You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Simon Fraser (JIRA)" <ji...@apache.org> on 2008/09/23 15:41:44 UTC

[jira] Commented: (JSPWIKI-216) ACL Ignored

    [ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633732#action_12633732 ] 

Simon Fraser commented on JSPWIKI-216:
--------------------------------------

Hi there,

I would like this to reopen as I'm seeing exactly the same problem.  I am running JSPWiki 2.6.2 and can't see that anything has changed in 2.6.3 or 2.6.4 in this area (nor in any of the later development releases).

The problem I have is that if I set the cache to 'true' then this problem is not seen BUT I have another problem where people who are not in the admin group are unable to edit certain pages that have been edited by someone else not in the admin group.  I consider this worse as our wiki is internal and we can trust one another (mostly! ;) )

If I have the cache set to 'false' then the reported problem in this issue is seen.

Please can you tell me what you need to investigate the problem?  Even if it is my set up that's wrong?

> ACL Ignored
> -----------
>
>                 Key: JSPWIKI-216
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-216
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.1
>         Environment: Windows XP, Tomcat 5.5
>            Reporter: oraps
>            Priority: Minor
>
> The ACL is ignored after I added the ACL to the page.  Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page  (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset -   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored.  The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced.  However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.