<
From version < 21.1 >
edited by Thomas Mortagne
on 2013/03/26
To version < 22.1 >
edited by Denis Gervalle
on 2013/03/30
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.dgervalle
Content
... ... @@ -10,6 +10,19 @@
10 10  
11 11  [[Full list of issues fixed and Dashboard for 5.0>>http://jira.xwiki.org/secure/Dashboard.jspa?selectPageId=11493]].
12 12  
13 +== New security authorization module replace the old RightService ==
14 +
15 +With this new module, we bring the following improvements:
16 +
17 + * More efficient and performant authorization management thanks to a smart access rules and decision cache.
18 + * More generic and consistant right policy based on declarative definition of rights.
19 + * Extensible solution, allowing registration of new rights.
20 + * Customizable thanks to pluggable authentication settlers using configuration.
21 +
22 +Read the [[full documentation of this module>>Extension.Security Module]] for complete details.
23 +
24 +{warning}With this new module, the access policies also evolve and this introduce some major changes that you should consider if you are migrating an existing installation. Please read those changes in the migration chapter below.{/warning}
25 +
13 13  == Automatic Paste Cleaning in WYSIWYG Editor ==
14 14  
15 15  Starting with this version, whenever you paste some content into the rich text area of the WYSIWYG Editor that content is (by default) automatically cleaned before being inserted into the rest of the content.
... ... @@ -135,10 +135,22 @@
135 135  
136 136  === Programming right imply Admin right and not the opposite ===
137 137  
138 -With previous Right Service implementation some side effect used to give you Programming Right when you had main wiki admin right, it's not the case anymore. Programming right is stronger than admin right in new security module default implementation which means you can have programming right without admin right, even on main wiki.
151 +With the previous Right Service implementation some side effect used to give you Programming Right when you had main wiki admin right, it's not the case anymore. Programming right is stronger than admin right in new security module default implementation which means you can have admin right without programming right, even on main wiki.
139 139  
140 -In practice it means that most of the time you will have to give Programming Right to main wiki admin group which used to be granted only Admin right by default distribution.
153 +{{warning}}In practice it means that most of the time you will have to give Programming Right to main wiki admin group which used to be granted only Admin right by default distribution.{{/warning}}
141 141  
155 +=== Public access on an empty wiki does not receive admin right anymore ===
156 +
157 +With the previous Right Service implementation, until some right are sets, the public (previously XWikiGuest user, now null user) used to receive admin access and is able to import the default XAR. Since we now have a Distribution Wizard that kicks in to allow installing at least a minimal flavor to get you started, this is no more needed. This will improve security since the detection of an initial import situation was not so trivial.
158 +
159 +If you do not have installed a minimal package using the new Distribution Wizard or you want to continue to import XAR manually, you may use the superadmin access to do so.
160 +
161 +Note that public receive view, edit, comment, login, and register access to an empty wiki.
162 +
163 +=== Edit right now imply view right ===
164 +
165 +With the previous Right Service implementation, you were able to receive edit access to a document while you were not able to see or read that same document. This potential issue stay hidden since nobody notice until a edit URL is manually entered. Since we do not see any practical use case where a user would need to edit a document he cannot access, the edit right now imply the view right. Therefore, giving edit alone is now sufficient.
166 +
142 142  === Miscellaneous ===
143 143  
144 144  - The translations page for each workspace (xwiki:WorkspaceManager.TemplateTranslations) has been moved to the template (and implicitly locally, on each workspace) in XWiki.WorkspaceTranslations. Existing workspaces will still use any existing xwiki:WorkspaceManager.TemplateTranslations document (registered as translation bundle) that you may still have on the main wiki. New workspaces will use their local XWiki.WorkspaceTranslations document.

Get Connected