You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Kinicky <ki...@gmail.com> on 2009/05/15 20:47:56 UTC
security configuration
Hi guys,
i'm trying to configure the permissions for my users, but i can't stop
receiving the "Forbidden - sorry but you are not allowed to do that" error.
This error always happen when i try to edit, comment some pages so i guess
is something with my web.xml... but i dont seeanything wrong with it.
my landscape: i'm using JSPWiki 2.8 with tomcat 6 authentication using
JNDIRealm and MS-AS.
*this is my policy.properties:*
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
//permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"modify,rename";
//permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
"view";
//permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:<groupmember>", "edit";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages,createGroups";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
};
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
*this is my server.xml from tomcat:*
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://server:389"
connectionName="user"
connectionPassword="passw"
referrals="follow"
userBase="OU=Usuarios, OU=Cit, DC=cit"
userSearch="(sAMAccountName={0})"
userSubtree="true"
/>
*and this is my web.xml*
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
</web-app>
i'll appreciate very much if someone can help me!