This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]
TitleGranting permision to Groups doesnot work in the Policy file or ACL
Date01-Feb-2006 21:54:43 EET
Bug criticalityLightBug
Browser versionIE 6.0 and FireFox1.0.7
Bug statusNotABug
PageProvider used
Servlet ContainerTomcat 5.0
Operating SystemNT 4
Java versionJDK 1.4

On my Main page, there are several links to the different sub-pages, I have some groups each of them can only access one of the links. I want to grant the Group "SocialCommittee" the permission only on "*.SocialCommittee*" pages and view only on Main. I tried 2 ways,

1st is through the ACL -

[{ALLOW view SocialCommittee}]
, but still couldnot view the "*.SocialCommittee*" pages when I logged on the main page as any one of the "SocialCommittee"; If I set ACL as
[{ALLOW view SocialCommittee, GautamKumra}]
, and logged in Main page as "GautamKumra", I could see the "*.SocialCommittee*" pages.

2nd is through the Policy file -

If I comment out all the settings for Role "Authenticated" or even remove the whole section for "Authenticated", and grant some permission to the Wiki group "SocialCommittee" I just created, in the jspwiki.policy, and reboot the Wiki, after I login the Main page as any one of "SocialCommittee", I get the "Forbidden page", I cannot view any page, even the Main. If I just grant the "edit, rename" on "*.Main" to "Authenticated", no change to the group "SocialCommittee". After I login the Main page as any one of "SocialCommittee", I can "view&edit" the Main page, but get the "Forbidden page" on any other pages.

Thank you !

Content of jspwiki.policy
grant signedBy "jspwiki" 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Main", "edit,rename";

grant signedBy "jspwiki" 
  principal com.ecyrd.jspwiki.auth.authorize.Group "SocialCommittee" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Main", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:SocialCommittee*", "edit,rename,upload,delete";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";

Content of GroupSocialCommittee.txt file
[{ALLOW edit SocialCommittee}]
[{SET members='GautamKumra'}]
[{SET members='FahimaMohmand'}]
This is a wiki group. Edit this page to see its members.

I cannot reproduce your bug, so I am marking it invalid. Perhaps there are some peculiarities specific to Windows NT that are preventing things from working on your setup. If that's the case, there's not much we can do, and frankly I am not going to spend a lot of time troubleshooting something that only seems to exist on a ten-year-old operating system. See the Security 2.3 Howto page for an example of using groups and security policies. -- Andrew Jaquith

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 12-Feb-2006 10:19 by