From: <forums_at_java.net>
Date: Sun, 18 Dec 2011 04:06:35 -0600 (CST)

Thanks for your reply, before making the changes you have suggested I have
altered my jspwiki.policy file so that it reads like the attached. In
summary, this is the policy file in its default state, with only the
following changes:

- the "Admin" container role with the "All" permission has been renamed to
"wiki-admin"

- the "wiki-users" container role has been added and granted the "All"
permission.

As I understand it, if container role to group mapping works successfully,
then any user in the LDAP group "wiki-admin" or "wiki-users" should have
complete control over the wiki, (best represented by the ability to delete
pages).

I have then enabled the Security Configuration diagnostic UI in JSPWiki,
which is a way to determine JSPWiki's understanding of its security
configuration. JSPWiki successfully detects the presence of these roles in
its web.xml file, and you can see from the two attached screengrabs that the
roles should indeed have "All" permissions over the wiki.

For my LDAP realm, I have then added the group-mapping property with a value
of wiki-admin. I have also added the group-search-filter with the value of
"uniqueMember=%d" as you have suggested. Unfortunately this has not changed
the behaviour described in my original post: logging in with the UID "Dave
K" I can authenticate but do not apparently have "All" permissions.

Finally, I have attached the output of the Glassfish server log, captured at
the point the "Dave K" logs in to JSPWiki.

Cheers,

Dave

--
[Message sent by forum member 'davenz']
View Post: http://forums.java.net/node/871253