This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Forget about me, this is indeed not a bug ut a wrong setting from my part... stupid me!

TitleAnonymous View Denied
Date26-Apr-2006 18:05:34 EEST
Version2.4.0
Submitter195.25.133.175
Bug criticalityMediumBug
Browser versionie, firefox
Bug statusClosedBug
PageProvider usedVersioningFIleProvider
Servlet ContainerTomcat 5.5.9
Operating SystemWindows XP Pro
URL?
Java version1.5.0_6

I try to set up a Wiki where only authenticated users are allowed to edit pages. I grant only "view" access to users with Anonymous built-in role. It all works as expected until an authenticated user logs out (and its status falls back to asserted). Then the user cannot view any page, he has to login again.

Here are the relevant sections of my jspwiki.policy:

// Guest users
// Note the commented lines, but note too that the "view all pages" permission is explicit.
grant signedBy "jspwiki" 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Guest*", "edit";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

// Asserted role: the erreor is here: I simply commented out the "edit" permission,
// and forgot to add a "view" one!
grant signedBy "jspwiki" 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    //permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Guest*", "edit";
    //permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};


// Authenticated users:
grant signedBy "jspwiki" 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Group*", "edit";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};

I should have understood it from the logs, where we clearly see that the user name is still recognized (so the user is not anonymous).

2006-04-26 17:04:20,891 [http-8080-Processor25] INFO SecurityLog BenchesWiki:http://e000433:8080/BenchesWiki/Wiki.jsp - WikiSecurityEvent.ACCESS_DENIED [source=com.ecyrd.jspwiki.auth.AuthorizationManager@5e9f1, princpal=[WikiPrincipal (fullName): Jérôme Duprez], target=("com.ecyrd.jspwiki.auth.permissions.PagePermission","BenchesWiki:Main","view")]
2006-04-26 17:04:20,891 [http-8080-Processor25] INFO com.ecyrd.jspwiki.WikiContext BenchesWiki:http://e000433:8080/BenchesWiki/Wiki.jsp - User Jérôme Duprez has no access - redirecting (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","BenchesWiki:Main","view"))
2006-04-26 17:04:20,907 [http-8080-Processor25] INFO SecurityLog BenchesWiki:http://e000433:8080/BenchesWiki/Login.jsp - WikiSecurityEvent.ACCESS_DENIED [source=com.ecyrd.jspwiki.auth.AuthorizationManager@5e9f1, princpal=[WikiPrincipal (fullName): Jérôme Duprez], target=("com.ecyrd.jspwiki.auth.permissions.WikiPermission","BenchesWiki","creategroups")]
2006-04-26 17:04:20,923 [http-8080-Processor25] INFO SecurityLog BenchesWiki:http://e000433:8080/BenchesWiki/Login.jsp - WikiSecurityEvent.ACCESS_DENIED [source=com.ecyrd.jspwiki.auth.AuthorizationManager@5e9f1, princpal=[WikiPrincipal (fullName): Jérôme Duprez], target=("com.ecyrd.jspwiki.auth.permissions.WikiPermission","BenchesWiki","creategroups")]
2006-04-26 17:04:20,923 [http-8080-Processor25] INFO SecurityLog BenchesWiki:http://e000433:8080/BenchesWiki/Login.jsp - WikiSecurityEvent.ACCESS_DENIED [source=com.ecyrd.jspwiki.auth.AuthorizationManager@5e9f1, princpal=[WikiPrincipal (fullName): Jérôme Duprez], target=("com.ecyrd.jspwiki.auth.permissions.WikiPermission","BenchesWiki","creategroups")]

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 27-Apr-2006 11:45 by Jérôme Duprez.