incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simon Fraser (JIRA)" <>
Subject [jira] Commented: (JSPWIKI-216) ACL Ignored
Date Tue, 23 Sep 2008 13:41:44 GMT


Simon Fraser commented on JSPWIKI-216:

Hi there,

I would like this to reopen as I'm seeing exactly the same problem.  I am running JSPWiki
2.6.2 and can't see that anything has changed in 2.6.3 or 2.6.4 in this area (nor in any of
the later development releases).

The problem I have is that if I set the cache to 'true' then this problem is not seen BUT
I have another problem where people who are not in the admin group are unable to edit certain
pages that have been edited by someone else not in the admin group.  I consider this worse
as our wiki is internal and we can trust one another (mostly! ;) )

If I have the cache set to 'false' then the reported problem in this issue is seen.

Please can you tell me what you need to investigate the problem?  Even if it is my set up
that's wrong?

> ACL Ignored
> -----------
>                 Key: JSPWIKI-216
>                 URL:
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.1
>         Environment: Windows XP, Tomcat 5.5
>            Reporter: oraps
>            Priority: Minor
> The ACL is ignored after I added the ACL to the page.  Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page  (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
TestWiki:/wiki/Test TestWiki: - Adding to old acl
list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager
TestWiki:/wiki/Test TestWiki: -   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored.  The security is taken from the jspwiki.policy
> When I restart Tomcat, the ACL setting on the page-level is enforced.  However, if I
make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes
include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating
new JSPWiki group.
> This issue seems like a caching issue.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message