incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-216) ACL Ignored
Date Wed, 19 Mar 2008 17:54:24 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580478#action_12580478
] 

Janne Jalkanen commented on JSPWIKI-216:
----------------------------------------

Can you check if you have jspwiki.useCache=false?  If you're having ACL problems, you might
want to try and turn it to true.

> ACL Ignored
> -----------
>
>                 Key: JSPWIKI-216
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-216
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.1
>         Environment: Windows XP, Tomcat 5.5
>            Reporter: oraps
>            Priority: Critical
>
> The ACL is ignored after I added the ACL to the page.  Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page  (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl
list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset -   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored.  The security is taken from the jspwiki.policy
file.
> When I restart Tomcat, the ACL setting on the page-level is enforced.  However, if I
make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes
include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating
new JSPWiki group.
> This issue seems like a caching issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message