You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "oraps (JIRA)" <ji...@apache.org> on 2008/03/19 00:32:24 UTC
[jira] Created: (JSPWIKI-216) ACL Ignored
ACL Ignored
-----------
Key: JSPWIKI-216
URL: https://issues.apache.org/jira/browse/JSPWIKI-216
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Affects Versions: 2.6.1
Environment: Windows XP, Tomcat 5.5
Reporter: oraps
Priority: Critical
The ACL is ignored after I added the ACL to the page. Here are the steps.
1) Edit the a new page called Test (/Edit.jsp?page=Test)
2) Enter this ACL: [{ALLOW view Admin}]
3) Logout
4) Can view the Test page (the ACL is ignored)
I see the following in the debug log:
2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "oraps (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580981#action_12580981 ]
oraps commented on JSPWIKI-216:
-------------------------------
Are you sure this is no browser cache issue?
oraps>> I have cleared out all the browser cache. For example, on Firefox, I pressed CTRL+SHIFT+DELETE, checked all the boxes (cache, cookies, etc.), and clicked the "clear private data now" button.
Can you check if you have jspwiki.useCache=false? If you're having ACL problems, you might want to try and turn it to true.
oraps>> Do you mean jspwiki.renderingManager.useCache or jspwiki.usePageCache properties? I have tried both true and false on the both properties with the same result.
If you need more information, please let me know. I can upload the debug log.
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Critical
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580478#action_12580478 ]
Janne Jalkanen commented on JSPWIKI-216:
----------------------------------------
Can you check if you have jspwiki.useCache=false? If you're having ACL problems, you might want to try and turn it to true.
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Critical
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609092#action_12609092 ]
Janne Jalkanen commented on JSPWIKI-216:
----------------------------------------
Please supply more info, or this needs to be closed.
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Minor
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633741#action_12633741 ]
Janne Jalkanen commented on JSPWIKI-216:
----------------------------------------
Unfortunately turning the cache off does cause a lot of annoying problems, for which you have to be prepared for. So you really should keep the cache on at all times, unless you are a developer.
There is a distinct possibility that your "cache on" problem is related to previews. This issue is currently fixed in the latest SVN trunk. Perhaps you should try that?
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Minor
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (JSPWIKI-216) ACL Ignored
Posted by "Harry Metske (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske closed JSPWIKI-216.
--------------------------------
Resolution: Invalid
no response from submitter
feel free to re-open if necessary
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Minor
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "Florian Holeczek (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580279#action_12580279 ]
Florian Holeczek commented on JSPWIKI-216:
------------------------------------------
I couldn't reproduce this with the following configuration:
Firefox 2, JSPWiki 2.6.2-rc-3, Tomcat 6.0.14, JDK 1.6.0_05, Windows XP SP2
After logging out, I get correctly redirected to the login page when trying to view the created page.
Are you sure this is no browser cache issue?
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Critical
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-216) ACL Ignored
Posted by "Simon Fraser (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633732#action_12633732 ]
Simon Fraser commented on JSPWIKI-216:
--------------------------------------
Hi there,
I would like this to reopen as I'm seeing exactly the same problem. I am running JSPWiki 2.6.2 and can't see that anything has changed in 2.6.3 or 2.6.4 in this area (nor in any of the later development releases).
The problem I have is that if I set the cache to 'true' then this problem is not seen BUT I have another problem where people who are not in the admin group are unable to edit certain pages that have been edited by someone else not in the admin group. I consider this worse as our wiki is internal and we can trust one another (mostly! ;) )
If I have the cache set to 'false' then the reported problem in this issue is seen.
Please can you tell me what you need to investigate the problem? Even if it is my set up that's wrong?
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Minor
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced. However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.