You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Florian Holeczek (JIRA)" <ji...@apache.org> on 2008/03/19 09:58:25 UTC

[jira] Commented: (JSPWIKI-216) ACL Ignored

    [ https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580279#action_12580279 ] 

Florian Holeczek commented on JSPWIKI-216:
------------------------------------------

I couldn't reproduce this with the following configuration:
Firefox 2, JSPWiki 2.6.2-rc-3, Tomcat 6.0.14, JDK 1.6.0_05, Windows XP SP2

After logging out, I get correctly redirected to the login page when trying to view the created page.

Are you sure this is no browser cache issue?

> ACL Ignored
> -----------
>
>                 Key: JSPWIKI-216
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-216
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.1
>         Environment: Windows XP, Tomcat 5.5
>            Reporter: oraps
>            Priority: Critical
>
> The ACL is ignored after I added the ACL to the page.  Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page  (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test TestWiki:http://wiki.localhost.net:8089/wiki/Teset -   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Anonymous: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Admin: (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored.  The security is taken from the jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced.  However, if I make any change to the ACL, I notice that the ACL setting is ignored again. The ACL changes include the followings: 1) edit the ACL setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.