded source and put some println statements is AuthorizationManager.java as follows:
>
> Permission allPermission = new AllPermission( m_engine.getApplicationName() );
> boolean hasAllPermission = checkStaticPermission( session, allPermission );
> //hasAllPermission = false;
> System.err.println("AuthorizationManager AllPermission: "+hasAllPermission);
> if ( hasAllPermission )
> {
> System.err.println("AuthorizationManager the user: "+user+" has AllPermssion");
> fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
> return true;
> }
> System.err.println("AuthorizationManager the user does not have AllPermssion");
>
> The result is:
> [4/25/10 12:57:13:187 PDT] 00000033 SystemErr R AuthorizationManager the user: [WikiPrincipal (unspecified): 127.0.0.1] has AllPermssion
>
> If I override hasAllPermission to false it works.
>
>
> David Clemmons
>
>
>
>
> ________________________________
> From: Harry Metske <ha...@gmail.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Sun, April 25, 2010 10:25:32 AM
> Subject: Re: ACL problem
>
> what happens if you clear the browser cache after logging out ?
>
> And, can you reproduce it on http://sandbox.jspwiki.org ?
>
> regards,
> Harry
>
> 2010/4/25 David Clemmons <d_...@yahoo.com>
>
> > Harry,
> > Here's the bottom of my jspwiki.log file:
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp -
> > Committed Principal 127.0.0.1
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> > WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> > 2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki
> > JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp -
> > Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
> > 2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG
> > com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> > http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> > session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> >
> > Here's is the page I edited:
> > [{ALLOW view DavidClemmons}]
> >
> > This is my David's page and should not be seen by anyone but me.
> >
> >
> >
> > JSPWiki says G’day (anonymous guest)
> >
> > Am I coding the ACL correctly?
> >
> > Is my JAVA version correct?
> >
> > java -version
> > java version "1.5.0"
> > Java(TM) 2 Runtime Environment, Standard Edition (build
> > pwi32devifx-20070323 (if
> > ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
> > IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32
> > j9vmwi3223ifx-2007
> > 0323 (JIT enabled)
> > J9VM - 20070322_12058_lHdSMR
> > JIT - 20070109_1805ifx3_r8
> > GC - WASIFIX_2007)
> > JCL - 20070131
> >
> >
> >
> > David Clemmons
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
The same thing happens after I clear cache. No I can't reproduce it in the sandbox. I downloaded source and put some println statements is AuthorizationManager.java as follows:
Permission allPermission = new AllPermission( m_engine.getApplicationName() );
boolean hasAllPermission = checkStaticPermission( session, allPermission );
//hasAllPermission = false;
System.err.println("AuthorizationManager AllPermission: "+hasAllPermission);
if ( hasAllPermission )
{
System.err.println("AuthorizationManager the user: "+user+" has AllPermssion");
fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
return true;
}
System.err.println("AuthorizationManager the user does not have AllPermssion");
The result is:
[4/25/10 12:57:13:187 PDT] 00000033 SystemErr R AuthorizationManager the user: [WikiPrincipal (unspecified): 127.0.0.1] has AllPermssion
If I override hasAllPermission to false it works.
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Sun, April 25, 2010 10:25:32 AM
Subject: Re: ACL problem
what happens if you clear the browser cache after logging out ?
And, can you reproduce it on http://sandbox.jspwiki.org ?
regards,
Harry
2010/4/25 David Clemmons <d_...@yahoo.com>
> Harry,
> Here's the bottom of my jspwiki.log file:
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp -
> Committed Principal 127.0.0.1
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki
> JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp -
> Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
> 2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> session ID=cGGfYswMMePl5SQNRCJd6I1... found it
>
> Here's is the page I edited:
> [{ALLOW view DavidClemmons}]
>
> This is my David's page and should not be seen by anyone but me.
>
>
>
> JSPWiki says G’day (anonymous guest)
>
> Am I coding the ACL correctly?
>
> Is my JAVA version correct?
>
> java -version
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build
> pwi32devifx-20070323 (if
> ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
> IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32
> j9vmwi3223ifx-2007
> 0323 (JIT enabled)
> J9VM - 20070322_12058_lHdSMR
> JIT - 20070109_1805ifx3_r8
> GC - WASIFIX_2007)
> JCL - 20070131
>
>
>
> David Clemmons
Re: ACL problem
Posted by Harry Metske <ha...@gmail.com>.
what happens if you clear the browser cache after logging out ?
And, can you reproduce it on http://sandbox.jspwiki.org ?
regards,
Harry
2010/4/25 David Clemmons <d_...@yahoo.com>
> Harry,
> Here's the bottom of my jspwiki.log file:
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp -
> Committed Principal 127.0.0.1
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up
> WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> session ID=cGGfYswMMePl5SQNRCJd6I1... found it
> 2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki
> JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp -
> Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
> 2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG
> com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:
> http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for
> session ID=cGGfYswMMePl5SQNRCJd6I1... found it
>
> Here's is the page I edited:
> [{ALLOW view DavidClemmons}]
>
> This is my David's page and should not be seen by anyone but me.
>
>
>
> JSPWiki says G’day (anonymous guest)
>
> Am I coding the ACL correctly?
>
> Is my JAVA version correct?
>
> java -version
> java version "1.5.0"
> Java(TM) 2 Runtime Environment, Standard Edition (build
> pwi32devifx-20070323 (if
> ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
> IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32
> j9vmwi3223ifx-2007
> 0323 (JIT enabled)
> J9VM - 20070322_12058_lHdSMR
> JIT - 20070109_1805ifx3_r8
> GC - WASIFIX_2007)
> JCL - 20070131
>
>
>
> David Clemmons
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Harry,
Here's the bottom of my jspwiki.log file:
2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG com.ecyrd.jspwiki.auth.login.AbstractLoginModule JSPWiki:/JSPWiki/Edit.jsp - Committed Principal 127.0.0.1
2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp - Looking up WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
2010-04-25 08:16:04,078 [WebContainer : 1] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
2010-04-25 08:16:04,093 [WebContainer : 1] INFO JSPWiki JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Editing page DavidS Page. User=127.0.0.1, host=127.0.0.1
2010-04-25 08:16:04,156 [WebContainer : 1] DEBUG com.ecyrd.jspwiki.auth.SessionMonitor JSPWiki:/JSPWiki/Edit.jsp JSPWiki:http://localhost:9081/JSPWiki/Edit.jsp - Looking up WikiSession for session ID=cGGfYswMMePl5SQNRCJd6I1... found it
Here's is the page I edited:
[{ALLOW view DavidClemmons}]
This is my David's page and should not be seen by anyone but me.
JSPWiki says G’day (anonymous guest)
Am I coding the ACL correctly?
Is my JAVA version correct?
java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pwi32devifx-20070323 (if
ix 117674: SR4 + 116644 + 114941 + 116110 + 114881))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows XP x86-32 j9vmwi3223ifx-2007
0323 (JIT enabled)
J9VM - 20070322_12058_lHdSMR
JIT - 20070109_1805ifx3_r8
GC - WASIFIX_2007)
JCL - 20070131
David Clemmons
Re: ACL problem
Posted by Harry Metske <ha...@gmail.com>.
David,
I tested with your web.xml, jspwiki.properties and jspwiki.policy and cannot
reproduce the problem.
Basically there is nothing mis-configured, and the goal you try to achieve
is very common.
(you can comment out jspwiki.security=jaas, it's deprecated)
You could activate the SecurityAppender, see the bottom of
jspwiki.properties, uncomment the SecurityAppender statements and set the
loglevel to debug, maybe that will reveal the error.
regards,
Harry
2010/4/24 David Clemmons <d_...@yahoo.com>
> Here is the web.xml:
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
> version="2.4">
>
> <description>
> JSPWiki is an open source JSP-based WikiClone. It is licensed
> under the Apache 2.0 license.
>
> For more information, please come to http://www.jspwiki.org/
> </description>
> <display-name>JSPWiki</display-name>
>
> <!-- Resource bundle default location -->
> <context-param>
> <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
> <param-value>templates.default</param-value>
> </context-param>
>
> <!--
> WikiServletFilter defines a servlet filter which filters all requests.
> It was
> introduced in JSPWiki 2.4.
>
> In 2.7/2.8, the WikiServlet filter also performs an important security
> function:
> it sets authentication status based on container credentials. It
> should generally
> execute first. Note that if you configure a filter *before* this one
> that returns
> non-null values for getUserPrincipal() or getRemoteUser(),
> WikiSecurityFilter
> will pick the credentials up, and set the user's WikiSession state to
> "authenticated." WikiServletFlter will also set the WikiSession's'
> state
> to "authenticated" if jspwiki.properties property
> "jspwiki.cookieAuthentication"
> is set to true, and the user possesses the correct authentication
> cookie.
>
> Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is
> set to true,
> WikiServletFilter will also set WikiSession state to "asserted" if the
> user
> possesses the correct "assertion cookie."
> -->
>
> <filter>
> <filter-name>WikiServletFilter</filter-name>
> <filter-class>com.ecyrd.jspwiki.ui.WikiServletFilter</filter-class>
> </filter>
> <filter>
> <filter-name>WikiJSPFilter</filter-name>
> <filter-class>com.ecyrd.jspwiki.ui.WikiJSPFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/attach/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/atom/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/dav/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/RPCU/</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/RPC2/</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiServletFilter</filter-name>
> <url-pattern>/JSON-RPC</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiJSPFilter</filter-name>
> <url-pattern>/wiki/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WikiJSPFilter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> </filter-mapping>
>
> <!--
> HttpSessionListener used for managing WikiSession's.
> -->
> <listener>
> <listener-class>com.ecyrd.jspwiki.auth.SessionMonitor</listener-class>
> </listener>
>
> <!--
> Now, let's define the XML-RPC interfaces. You probably don't have to
> touch these.
>
> First, we'll define the standard XML-RPC interface.
> -->
> <servlet>
> <servlet-name>XMLRPC</servlet-name>
> <servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
> <init-param>
> <param-name>handler</param-name>
> <param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandler</param-value>
> </init-param>
>
> <init-param>
> <param-name>prefix</param-name>
> <param-value>wiki</param-value>
> </init-param>
> </servlet>
>
> <!--
> OK, this then defines that our UTF-8 -capable server.
> -->
>
> <servlet>
> <servlet-name>XMLRPC-UTF8</servlet-name>
> <servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
> <init-param>
> <param-name>handler</param-name>
>
> <param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandlerUTF8</param-value>
> </init-param>
>
> <init-param>
> <param-name>prefix</param-name>
> <param-value>wiki</param-value>
> </init-param>
> </servlet>
>
> <!-- JSON AJAX API -->
> <servlet>
> <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
>
> <servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
> </servlet>
>
> <!-- Atom Publishing Protocol -->
> <servlet>
> <servlet-name>ATOM</servlet-name>
>
> <servlet-class>com.ecyrd.jspwiki.rpc.atom.AtomAPIServlet</servlet-class>
> </servlet>
>
> <!-- Maps short URLS to JSPs; also, detects webapp shutdown. -->
> <servlet>
> <servlet-name>WikiServlet</servlet-name>
> <servlet-class>com.ecyrd.jspwiki.WikiServlet</servlet-class>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <servlet>
> <servlet-name>DAVServlet</servlet-name>
> <servlet-class>com.ecyrd.jspwiki.dav.WikiDavServlet</servlet-class>
> </servlet>
>
> <!--
> Attachment exchange handler.
> -->
>
> <servlet>
> <servlet-name>AttachmentServlet</servlet-name>
>
> <servlet-class>com.ecyrd.jspwiki.attachment.AttachmentServlet</servlet-class>
> </servlet>
>
> <!-- PLACEHOLDER FOR PRE-COMPILED JSP SERVLETS -->
>
> <!--
> And finally, let us tell the servlet container which
> URLs should correspond to which XML RPC servlet.
> -->
>
> <!-- By default, this is disabled. If you want to enabled it,
> just uncomment the whole section. -->
>
> <!-- REMOVE ME TO ENABLE XML-RPC
>
> <servlet-mapping>
> <servlet-name>XMLRPC</servlet-name>
> <url-pattern>/RPC2/</url-pattern>
> </servlet-mapping>
>
> <servlet-mapping>
> <servlet-name>XMLRPC-UTF8</servlet-name>
> <url-pattern>/RPCU/</url-pattern>
> </servlet-mapping>
>
> <servlet-mapping>
> <servlet-name>ATOM</servlet-name>
> <url-pattern>/atom/*</url-pattern>
> </servlet-mapping>
>
> AND REMOVE ME TOO -->
>
> <servlet-mapping>
> <servlet-name>AttachmentServlet</servlet-name>
> <url-pattern>/attach/*</url-pattern>
> </servlet-mapping>
>
> <servlet-mapping>
> <servlet-name>WikiServlet</servlet-name>
> <url-pattern>/wiki/*</url-pattern>
> </servlet-mapping>
>
> <!-- Remove to enable WebDav. EXPERIMENTAL FEATURE!
> <servlet-mapping>
> <servlet-name>DAVServlet</servlet-name>
> <url-pattern>/dav/*</url-pattern>
> </servlet-mapping>
> -->
>
> <servlet-mapping>
> <servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
> <url-pattern>/JSON-RPC</url-pattern>
> </servlet-mapping>
>
> <!-- This means that we don't have to use redirection
> from index.html anymore. Yay! -->
> <welcome-file-list>
> <welcome-file>Wiki.jsp</welcome-file>
> </welcome-file-list>
>
> <!-- Error pages -->
> <error-page>
> <error-code>403</error-code>
> <location>/error/Forbidden.html</location>
> </error-page>
>
> <!-- REMOVE ME TO ENABLE JDBC DATABASE
> <resource-ref>
> <description>
> Resource reference to JNDI factory for the JDBCUserDatabase.
> </description>
> <res-ref-name>
> jdbc/UserDatabase
> </res-ref-name>
> <res-type>
> javax.sql.DataSource
> </res-type>
> <res-auth>
> Container
> </res-auth>
> </resource-ref>
> <resource-ref>
> <description>
> Resource reference to JNDI factory for the JDBCGroupDatabase.
> </description>
> <res-ref-name>
> jdbc/GroupDatabase
> </res-ref-name>
> <res-type>
> javax.sql.DataSource
> </res-type>
> <res-auth>
> Container
> </res-auth>
> </resource-ref>
> REMOVE ME TO ENABLE JDBC DATABASE -->
>
> <!-- REMOVE ME TO ENABLE JAVAMAIL
> <resource-ref>
> <description>Resource reference to a container-managed JNDI JavaMail
> factory for sending e-mails.</description>
> <res-ref-name>mail/Session</res-ref-name>
> <res-type>javax.mail.Session</res-type>
> <res-auth>Container</res-auth>
> </resource-ref>
> REMOVE ME TO ENABLE JAVAMAIL -->
>
> <!--
> CONTAINER-MANAGED AUTHENTICATION & AUTHORIZATION
>
> Here we define the users which are allowed to access JSPWiki.
> These restrictions cause the web container to apply further
> contraints to the default security policy in jspwiki.policy,
> and should be suitable for a corporate intranet or public wiki.
>
> In particular, the restrictions below allow all users to
> read documents, but only Authenticated users can comment
> on or edit them (i.e., access the Edit.jsp page).
> Users with the role Admin are the only persons who can
> delete pages.
>
> To implement this policy, the container enforces two web
> resource constraints: one for the Administrator resources,
> and one for Authenticated users. Note that the "role-name"
> values are significant and should match the role names
> retrieved by your web container's security realm. The roles
> of "Admin" and "Authenticated" are assigned by the web
> container at login time.
>
> For example, if you are using Tomcat's built-in "memory realm",
> you should edit the $CATALINA_HOME/conf/tomcat-users.xml file
> and add the desired actual user accounts. Each user must possess
> one or both of the Admin or Authenticated roles. For other realm
> types, consult your web container's documentation.
>
> Alternatively, you could also replace all references to
> "Authenticated" and "Admin" with role names that match those
> returned by your container's security realm. We don't care
> either way, as long as they match.
>
> Note that accessing protected resources will cause your
> container to try to use SSL (default port for Tomcat is 8443)
> to secure the web session. This, of course, assumes your
> web container (or web server) is configured with SSL support.
> If you do not wish to use SSL, remove the "user-data-constraint"
> elements.
> -->
>
> <!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrative Area</web-resource-name>
> <url-pattern>/Delete.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <web-resource-collection>
> <web-resource-name>Read-only Area</web-resource-name>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Admin</role-name>
> <role-name>Authenticated</role-name>
> </auth-constraint>
>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/LoginForm.jsp</form-login-page>
> <form-error-page>/LoginForm.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>
> This logical role includes all authenticated users
> </description>
> <role-name>Authenticated</role-name>
> </security-role>
>
> <security-role>
> <description>
> This logical role includes all administrative users
> </description>
> <role-name>Admin</role-name>
> </security-role>
>
> REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->
>
> </web-app>
>
>
> David Clemmons
>
>
>
>
> ________________________________
> From: Harry Metske <ha...@gmail.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Sat, April 24, 2010 10:28:42 AM
> Subject: Re: ACL problem
>
> David,
>
> your jspwiki.policy looks fine.
> I cannot reproduce your problem, when you access the protected page
> anonymously you should get a message like
> *User 0:0:0:0:0:0:0:1 has no access - redirecting
>
> (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Testpage","view"))
> *
>
> Have you made changes to web.xml and/or jspwiki.properties that might
> affect
> this behaviour ?
> Can you reproduce it on http://sandbox.jspwiki.org ?
>
> regards,
> Harry
>
>
> 2010/4/24 David Clemmons <d_...@yahoo.com>
>
> > Harry,
> > FYI, I have the same problem on Tomcat running on Ubuntu.
> >
> > David Clemmons
> >
> >
> >
> >
> > ________________________________
> > From: Harry Metske <ha...@gmail.com>
> > To: jspwiki-user@incubator.apache.org
> > Sent: Thu, April 22, 2010 3:58:57 AM
> > Subject: Re: ACL problem
> >
> > David,
> >
> > the list does not accept attachments, can you put them inline, or put
> them
> > somewhere on a public host ?
> >
> >
> > regards,
> > Harry
> >
> > 2010/4/22 David Clemmons <d_...@yahoo.com>
> >
> > > Attached is the policy and log file.
> > > Thank You,
> > > David Clemmons
> > >
> > >
> > > ------------------------------
> > > *From:* Harry Metske <ha...@gmail.com>
> > > *To:* jspwiki-user@incubator.apache.org
> > > *Sent:* Wed, April 21, 2010 11:52:42 AM
> > > *Subject:* Re: ACL problem
> > >
> > > David,
> > >
> > > can you share your jspwiki.policy file and the logfiles with us ?
> > > Your problem description is not enough for us to help you.
> > >
> > > regards,
> > > Harry
> > >
> > > 2010/4/19 David Clemmons <dc...@sbcglobal.net>
> > >
> > > > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > > > work. For instance, I have a page with [{ALLOW view DavidClemmons}]
> > but
> > > > anonymous users can still view this.
> > > >
> > > >
> > > > David Clemmons
> > > >
> > >
> >
>
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Here is the web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>
JSPWiki is an open source JSP-based WikiClone. It is licensed
under the Apache 2.0 license.
For more information, please come to http://www.jspwiki.org/
</description>
<display-name>JSPWiki</display-name>
<!-- Resource bundle default location -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>templates.default</param-value>
</context-param>
<!--
WikiServletFilter defines a servlet filter which filters all requests. It was
introduced in JSPWiki 2.4.
In 2.7/2.8, the WikiServlet filter also performs an important security function:
it sets authentication status based on container credentials. It should generally
execute first. Note that if you configure a filter *before* this one that returns
non-null values for getUserPrincipal() or getRemoteUser(), WikiSecurityFilter
will pick the credentials up, and set the user's WikiSession state to
"authenticated." WikiServletFlter will also set the WikiSession's' state
to "authenticated" if jspwiki.properties property "jspwiki.cookieAuthentication"
is set to true, and the user possesses the correct authentication cookie.
Lastly, if jspwiki.properties property "jspwiki.cookieAssertions" is set to true,
WikiServletFilter will also set WikiSession state to "asserted" if the user
possesses the correct "assertion cookie."
-->
<filter>
<filter-name>WikiServletFilter</filter-name>
<filter-class>com.ecyrd.jspwiki.ui.WikiServletFilter</filter-class>
</filter>
<filter>
<filter-name>WikiJSPFilter</filter-name>
<filter-class>com.ecyrd.jspwiki.ui.WikiJSPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/attach/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/atom/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/dav/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/RPCU/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/RPC2/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/JSON-RPC</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiJSPFilter</filter-name>
<url-pattern>/wiki/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiJSPFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!--
HttpSessionListener used for managing WikiSession's.
-->
<listener>
<listener-class>com.ecyrd.jspwiki.auth.SessionMonitor</listener-class>
</listener>
<!--
Now, let's define the XML-RPC interfaces. You probably don't have to
touch these.
First, we'll define the standard XML-RPC interface.
-->
<servlet>
<servlet-name>XMLRPC</servlet-name>
<servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
<init-param>
<param-name>handler</param-name>
<param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandler</param-value>
</init-param>
<init-param>
<param-name>prefix</param-name>
<param-value>wiki</param-value>
</init-param>
</servlet>
<!--
OK, this then defines that our UTF-8 -capable server.
-->
<servlet>
<servlet-name>XMLRPC-UTF8</servlet-name>
<servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
<init-param>
<param-name>handler</param-name>
<param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandlerUTF8</param-value>
</init-param>
<init-param>
<param-name>prefix</param-name>
<param-value>wiki</param-value>
</init-param>
</servlet>
<!-- JSON AJAX API -->
<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<!-- Atom Publishing Protocol -->
<servlet>
<servlet-name>ATOM</servlet-name>
<servlet-class>com.ecyrd.jspwiki.rpc.atom.AtomAPIServlet</servlet-class>
</servlet>
<!-- Maps short URLS to JSPs; also, detects webapp shutdown. -->
<servlet>
<servlet-name>WikiServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.WikiServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>DAVServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.dav.WikiDavServlet</servlet-class>
</servlet>
<!--
Attachment exchange handler.
-->
<servlet>
<servlet-name>AttachmentServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.attachment.AttachmentServlet</servlet-class>
</servlet>
<!-- PLACEHOLDER FOR PRE-COMPILED JSP SERVLETS -->
<!--
And finally, let us tell the servlet container which
URLs should correspond to which XML RPC servlet.
-->
<!-- By default, this is disabled. If you want to enabled it,
just uncomment the whole section. -->
<!-- REMOVE ME TO ENABLE XML-RPC
<servlet-mapping>
<servlet-name>XMLRPC</servlet-name>
<url-pattern>/RPC2/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>XMLRPC-UTF8</servlet-name>
<url-pattern>/RPCU/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ATOM</servlet-name>
<url-pattern>/atom/*</url-pattern>
</servlet-mapping>
AND REMOVE ME TOO -->
<servlet-mapping>
<servlet-name>AttachmentServlet</servlet-name>
<url-pattern>/attach/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WikiServlet</servlet-name>
<url-pattern>/wiki/*</url-pattern>
</servlet-mapping>
<!-- Remove to enable WebDav. EXPERIMENTAL FEATURE!
<servlet-mapping>
<servlet-name>DAVServlet</servlet-name>
<url-pattern>/dav/*</url-pattern>
</servlet-mapping>
-->
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>
<!-- This means that we don't have to use redirection
from index.html anymore. Yay! -->
<welcome-file-list>
<welcome-file>Wiki.jsp</welcome-file>
</welcome-file-list>
<!-- Error pages -->
<error-page>
<error-code>403</error-code>
<location>/error/Forbidden.html</location>
</error-page>
<!-- REMOVE ME TO ENABLE JDBC DATABASE
<resource-ref>
<description>
Resource reference to JNDI factory for the JDBCUserDatabase.
</description>
<res-ref-name>
jdbc/UserDatabase
</res-ref-name>
<res-type>
javax.sql.DataSource
</res-type>
<res-auth>
Container
</res-auth>
</resource-ref>
<resource-ref>
<description>
Resource reference to JNDI factory for the JDBCGroupDatabase.
</description>
<res-ref-name>
jdbc/GroupDatabase
</res-ref-name>
<res-type>
javax.sql.DataSource
</res-type>
<res-auth>
Container
</res-auth>
</resource-ref>
REMOVE ME TO ENABLE JDBC DATABASE -->
<!-- REMOVE ME TO ENABLE JAVAMAIL
<resource-ref>
<description>Resource reference to a container-managed JNDI JavaMail factory for sending e-mails.</description>
<res-ref-name>mail/Session</res-ref-name>
<res-type>javax.mail.Session</res-type>
<res-auth>Container</res-auth>
</resource-ref>
REMOVE ME TO ENABLE JAVAMAIL -->
<!--
CONTAINER-MANAGED AUTHENTICATION & AUTHORIZATION
Here we define the users which are allowed to access JSPWiki.
These restrictions cause the web container to apply further
contraints to the default security policy in jspwiki.policy,
and should be suitable for a corporate intranet or public wiki.
In particular, the restrictions below allow all users to
read documents, but only Authenticated users can comment
on or edit them (i.e., access the Edit.jsp page).
Users with the role Admin are the only persons who can
delete pages.
To implement this policy, the container enforces two web
resource constraints: one for the Administrator resources,
and one for Authenticated users. Note that the "role-name"
values are significant and should match the role names
retrieved by your web container's security realm. The roles
of "Admin" and "Authenticated" are assigned by the web
container at login time.
For example, if you are using Tomcat's built-in "memory realm",
you should edit the $CATALINA_HOME/conf/tomcat-users.xml file
and add the desired actual user accounts. Each user must possess
one or both of the Admin or Authenticated roles. For other realm
types, consult your web container's documentation.
Alternatively, you could also replace all references to
"Authenticated" and "Admin" with role names that match those
returned by your container's security realm. We don't care
either way, as long as they match.
Note that accessing protected resources will cause your
container to try to use SSL (default port for Tomcat is 8443)
to secure the web session. This, of course, assumes your
web container (or web server) is configured with SSL support.
If you do not wish to use SSL, remove the "user-data-constraint"
elements.
-->
<!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->
</web-app>
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Sat, April 24, 2010 10:28:42 AM
Subject: Re: ACL problem
David,
your jspwiki.policy looks fine.
I cannot reproduce your problem, when you access the protected page
anonymously you should get a message like
*User 0:0:0:0:0:0:0:1 has no access - redirecting
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Testpage","view"))
*
Have you made changes to web.xml and/or jspwiki.properties that might affect
this behaviour ?
Can you reproduce it on http://sandbox.jspwiki.org ?
regards,
Harry
2010/4/24 David Clemmons <d_...@yahoo.com>
> Harry,
> FYI, I have the same problem on Tomcat running on Ubuntu.
>
> David Clemmons
>
>
>
>
> ________________________________
> From: Harry Metske <ha...@gmail.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Thu, April 22, 2010 3:58:57 AM
> Subject: Re: ACL problem
>
> David,
>
> the list does not accept attachments, can you put them inline, or put them
> somewhere on a public host ?
>
>
> regards,
> Harry
>
> 2010/4/22 David Clemmons <d_...@yahoo.com>
>
> > Attached is the policy and log file.
> > Thank You,
> > David Clemmons
> >
> >
> > ------------------------------
> > *From:* Harry Metske <ha...@gmail.com>
> > *To:* jspwiki-user@incubator.apache.org
> > *Sent:* Wed, April 21, 2010 11:52:42 AM
> > *Subject:* Re: ACL problem
> >
> > David,
> >
> > can you share your jspwiki.policy file and the logfiles with us ?
> > Your problem description is not enough for us to help you.
> >
> > regards,
> > Harry
> >
> > 2010/4/19 David Clemmons <dc...@sbcglobal.net>
> >
> > > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > > work. For instance, I have a page with [{ALLOW view DavidClemmons}]
> but
> > > anonymous users can still view this.
> > >
> > >
> > > David Clemmons
> > >
> >
>
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Harry,
Here is my properties file. I may have added these lines since I opened this problem:
log4j.logger.com.ecyrd.jspwiki.auth=debug, FileLog
log4j.additivity.com.ecyrd.jspwiki.auth=false
###########################################################################
#
# This is the JSPWiki configuration file. You'll need to edit this
# a bit. The first few lines are the most important ones.
#
# Wherever it is said that an option can be "true" or "false", you can
# also use "yes"/"no", or "on/off". Just for some convenience.
#
#
# You can use this to override the default application name. It affects
# the HTML titles and logging, for example. It can be different from
# the actual web name (http://my.com/mywiki) of the application, but usually
# it is the same.
#
jspwiki.applicationName =JSPWiki
log4j.logger.com.ecyrd.jspwiki.auth=debug, FileLog
log4j.additivity.com.ecyrd.jspwiki.auth=false
jspwiki.security =jaas
#To run admin/SecurityConfig.jsp this must be true
#jspwiki-x.securityconfig.enable=false
#
# Describe where your wiki lives (the real URL through which it is available
# through the internet/intranet). This is a mandatory attribute.
#
# Be careful if you use a localhost address (http://localhost/ or http://127.0.0.1/),
# as this will cause some unwanted side effects if your wiki is accessed from
# any other computer than where the wiki is running.
#
# Example:
# jspwiki.baseURL = http://www.jspwiki.org/
#
jspwiki.baseURL=http://localhost:9081/JSPWiki/
#
# Which page provider class to use. Possibilities are:
#
# RCSFileProvider - for simple RCS-based file storage
# FileSystemProvider - for simple pure file storage with no version information
# VersioningFileProvider - for simple, non-RCS based versioning storage.
#
# Note that if you're upgrading from JSPWiki 1.x, then you need to remove the
# "com.ecyrd.jspwiki." part from the beginning of the path.
#
jspwiki.pageProvider =VersioningFileProvider
#
# How to order pages in various lists and plugins. By default, they are
# ordered using Java's "natural" String order (purely character by character
# comparison). This means that the pages named "Page1", "Page2" and "Page10"
# appear in the order "Page1", "Page10", "Page2".
#
# To specify a different ordering, give the fully qualified name of a String
# Comparator. If the class can't be found, an error will be logged and page
# sorting will fall back to the default "natural" ordering. You can specify
# any String Comparator class here BUT be careful of using case insensitive
# comparators as JSPWiki page names may be case sensitive.
# Example: jspwiki.pageNameComparator.class = my.fully.qualified.comparator
#
# For convenience, we have provided a few possibly useful comparators:
#
# HumanComparator understands numbers and sorts in a more human friendly
# order (English only). Using HumanComparator, the pages "Page1", "Page2",
# "Page10" will sort in that order.
# Example: jspwiki.pageNameComparator.class = HumanComparator
#
# LocaleComparator uses the server's Locale for ordering. Useful if your
# content is always in a language other than English. Does not do human
# friendly numeric ordering.
# Example: jspwiki.pageNameComparator.class = LocaleComparator
#
#jspwiki.pageNameComparator.class =
#
# Set to true, if you want to cache page data into memory. This is
# in general a good idea.
#
# Default is false (no cache).
#
# NB: This replaces the JSPWiki 1.x "CachingProvider" setting, since it
# probably was too confusing.
#
jspwiki.usePageCache =true
#
# Determines where wiki files are kept for FileSystemProvider
# and RCSFileProvider
#
# If you're using Windows, then you must duplicate the backslashes.
# For example, use:
#
# jspwiki.fileSystemProvider.pageDir = C:\\Data\\jspwiki
#
jspwiki.fileSystemProvider.pageDir =C:\\\\jspwiki
#
# The JSPWiki working directory. If not set, a temporary path will
# be used. You can see the location of the workdir in the logs.
# It is HIGHLY recommended that you set this.
#
# The working directory is used to cache things like Lucene search
# results.
#
jspwiki.workDir =C:\\\\jspwiki
#
# ATTACHMENTS:
#
# Use the following property to define which attachment provider
# you want to use. You have basically two choices:
# * Set the value to BasicAttachmentProvider
# a simple, flat file versioning provider
# * Leave the value empty (or just comment the line out)
# the attachment functionality is disabled
#
jspwiki.attachmentProvider =BasicAttachmentProvider
#
# The BasicAttachmentProvider needs to know where to store the files
# the user has uploaded. It's okay to put these in the same directory
# as you put your text files (i.e. the pageDir setting above).
#
# If you're using Windows, then you must duplicate the backslashes.
# For example, use:
#
# jspwiki.basicAttachmentProvider.storageDir = C:\\Data\\jspwiki
#
jspwiki.basicAttachmentProvider.storageDir =C:\\\\jspwiki
#
# You can tell the BasicAttachmentProvider to add a flag
# so that browsers do not cache certain (or all) attachment
# types. This is useful in intranet environments. You should activate
# this if your users complain that their excel files are not uploaded
# correctly and they still do have an old version: Usually the
# file was uploaded correctly, but they get the locally cached version
#
# You can use regular expressions to disable the cache, e.g the
# following example will disable browser cache for all excel and word files
#
# If you don't define this property, cache is enabled by default for
# all attachments
#
# jspwiki.basicAttachmentProvider.disableCache = .*\.xls|.*\.doc
#
# You can limit the maximum size of an attachment by setting this
# value. The value is in bytes, and by default all attachments
# are accepted.
#
# The following line would limit the attachment size to 100,000 bytes
#jspwiki.attachment.maxsize=100000
#
# By default JSPWiki accepts all types of attachments. However, you
# can allow some types only, or forbid some other types. By default,
# all file types are allowed (if you do not specify the "allow" list
# at all or it is empty).
#
# These both are space-separated lists of file suffixes
#
# Example: Allow only PNG, JPG, ZIP and JAR file attachments
#jspwiki.attachment.allow=.png .jpg .zip .jar
# Example: Forbid HTML, PHP, ASP and EXE
#jspwiki.attachment.forbid=.html .htm .php .asp .exe
#
# page Diff Representation
#
# To show differences between page versions, you can define a
# difference provider.
# The following choices are available:
# * TraditionalDiffProvider - Uses internal (java) diff
# to create a list of changes and shows it line by
# line colored. This is the default
# * ContextualDiffProvider - Uses internal (java) diff
# to create changes inline and shows it on a word by
# word basis using CSS. This is much superior to the
# traditional diff provider, however, it is still quite
# new and not much tested. YMMV.
# * ExternalDiffProvider - uses a system diff program (which
# can be configured using "jspwiki.diffCommand") to
# create an unified (!) diff.
#
# Example for a diff command:
# jspwiki.diffCommand = /usr/bin/diff -u %s1 %s2
#
jspwiki.diffProvider =TraditionalDiffProvider
# Determines if you need to have relative urls or not. If the baseURL
# is not set, then this has no effect, but if you set the baseURL (which
# is highly recommended), you can use this to set relative urls.
#
# Possible values are "absolute" and "relative".
#
#jspwiki.referenceStyle=relative
#
# Determines which character encoding JSPWiki should use. If you want
# to support all languages in your Wiki, you probably want to enable
# this. From JSPWiki 2.2, it is strongly suggested that you use UTF-8.
#
# Note that you can't switch these in the mean time, since the way the
# files are encoded on disk is incompatible between ISO-Latin1 and UTF-8.
# Don't try. You'll get all sorts of interesting problems, if you do.
#
# Possible values are 'ISO-8859-1' (default, if none has been specified)
# and 'UTF-8'.
jspwiki.encoding =UTF-8
#
# Determines whether raw HTML is allowed as Wiki input.
#
# THIS IS A DANGEROUS OPTION!
#
# If you decide to allow raw HTML, understand that ANY person who has
# access to your Wiki site can embed ANY sort of malicious JavaScript,
# or plugin, or ActiveX, or whatever on your site. They can even mess it
# up so royally it is impossible for you to replace the situation without
# the need of direct access to the repository. So think twice before
# allowing raw HTML on your own site.
#
# Most probably you want to use this on Intranets, or personal servers,
# where only a handful of people can access the wiki.
#
# Text between {{{ and }}} -options is not affected by this setting, so
# it's always safe to quote HTML code with those.
#
# The default for this option is "false".
#
jspwiki.translatorReader.allowHTML =false
############################################################################
#
# Usability niceties.
#
#
# If this property is set to "true", then page titles are rendered
# using an extra space between every capital letter. It may make
# page titles readable on some occasions, but it does have the
# drawback of making the titles look a bit funny at times.
#
jspwiki.breakTitleWithSpaces =false
#
# If set to true, this property means that "WikiName" and "WikiNames"
# are considered equal when linking between them. Setting this to
# true does not prevent you from having both kinds of pages - we just
# fall back to the other one if the primary name does not exist.
#
# For any other language, you'll probably want to turn this off.
#
jspwiki.translatorReader.matchEnglishPlurals =true
#
# If you set this to true, the Wiki translator will then also consider
# "traditional" WikiNames (that is, names of pages JustSmashedTogether
# without square brackets) as hyperlinks. This technique is also
# known as "CamelCase", or "BumpyCase", or "InterCapping". I personally
# like CamelCase as a word, which is why this property is named as it is :-).
#
# By default this is false, since traditional WikiLinks may confuse newbies.
#
# This option can be overridden on a per-page basis using the SET directive.
#
jspwiki.translatorReader.camelCaseLinks =false
#
# This sets the default template used by the Wiki engine. The templates
# live in templates/<template name>. JSPWiki will attempt to find three
# basic templates from that directory: "ViewTemplate," "EditTemplate"
# and "AdminTemplate"
#
# By default this is called "default".
#
# This option can be overridden on a per-page basis using the SET directive.
#
jspwiki.templateDir =default
#
# The name of the front page. This is the page that gets loaded if no
# other page is loaded. Up until JSPWiki 1.9.28, it was always called
# "Main", but now you can easily change the default front page here. If not
# defined, uses "Main".
#
#jspwiki.frontPage = Main
#
# Allow creation of empty pages. Defaults to false.
#
#jspwiki.allowCreationOfEmptyPages = false
#
# If set to true, all outward links have a small icon attached. The icon
# can be found from images/out.png. Default is true.
#
jspwiki.translatorReader.useOutlinkImage =true
#
# Set this to the number of minutes a person can "lock" a page
# for while he is editing it.
#
jspwiki.lockExpiryTime =60
#
# Search provider used for searching pages and attachments.
# Default is LuceneSearchProvider, but you can fall back to BasicSearchProvider
#
jspwiki.searchProvider =LuceneSearchProvider
#
# If your wiki's language is something else than English, you might
# want to visit jakarta.apache.org/lucene and download a proper Analyzer
# for your language. Default is to use StandardAnalyzer.
#
#jspwiki.lucene.analyzer = org.apache.lucene.analysis.standard.StandardAnalyzer
############################################################################
#
# Special page references.
#
# The URL is relative to Wiki.jsp. However, if you use
# a full, absolute URL, you can also do that.
#
# Example to redirect all requests to a page called 'OriginalWiki'
# to the original wikiwiki at http://c2.com/cgi/wiki
#
# jspwiki.specialPage.OriginalWiki = http://c2.com/cgi/wiki
#
# Note that it is entirely possible to override any Wiki page, even
# an existing one by redefining it here.
#
jspwiki.specialPage.CreateGroup =NewGroup.jsp
#jspwiki.specialPage.FindPage = Search.jsp
jspwiki.specialPage.Search =Search.jsp
jspwiki.specialPage.Login =Login.jsp
jspwiki.specialPage.NewGroup =NewGroup.jsp
jspwiki.specialPage.UserPreferences =UserPreferences.jsp
jspwiki.specialPage.Workflow =Workflow.jsp
#############################################################################
#
# Plugin search paths.
#
# Define here the packages you want to use for searching plugins,
# separated with commas.
# For example, use the following command to add "org.myorganisation.jspwiki.myplugins"
# and "com.foobar.myplugins" to the search path.
#
# jspwiki.plugin.searchPath = org.myorganisation.jspwiki.myplugins,com.foobar.myplugins
#
# The default path is "com.ecyrd.jspwiki.plugin", and it will be always
# the last item on the path. This allows you to override JSPWiki default
# plugins. Note that you are only adding to the path, not replacing it (ie.
# the default path is never removed.)
#
# If the path is not specified (and there is no jspwiki_module.xml with the
# plugin JAR), you need to either declare the search path by hand, or
# use a fully qualified name.
#
# If you are a plugin developer, please consider deploying a jspwiki_module.xml
# file with your plugin JAR, so that the user does not have to set the searchPath.
#
# jspwiki.plugin.searchPath = org.myorganisation.jspwiki.myplugins,com.foobar.myplugins
#
jspwiki.plugin.searchPath =
#############################################################################
#
# Page filters
#
# Normally, the filter configuration is in your WEB-INF/ directory, so you
# do not need to go and specify this. However, if your filters.xml live somewhere
# else, you'll have to specify it here.
#
#jspwiki.filterConfig = /some/path/to/your/filters.xml
#############################################################################
#
# URL Constructor
#
# JSPWiki by default generates page and attachment links that use JSP
# pages and request parameters. It can also use alternative URL
# constructors so that URL pages resemble traditional website paths, too.
# You have three choices for generating URLs:
#
# DefaultURLConstructor - uses JSPs for all references:
# http://mywiki.com/jspwiki/Wiki.jsp?page=Main
# http://mywiki.com/jspwiki/Edit.jsp?page=Main
#
# ShortURLConstructor - uses path-like reference style:
# http://mywiki.com/jspwiki/wiki/Main
# http://mywiki.com/jspwiki/wiki/Main?do=Edit
#
# ShortViewURLConstructor - uses path-like references for views; JSPs for everything else:
# http://mywiki.com/jspwiki/wiki/Main
# http://mywiki.com/jspwiki/Edit.jsp?page=Main
#
# Of course, you can also write your own implementation if you wish.
#
# For either of the ShortURL constructors, you can also specify a
# prefix path to go in front of page names. By default, the
# prefix is 'wiki/'.
#
# Be warned that the ShortURLConstructor does not work well with any other editor
# except the built-in plaintext one. Use ShortViewURLConstructor if you plan
# to enable any other ones.
#
#jspwiki.urlConstructor = DefaultURLConstructor
#jspwiki.urlConstructor = ShortViewURLConstructor
#jspwiki.shortURLConstructor.prefix = wiki/
#############################################################################
#
# Rendering
#
# At this time, entries here are strictly for development and testing.
#
# Disable internal caching of pre-constructed document DOMs.
# This may be necessary if you require custom rendering that must not be cached.
#jspwiki.renderingManager.useCache = false
#############################################################################
#
# Security, authentication and authorization
#
# JSPWiki supports a plugin-based interface for talking to different
# kinds of authentication and authorization systems. By "authentication,"
# we mean a system for logging in a user to establish their identity.
# By "authorization," we mean a system for figuring out what actions
# users can perform based on their authenticated identities.
#
# For users looking to get started quickly, the default settings below
# should work fine. In addition to the properties below, you may also
# want to modify the security policy file WEB-INF/jspwiki.policy. See
# the policy file for more details.
#
# AUTHENTICATION
#
# For authentication, JSPWiki uses JAAS (Java Authentication and Authorization
# Service) in combination with a servlet filter that picks up any credentials
# set by the servlet container. The Authentication system is configured below.
#
# You must choose either (A) Container or (B) Custom authentication. (B) is the default.
#
# A) CONTAINER AUTHENTICATION
# JSPWiki will always (passively) collect credentials supplied by your servlet
# container, via HttpServletRequest.getUserPrincipal/getRemote user. You do not
# need to do anything to enable this. In addition, you can cause JSPWiki users
# to log in to the web container by uncommenting the the <security-constraint>
# elements in WEB-INF/web.xml.
#
# B) CUSTOM AUTHENTICATION
# If you do not wish to use container-managed authentication, you can use JSPWiki's
# own custom authentication system. This uses a JAAS LoginModule (supplied below)
# to log in the user. You can use any JAAS LoginModule you want.
# The default class is com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule,
# which compares the supplied username and hashed password with the values stored
# in the configured UserDatabase (see USER DATABASE below).
#
# Supply the JAAS LoginModule class used for custom authentication here.
# The implementation MUST have a zero-argument constructor (as noted in the
# javax.security.auth.spi.LoginModule Javadocs).
jspwiki.loginModule.class =com.ecyrd.jspwiki.auth.login.UserDatabaseLoginModule
#
# JAAS LoginContext parameters used to initialize the LoginModule. Note that 'param1'
# etc. should be replaced with the actual parameter names. The parameter names and
# values will be loaded to a Map and passed to the LoginModule as the 'options' parameter
# when its initialize() method is called. The default UserDatabaseLoginModule class does
# not need any options.
#jspwiki.loginModule.options.param1 = value1
#jspwiki.loginModule.options.param2 = value2
#
# Cookie authentication & assertion
#
# If this value is set to "true", then JSPWiki will allow you to "assert" an
# identity using a cookie. It's still considered to be unsafe, just like no
# login at all, but it is useful when you have no need to force everyone to login.
#
# By default, this is on.
#
jspwiki.cookieAssertions=false
#
# If you would like to keep your users logged in for weeks at a time, you can
# turn on "cookie authentication" feature. However, this comes with important
# security caveats:
# 1) User will stay logged in into your system for weeks. This means that if
# someone manages to nab the cookie during this time, they can pretend to
# be that user.
# 2) The mappings between cookies and users are written in your filesystem,
# in $jspwiki.workDir/logincookies. Access to this directory means that
# the ability to fake anyone in the wiki, so please make sure that only
# the proper admin has read access to this directory.
#
# By default, cookie authentication is off.
#
#jspwiki.cookieAuthentication=false
#
# Defines how many days the cookies are kept, and how often the people have to log in.
# The default is two weeks, i.e. 14 days. If you need a shorter period than one day,
# turn off cookie authentication, then tweak your web.xml to allow for longer sessions.
#
#jspwiki.cookieAuthentication.expiry=14
#
#
# AUTHORIZATION
#
# For authorization, JSPWiki has a two-tier system. When we want to
# determine whether a user has permission to perform a certain action,
# we first consult (A) an external "authorizer" to determine if the user
# is a member of the required role. In addition to checking its external
# authorizer, it also checks (B) its GroupManager for wiki-managed groups.
#
# A) EXTERNAL AUTHORIZATION
# By default, JSPWiki uses the servlet container's authorization service
# for to check what roles the user belongs to (that is, it calls
# HttpServletRequest.isUserInRole(String)). After the user authenticates,
# the default Authorizer (WebContainerAuthorizer) checks to see if the user
# belongs to the roles listed in web.xml using <security-role>/<role-name> or
# <auth-constraint>/<role-name> elements. However, you can use another
# Authorizer if you wish; specify that class here.
jspwiki.authorizer =com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
# B) GROUPS
# As an additional source of authorization, users can belong to discretionary
# "wiki groups" that the users manage themselves. Wiki groups are stored in a
# GroupDatabase. The default group database uses an XML file for persistent
# storage. Override with your own GroupDatabase implementation with this property:
jspwiki.groupdatabase =com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase
# The default group database implementation stores member lists
# in an XML file. The location of this file should be in a secure directory
# in the filesystem; for example, in /etc or your servlet container's
# configuration directory If you do not supply a value for this property,
# a blank group database will be initialized in the WEB-INF/ directory of the
# deployed webapp. Since these directories are often overwritten when webapps
# are undeployed or redeployed, you should probably set this property to
# something useful as soon as you can. But for test wikis, it's probably
# ok to leave this un-set, as long as users know that their groups could
# "disappear" if the wiki app is ever redeployed.
#jspwiki.xmlGroupDatabaseFile = /etc/tomcat/groupdatabase.xml
# USER DATABASE
# User's wiki profiles are stored in a UserDatabase. The default user database
# uses an XML file for persistent storage.
# Override with your own UserDatabase implementation with this property:
jspwiki.userdatabase =com.ecyrd.jspwiki.auth.user.XMLUserDatabase
# The default user database implementation stores usernames and passwords
# in an XML file. Passwords are SHA-1 hashed. The location of this file
# should be in a secure directory in the filesystem; for example, in
# /etc or your servlet container's configuration directory.
# If you do not supply a value for this property, a blank user database
# will be initialized in the WEB-INF/ directory of the deployed webapp.
# Since these directories are often overwritten when webapps are
# undeployed or redeployed, you should probably set this property to
# something useful as soon as you can. But for test wikis, it's probably
# ok to leave this un-set, as long as users know that their profiles could
# "disappear" if the wiki app is ever redeployed.
#jspwiki.xmlUserDatabaseFile = /etc/tomcat/userdatabase.xml
# You can also use a JDBC database for storing user profiles.
# See the online AuthenticationAndAuthorization2.3 docs for details on
# how to configure it.
#jspwiki.userdatabase = com.ecyrd.jspwiki.auth.user.JDBCUserDatabase
# If your JSPWiki user database shares login information with your
# web container's authentication realm, you can configure JSPWiki to
# add container users. At present, this only works with JDBCUserDatabase,
# and only if you've configured your web container to use a database
# with compatible columns and tables. If you don't know what this means,
# then leave this property set to FALSE (the default).
#jspwiki.userdatabase.isSharedWithContainer = false
# ACCESS CONTROL LISTS
# Last but not least, JSPWiki needs a way of reading and persisting page
# access control lists. The default implementation reads these from the page
# markup. For example: "[{ALLOW edit Charlie}]". If using a custom
# ACL manager, specify the AclManager implementation class here:
jspwiki.aclManager =com.ecyrd.jspwiki.auth.acl.DefaultAclManager
#############################################################################
#
# InterWiki links
#
# The %s is replaced with the page reference (specify
# multiple times to get multiple references). Page references should
# appear in format : [wiki:wikipage].
#
# This is the JSPWiki home. In future, JSPWiki will probably rely on this
# for error messages, so I don't recommend that you change it.
jspwiki.interWikiRef.JSPWiki =http://www.jspwiki.org/wiki/%s
# Here's how you can have directly links to the JSPWiki editor.
# Now you can put a hyperlink for editing "MainPage" by making
# a link [Edit:MainPage].
jspwiki.interWikiRef.Edit =Edit.jsp?page=%s
# This is the original WikiWikiWeb
jspwiki.interWikiRef.WikiWikiWeb =http://c2.com/cgi/wiki?%s
# TWiki, a very nice WikiClone.
jspwiki.interWikiRef.TWiki =http://twiki.org/cgi-bin/view/TWiki/%s
# MeatballWiki, which seems to be quite popular.
jspwiki.interWikiRef.MeatballWiki =http://usemod.com/cgi-bin/mb.pl?%s
# Wikipedia, a Wiki encyclopedia!
jspwiki.interWikiRef.Wikipedia =http://www.wikipedia.com/wiki/%s
# Google, the ubiquitous search engine.
jspwiki.interWikiRef.Google =http://www.google.com/search?q=%s
# JSPWiki documentation (for this release)
jspwiki.interWikiRef.Doc =http://doc.jspwiki.org/2.8/wiki/%s
############################################################################
#
# Define which image types are inlined.
# These are your standard glob expressions (just like in your
# Windows or UNIX shells). Default pattern is to include all PNG
# images. If you specify something here, you will override the default.
#
# Don't forget to increase the number after the dot - duplicate entries
# cause problems!
#
# For example:
# Inline all JPG files, PNG files and all files from images.com:
#
# jspwiki.translatorReader.inlinePattern.1 = *.jpg
# jspwiki.translatorReader.inlinePattern.2 = *.png
# jspwiki.translatorReader.inlinePattern.3 = http://images.com/*
###########################################################################
#
# Determine how the RSS (Rich Site Summary) file generation should work.
# RSS is a standard pioneered by Netscape, which allows you to join your
# Wiki with a huge number of different news services around the world.
# Try a Google search on RSS and see what you can do with it.
#
# All of these settings were added in JSPWiki 1.7.6.
#
# Note that jspwiki.baseURL MUST BE DEFINED if you want to enable RSS!
#
# Determine if the RSS file should be generated at all. Allowed values
# are "true" and "false". Default is "false".
#
jspwiki.rss.generate =false
#
# Determine the name of the RSS file. This path is relative to your
# Wiki root. Default is "rss.rdf"
#
jspwiki.rss.fileName =rss.rdf
#
# Determine the refresh interval (ie. how often the RSS file is regenerated.
# It is not recommended to make this too often, or you'll choke your server.
# Anything above five minutes is probably okay. The default value is one hour.
# The value should be in seconds.
#
jspwiki.rss.interval =3600
#
# The text you want to be shown as your "channel description" when someone
# subscribes to it. You can be quite verbose here, up to 500 characters or
# so. You can continue to a new line by adding a backslash to the end of the
# line. Default is to have no description.
#
jspwiki.rss.channelDescription =Oh poor me, my owner has not set a channel description at all. Pity me.
a channel description at all. \
Pity me.
#
# The language of your Wiki. This is a standard, two-letter language
# code, or in case of some languages, two letters for the country,
# a dash, and two letters for the dialect.
#
jspwiki.rss.channelLanguage =en-us
###########################################################################
#
# JDBC Configuration. Tells JSPWiki which tables and columns to map
# to for the JDBCUserDatabase and JDBCGroupDatabase. For more info, see the
# JavaDoc for classes com.ecyrd.jspwiki.auth.user.JDBCUserDatabase and
# com.ecyrd.jspwiki.auth.authorize.JDBCGroupDatabase.
#
jspwiki.userdatabase.datasource=jdbc/UserDatabase
jspwiki.userdatabase.table=users
jspwiki.userdatabase.uid=uid
jspwiki.userdatabase.email=email
jspwiki.userdatabase.fullName=full_name
jspwiki.userdatabase.loginName=login_name
jspwiki.userdatabase.password=password
jspwiki.userdatabase.wikiName=wiki_name
jspwiki.userdatabase.created=created
jspwiki.userdatabase.modified=modified
jspwiki.userdatabase.lockExpiry=lock_expiry
jspwiki.userdatabase.attributes=attributes
jspwiki.userdatabase.roleTable=role
jspwiki.userdatabase.role=role
jspwiki.groupdatabase.datasource=jdbc/GroupDatabase
jspwiki.groupdatabase.table=groups
jspwiki.groupdatabase.membertable=member
jspwiki.groupdatabase.created=created
jspwiki.groupdatabase.creator=creator
jspwiki.groupdatabase.name=name
jspwiki.groupdatabase.member=member
jspwiki.groupdatabase.modified=modified
jspwiki.groupdatabase.modifier=modifier
###########################################################################
#
# JavaMail configuration. If you wish to allow your users to recover
# their passwords via email, you should configure these properties.
# JavaMail can use either a container-managed JNDI resource factory
# (recommended, and the default), or a stand-alone factory whose properties
# are configured with mail.* properties in this file (below).
#
# A. Configure the address from which the email appears to come.
# If you're going to use a mail session obtained via JNDI, this setting
# will only be used if it hasn't already been configured in the obtained
# session itself. If you comment it out, JSPWiki will use its internal
# default value.
# If you're going to use a stand-alone mail session, you will surely want
# to configure it, otherwise the internal default value will be used.
#
mail.from =@mail.from@
# B. JNDI Resource Factory Configuration. JSPWiki will try this first.
# You will need to configure your container to provide a JavaMail
# resource factory. See your container documentation, or check our
# fairly complete documentation (with examples for Tomcat) in
# the JavaDocs for com.ecyrd.jspwiki.util.MailUtil.
#
# JNDI resource name. The commented-out value is the default.
#jspwiki.mail.jndiname = mail/Session
# C. Stand-alone Resource Factory. JSPWiki will use these values if JNDI fails.
#
# Your SMTP host (i.e. the one which sends email)
mail.smtp.host =@mail.smtp.host@
# If for some reason the standard smtp port (25) is blocked, you can change it here
#mail.smtp.port = @mail.smtp.port@
# If you are using a webserver that is publically accessible it usually
# doesn't allow you to send mail anonymously
# (because then this mailserver would become an open relay).
# Therefore you can indicate your account information here...
#
#mail.smtp.account = @mail.smtp.account@
#mail.smtp.password = @mail.smtp.password@
# The properties below control connection timeouts and TLS (encryption)
# if the mailserver supports it. The commented-out values are the defaults.
#mail.smtp.timeout = 5000
#mail.smtp.connectiontimeout = 5000
#mail.smtp.starttls.enable = true
###########################################################################
#
# Configure logs. See log4j documentation for more information
# on how you can configure the logs.
#
# Log4j is available at http://jakarta.apache.org/log4j
#
# WARNING WARNING WILL ROBINSON: If you turn on DEBUG logging, be aware
# that some security-sensitive information will be logged (such as session IDs).
# Please be careful.
#
# Send mail to root on all problems containing warnings.
#
#log4j.appender.mail = org.apache.log4j.net.SMTPAppender
#log4j.appender.mail.Threshold = WARN
#log4j.appender.mail.To = root@localhost
#log4j.appender.mail.From = JSPWiki@localhost
#log4j.appender.mail.Subject = Problem with JSPWiki!
#log4j.appender.mail.SMTPHost = mail
#log4j.appender.mail.layout = org.apache.log4j.PatternLayout
#log4j.appender.mail.layout.ConversionPattern =%d [%t] %p %c %x - %m%n
#
# Log everything into a file, roll it over every 10 MB, keep
# only 14 latest ones.
#
log4j.appender.FileLog =org.apache.log4j.RollingFileAppender
log4j.appender.FileLog.MaxFileSize =10MB
log4j.appender.FileLog.MaxBackupIndex =14
log4j.appender.FileLog.File =C:\\\\jspwiki\\\\jspwiki.log
log4j.appender.FileLog.layout =org.apache.log4j.PatternLayout
log4j.appender.FileLog.layout.ConversionPattern=%d [%t] %p %c %x - %m%n
#
# If you want to use some other logging system (such as JBoss, which uses
# log4j already, comment this line out. If you just don't want any logs
# at all, you can set it to be empty. However, I suggest that you do
# at least to a level of WARN.
#
log4j.rootCategory=INFO,FileLog
# Enable if you're using mailing, above.
#log4j.rootCategory=INFO,FileLog,mail
#
# Uncomment these lines if you want to see detailed security event logging.
# The logging levels are as follows:
# ERROR: login errors (other than failed/expired logins)
# WARN: access denied, failed login (account expired, password/credential expired)
# INFO: login, logout
# DEBUG: add/remove group, add/remove group member, clear groups/group members, access allowed
#
#log4j.logger.SecurityLog=INFO, SecurityAppender
#log4j.appender.SecurityAppender = org.apache.log4j.RollingFileAppender
#log4j.appender.SecurityAppender.MaxFileSize = 10MB
#log4j.appender.SecurityAppender.MaxBackupIndex = 14
#log4j.appender.SecurityAppender.File = @securitylog@
#log4j.appender.SecurityAppender.layout = org.apache.log4j.PatternLayout
#log4j.appender.SecurityAppender.layout.ConversionPattern=%d %p - %m%n
#
# Uncomment these lines if you wish to receive detailed spam
# filter logging.
#
#log4j.logger.SpamLog=INFO,SpamAppender
#log4j.appender.SpamAppender = org.apache.log4j.RollingFileAppender
#log4j.appender.SpamAppender.MaxFileSize = 10MB
#log4j.appender.SpamAppender.MaxBackupIndex = 14
#log4j.appender.SpamAppender.File = @spamlog@
#log4j.appender.SpamAppender.layout = org.apache.log4j.PatternLayout
#log4j.appender.SpamAppender.layout.ConversionPattern=%d{ISO8601} %m%n
###########################################################################
#
# Workflow configuration
#
# The following properties map specific workflow steps to their associated approvers
# The name of the workflow or decision is the part of the key after "jspwiki.approver.".
# This is a logical name JSPWiki uses to determine which Principal to consult for approval.
# The Principal is identified up by AuthorizationManager at runtime; it looks for a Principal
# match as follows: GroupPrincipals; Roles; WikiPrincipals/other principals. Thus, if a value
# of "Admin" is supplied JSPWiki will first check the GroupManager to see if group Admin exits;
# then the container roles, if any; then, user Principals. If the value is blank or the
# property is commented out, it means that the workflow does not require approval.
#
# EXAMPLE:
# Uncomment the next line to require the Admin group (or Admin user, if a group is not found)
# to approve wiki pages after saving.
#jspwiki.approver.workflow.saveWikiPage=Admin
# Uncomment the next line to require the Admin group to approve new user profiles
#jspwiki.approver.workflow.createUserProfile=Admin
### End of configuration file.
>
Re: ACL problem
Posted by Harry Metske <ha...@gmail.com>.
David,
your jspwiki.policy looks fine.
I cannot reproduce your problem, when you access the protected page
anonymously you should get a message like
*User 0:0:0:0:0:0:0:1 has no access - redirecting
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Testpage","view"))
*
Have you made changes to web.xml and/or jspwiki.properties that might affect
this behaviour ?
Can you reproduce it on http://sandbox.jspwiki.org ?
regards,
Harry
2010/4/24 David Clemmons <d_...@yahoo.com>
> Harry,
> FYI, I have the same problem on Tomcat running on Ubuntu.
>
> David Clemmons
>
>
>
>
> ________________________________
> From: Harry Metske <ha...@gmail.com>
> To: jspwiki-user@incubator.apache.org
> Sent: Thu, April 22, 2010 3:58:57 AM
> Subject: Re: ACL problem
>
> David,
>
> the list does not accept attachments, can you put them inline, or put them
> somewhere on a public host ?
>
>
> regards,
> Harry
>
> 2010/4/22 David Clemmons <d_...@yahoo.com>
>
> > Attached is the policy and log file.
> > Thank You,
> > David Clemmons
> >
> >
> > ------------------------------
> > *From:* Harry Metske <ha...@gmail.com>
> > *To:* jspwiki-user@incubator.apache.org
> > *Sent:* Wed, April 21, 2010 11:52:42 AM
> > *Subject:* Re: ACL problem
> >
> > David,
> >
> > can you share your jspwiki.policy file and the logfiles with us ?
> > Your problem description is not enough for us to help you.
> >
> > regards,
> > Harry
> >
> > 2010/4/19 David Clemmons <dc...@sbcglobal.net>
> >
> > > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > > work. For instance, I have a page with [{ALLOW view DavidClemmons}]
> but
> > > anonymous users can still view this.
> > >
> > >
> > > David Clemmons
> > >
> >
>
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Harry,
FYI, I have the same problem on Tomcat running on Ubuntu.
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Thu, April 22, 2010 3:58:57 AM
Subject: Re: ACL problem
David,
the list does not accept attachments, can you put them inline, or put them
somewhere on a public host ?
regards,
Harry
2010/4/22 David Clemmons <d_...@yahoo.com>
> Attached is the policy and log file.
> Thank You,
> David Clemmons
>
>
> ------------------------------
> *From:* Harry Metske <ha...@gmail.com>
> *To:* jspwiki-user@incubator.apache.org
> *Sent:* Wed, April 21, 2010 11:52:42 AM
> *Subject:* Re: ACL problem
>
> David,
>
> can you share your jspwiki.policy file and the logfiles with us ?
> Your problem description is not enough for us to help you.
>
> regards,
> Harry
>
> 2010/4/19 David Clemmons <dc...@sbcglobal.net>
>
> > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> > anonymous users can still view this.
> >
> >
> > David Clemmons
> >
>
Re: ACL problem
Posted by Harry Metske <ha...@gmail.com>.
David,
the list does not accept attachments, can you put them inline, or put them
somewhere on a public host ?
regards,
Harry
2010/4/22 David Clemmons <d_...@yahoo.com>
> Attached is the policy and log file.
> Thank You,
> David Clemmons
>
>
> ------------------------------
> *From:* Harry Metske <ha...@gmail.com>
> *To:* jspwiki-user@incubator.apache.org
> *Sent:* Wed, April 21, 2010 11:52:42 AM
> *Subject:* Re: ACL problem
>
> David,
>
> can you share your jspwiki.policy file and the logfiles with us ?
> Your problem description is not enough for us to help you.
>
> regards,
> Harry
>
> 2010/4/19 David Clemmons <dc...@sbcglobal.net>
>
> > I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> > work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> > anonymous users can still view this.
> >
> >
> > David Clemmons
> >
>
Re: ACL problem
Posted by David Clemmons <d_...@yahoo.com>.
Attached is the policy and log file.
Thank You,
David Clemmons
________________________________
From: Harry Metske <ha...@gmail.com>
To: jspwiki-user@incubator.apache.org
Sent: Wed, April 21, 2010 11:52:42 AM
Subject: Re: ACL problem
David,
can you share your jspwiki.policy file and the logfiles with us ?
Your problem description is not enough for us to help you.
regards,
Harry
2010/4/19 David Clemmons <dc...@sbcglobal.net>
> I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> anonymous users can still view this.
>
>
> David Clemmons
>
Re: ACL problem
Posted by Harry Metske <ha...@gmail.com>.
David,
can you share your jspwiki.policy file and the logfiles with us ?
Your problem description is not enough for us to help you.
regards,
Harry
2010/4/19 David Clemmons <dc...@sbcglobal.net>
> I have installed JSPWIKI 2.83 on Websphere but I cannot get ACL to
> work. For instance, I have a page with [{ALLOW view DavidClemmons}] but
> anonymous users can still view this.
>
>
> David Clemmons
>