This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]
Titlejspwiki.policy ignored when using Security Manager
Date12-Mar-2007 00:22:18 EET
Version2.5.28
Submitter69.115.43.4
Bug criticalityBadBug
Browser versionfirefix
Bug statusClosedBug
PageProvider used
Servlet Containertomcat5.5
Operating Systemubuntu 6.10
URLhttp://192.168.1.104:8180/JSPWiki25/Wiki.jsp?page=Main
Java version1.5

Try as I might I can not get a custom jspwiki.policy file working with a container security manager. I upgraded to 2.5.28 as there was a bug fix for local policy file but this did not appear to help.

I have granted JSPWiki all permissions in the catalina policy and JSPWiki works but nothing with security works correctly. Not even page ACLS (everything is editable). If I disable container security then the custom jspwiki.policy is followed/enforced.

I know there are issues with container security manager but this looks like JSPWiki issue not a container issue.

thanks, Charlie


Charlie --

JSPWiki does not operate properly when the SecurityManager is running. It has nothing to do with the security policy -- and everything to do with the fact that we don't have all of the needed permissions enumerated yet. This is an issue, and we are aware of it and working on a fix. In the meantime, do not run JSPWiki with a security manager.

Andrew

--Andrew Jaquith, 13-Mar-2007


Andrew;

Thanks for the reply and keep up the great work. I will keep an eye open for updates regarding use of a Security Manager.

Charlie.

--AnonymousCoward, 16-Mar-2007


Assuming fixed, there have been various fixes against PageRenamer.
Negative. I've configured a 2.6.0 installation on JBoss with DB2. I'm using container managed security and I can verify that the security policies still aren't being applied properly.

It appears that a user that has both Authenticated and Admin will be granted the all permissions by Admin. However these all permissions are being overridden by the deny of permissions to Authenticated.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 13-Mar-2008 07:59 by 216.58.96.134.