Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-13) was last changed on 26-Sep-2006 08:42 by null  

This page was created on 23-Mar-2004 17:39 by FosterSchucker

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 13 changed 7 lines
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
At line 21 changed 12 lines
<auth-constraint>
<role-name>admin</role-name>
<role-name>editor</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>editor</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
At line 34 changed 4 lines
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
At line 46 changed one line
Restricting access to a page is not possible using the basic Container Managed Security. The problem is that the JSPWiki url looks like:
Restricting access to a page is not possible using the basic Container Managed Security supplied with most application servers. The basic service is done on an URL basis with matching using a (very) limited regexp. The problem is that the JSPWiki URL looks like:
At line 54 changed one line
then container managed security would work[1].
then basic container managed security would work[1]. To do page level security requires additional work inside the application.
At line 87 added 18 lines
----
At my site, I have container managed security for access to basic functions like edit and delete. The standard J2EE API is used, when I log in, the container does the Authentication. It returns to JSPWiki my user information (remoteUser). Since the Wiki does not know about __roles__ it does everything on a __user__ basis. So when I login JSPWiki knows that I'm FosterSchucker, but does not care that I'm part of role ''editor''. So I am using, and JSPWiki can use Container Managed Security at a high level.
It becomes sticky when you try to control access to a WikiPage for:
*Page view
*Partial page view (Page A is included inside Page B)
*Indirect page view (LeftMenu is a good example)
*Page edit
*Page status (the More Information link)
*Page differences
----
While waiting for [Security2.3] security framework to get out of Alpha status and land on a stable JSPWiki release, I've written a really dirty hack for 2.2.33 which uses Container Managed Security and allows the usage of a specific wiki page to define edit authorizations for a set of restricted users.
It implies modifying the Edit.jsp page. Further info at [PageAuthentication on my wiki|http://battlehorse.homelinux.net/w/Wiki.jsp?page=PageAuthentication]
--[RiccardoGovoni]
----
[ContainerManagedSecurityDiscussion]
Version Date Modified Size Author Changes ... Change note
13 26-Sep-2006 08:42 5.737 kB null to previous
12 15-Mar-2006 20:21 5.833 kB 196.13.231.16 to previous | to last
11 18-Feb-2006 16:23 5.835 kB 87.10.60.182 to previous | to last
10 18-Feb-2006 16:23 5.832 kB 87.10.60.182 to previous | to last
9 03-Feb-2006 19:21 5.338 kB GWP to previous | to last
8 24-Mar-2004 19:06 5.334 kB FosterSchucker to previous | to last
7 23-Mar-2004 23:47 4.345 kB 129.24.70.221 to previous | to last
6 23-Mar-2004 23:45 4.299 kB 129.24.70.221 to previous | to last
5 23-Mar-2004 23:34 5.812 kB 129.24.70.221 to previous | to last
4 23-Mar-2004 18:20 4.297 kB 129.24.70.221 to previous | to last
3 23-Mar-2004 17:42 3.843 kB FosterSchucker to previous | to last
2 23-Mar-2004 17:41 3.819 kB FosterSchucker to previous | to last
1 23-Mar-2004 17:39 3.855 kB FosterSchucker to last
« This page (revision-13) was last changed on 26-Sep-2006 08:42 by null