incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske" <harry.met...@gmail.com>
Subject Re: weird access rights issue, was: Re: security configuration question
Date Tue, 19 Aug 2008 12:50:44 GMT
Florian,

if we would push the latest version to the Sandbox, would you be able to
recreate the problem there ?



2008/8/19 Andrew Jaquith <andrew.jaquith@me.com>

> I really don't know what to say about this. We have lots and lots of unit
> tests for ACLs, and many web unit tests that test things from the browser.
>
> All of these tests work fine.
>
> Unless we can devise some tests that allow reproduction of the issue, every
> time, it's going to be hard for me to help.
>
> Florian, I do not doubt that you are having
>
>
> On Aug 19, 2008, at 8:14 AM, Florian Holeczek <florian@holeczek.de> wrote:
>
>  Interesting... in my case, the affected pages are viewable, but
>> nothing more. Also, administrators do have full access to it like they
>> should.
>>
>> I have some "allow view all" page ACLs in the pages. Could you check
>> for page ACLs maybe in a backup from the time when you had the
>> problem? Maybe the ACLs shift somehow in memory.
>>
>> This brought me to the idea of testing it without the page cache.
>> This is spooky...
>> Without cache, the error appears in another way.
>> * Pages appear with their correct ACLs. They were editable, but: The
>>  changes aren't saved!
>> * However, no error appears, JSPWiki is behaving as if the save action
>>  has been handled correctly.
>> * Adding comments to these pages works, but the comment itself isn't
>>  written into the page, only the signature.
>>
>> Like Janne assumed, this could in fact be related to JSPWIKI-27.
>> However, the problem described there isn't that dramatic, but the
>> "full error" I'm describing here is pretty severe, I think.
>>
>> I'm experiencing the problem with the current head of trunk (alpha-21
>> at the moment).
>>
>> Andrew, what do you think about it? AFAIK you're the AAA expert in
>> here.
>>
>> Regards
>> Florian
>>
>> Urspr√ľngliche Nachricht vom 19.08.2008 um 10:18:
>>
>>> Florian,
>>>
>>
>>  I think we had similar problems in the past (unfortunately my long term
>>> memory is bad).
>>> The symptoms were that (mostly) the main page was not publicly accessible
>>> anymore, only for administrators.
>>> Looking at the source of the page, there were no ACL's on it.
>>> The workaround for this was always Edit the page (add something to it)
>>> and
>>> save it.
>>> This problem occurred on average 3 times a week.
>>>
>>
>>  The problem was solved after an upgrade, but I don't know anymore to
>>> which
>>> version (you can see the version history on my personal page on
>>> jspwiki.org
>>> ).
>>>
>>
>>  We currently run 2.7.0-svn-44, and we don't have the problem anymore.
>>>
>>
>>  Hope this helps,
>>> Harry
>>>
>>
>>


-- 
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message