Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.6.3
-
None
-
Tomcat 6.0 on RHEL5.
Description
The procedure listed in http://doc.jspwiki.org/2.4/wiki/Security#section-Security-CustomizingJSPWikiSecurity regarding creating a security policy for an individual user does not appear to work. After having followed the instructions several times we are unable to grant specific access to an individual user in JSPWiki. To be certain that the changes had taken affected we did restart the application between changes. We are certain that the user existed and could login with other default permissions. We even removed all other custom policies to see if they were in conflict and added only the users policy. After attempting login for the given user none of the permissions granted to them in the policy had effect. The policy for the user was defined as such:
grant principal "Username" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission ":", "view, modify";
};
This is likely a matter of out dated documentation, or a misunderstanding of how to grant the principal. We later added a group principal for a group containing only the user and the permissions went into affect without any problems. We would rather like to not have to create a user and user group for each user we create that we want to give a special security policy to.
Thanks.