[
https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633732#action_12633732
]
Simon Fraser commented on JSPWIKI-216:
--------------------------------------
Hi there,
I would like this to reopen as I'm seeing exactly the same problem. I am
running JSPWiki 2.6.2 and can't see that anything has changed in 2.6.3 or 2.6.4
in this area (nor in any of the later development releases).
The problem I have is that if I set the cache to 'true' then this problem is
not seen BUT I have another problem where people who are not in the admin group
are unable to edit certain pages that have been edited by someone else not in
the admin group. I consider this worse as our wiki is internal and we can
trust one another (mostly! ;) )
If I have the cache set to 'false' then the reported problem in this issue is
seen.
Please can you tell me what you need to investigate the problem? Even if it is
my set up that's wrong?
> ACL Ignored
> -----------
>
> Key: JSPWIKI-216
> URL: https://issues.apache.org/jira/browse/JSPWIKI-216
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: Windows XP, Tomcat 5.5
> Reporter: oraps
> Priority: Minor
>
> The ACL is ignored after I added the ACL to the page. Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test
> TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list:
> [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test
> TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin:
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Anonymous:
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
> user = Admin:
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored. The security is taken from the
> jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced.
> However, if I make any change to the ACL, I notice that the ACL setting is
> ignored again. The ACL changes include the followings: 1) edit the ACL
> setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
