Authorization#

Try to debug/solve it yourself first#

Use the Sandbox#

In some situations you can try to reproduce your problem in the Sandbox. There you can register new userid's, create pages and see if your problem occurs there too.

Raise debuglevels and check your logs.#

Next thing you do is raising the debug level, one thing you can do is add the following two statements to jspwiki.properties or log4j.properties (depending on which JSPWiki version you run) :
log4j.logger.com.ecyrd.jspwiki.auth=debug, FileLog
log4j.additivity.com.ecyrd.jspwiki.auth=false

Recycle your AppServer and watch the log, you should at least see DEBUG messages like these :

2009-04-10 20:14:43,892 [main] DEBUG com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - Database successfully initialized
2009-04-10 20:14:43,908 [main] INFO com.ecyrd.jspwiki.auth.UserManager  - UserDatabase initialized.
2009-04-10 20:14:45,448 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  - Adding new acl entry for view
2009-04-10 20:14:45,466 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  -   user = All: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:HarryTestPage","view"))

2009-04-10 20:14:45,468 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  - Adding new acl entry for modify
2009-04-10 20:14:45,469 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  -   user = All: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:HarryTestPage","view"))
  user = FUSPOS: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:HarryTestPage","modify"))

2009-04-10 20:14:45,705 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  - Adding new acl entry for view
2009-04-10 20:14:45,706 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  -   user = All: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:EditPageHelp","view"))

2009-04-10 20:14:45,707 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  - Adding new acl entry for edit
2009-04-10 20:14:45,707 [main] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager  -   user = All: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:EditPageHelp","view"))
  user = Authenticated: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","Scharnhorst-wiki:EditPageHelp","edit"))

FAQ's#


Q
Anyone can edit my pages, even when I put an ALLOW tag on the page that should prohibit editing.

A

  • Make sure the person editing the page is not a JSPWiki Administrator (bypassing all ACL processing). Check User Preferences => Profiles
  • Check your admin/SecurityConfig.jsp, it tells you all about your security configuration, see this example output(info). To use this jsp, you should first put jspwiki-x.securityconfig.enable=true in jspwiki.properties
  • Check your JSPWiki logs after increasing the debug levels. You configure your logging in jspwiki.properties (<= version 2.8), or via WEB-INF/classes/log4j.properties (>= version 3.0). You should have a jspwiki.log and a security.log
  • Make sure you don't get a cached copy of the page (either from your browser cache, or from a proxy). Clear your browser cache, and force a page reload.

Q
I have a rather restrictive policy for my wiki having a default that only allow authorized users to view pages. I have a couple of pages that should be public, and I added ALLOW view All to them, but that does not work.

A
With page ACL's you can only further restrict permissions, and not widen them up.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
html
SecurityConfig.jsp.html 65.2 kB 1 10-Apr-2009 11:21 Harry Metske
« This page (revision-8) was last changed on 14-Apr-2009 00:07 by 69.26.32.67