incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske" <>
Subject Re: weird access rights issue, was: Re: security configuration question
Date Tue, 19 Aug 2008 12:50:44 GMT

if we would push the latest version to the Sandbox, would you be able to
recreate the problem there ?

2008/8/19 Andrew Jaquith <>

> I really don't know what to say about this. We have lots and lots of unit
> tests for ACLs, and many web unit tests that test things from the browser.
> All of these tests work fine.
> Unless we can devise some tests that allow reproduction of the issue, every
> time, it's going to be hard for me to help.
> Florian, I do not doubt that you are having
> On Aug 19, 2008, at 8:14 AM, Florian Holeczek <> wrote:
>  Interesting... in my case, the affected pages are viewable, but
>> nothing more. Also, administrators do have full access to it like they
>> should.
>> I have some "allow view all" page ACLs in the pages. Could you check
>> for page ACLs maybe in a backup from the time when you had the
>> problem? Maybe the ACLs shift somehow in memory.
>> This brought me to the idea of testing it without the page cache.
>> This is spooky...
>> Without cache, the error appears in another way.
>> * Pages appear with their correct ACLs. They were editable, but: The
>>  changes aren't saved!
>> * However, no error appears, JSPWiki is behaving as if the save action
>>  has been handled correctly.
>> * Adding comments to these pages works, but the comment itself isn't
>>  written into the page, only the signature.
>> Like Janne assumed, this could in fact be related to JSPWIKI-27.
>> However, the problem described there isn't that dramatic, but the
>> "full error" I'm describing here is pretty severe, I think.
>> I'm experiencing the problem with the current head of trunk (alpha-21
>> at the moment).
>> Andrew, what do you think about it? AFAIK you're the AAA expert in
>> here.
>> Regards
>> Florian
>> Urspr√ľngliche Nachricht vom 19.08.2008 um 10:18:
>>> Florian,
>>  I think we had similar problems in the past (unfortunately my long term
>>> memory is bad).
>>> The symptoms were that (mostly) the main page was not publicly accessible
>>> anymore, only for administrators.
>>> Looking at the source of the page, there were no ACL's on it.
>>> The workaround for this was always Edit the page (add something to it)
>>> and
>>> save it.
>>> This problem occurred on average 3 times a week.
>>  The problem was solved after an upgrade, but I don't know anymore to
>>> which
>>> version (you can see the version history on my personal page on
>>> ).
>>  We currently run 2.7.0-svn-44, and we don't have the problem anymore.
>>  Hope this helps,
>>> Harry

met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message