[jira] Commented: (JSPWIKI-216) ACL Ignored

Tue, 23 Sep 2008 07:14:42 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633741#action_12633741
 ] 

Janne Jalkanen commented on JSPWIKI-216:
----------------------------------------

Unfortunately turning the cache off does cause a lot of annoying problems, for 
which you have to be prepared for.  So you really should keep the cache on at 
all times, unless you are a developer.

There is a distinct possibility that your "cache on" problem is related to 
previews.  This issue is currently fixed in the latest SVN trunk.  Perhaps you 
should try that?

> ACL Ignored
> -----------
>
>                 Key: JSPWIKI-216
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-216
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.1
>         Environment: Windows XP, Tomcat 5.5
>            Reporter: oraps
>            Priority: Minor
>
> The ACL is ignored after I added the ACL to the page.  Here are the steps.
> 1) Edit the a new page called Test (/Edit.jsp?page=Test)
> 2) Enter this ACL: [{ALLOW view Admin}]
> 3) Logout
> 4) Can view the Test page  (the ACL is ignored)
> I see the following in the debug log:
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG 
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test 
> TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list: 
> [GroupPrincipal Admin], view
> 2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG 
> com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test 
> TestWiki:http://wiki.localhost.net:8089/wiki/Teset -   user = Admin: 
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Anonymous: 
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
>   user = Admin: 
> (("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
> The ACL setting on the page-level is ignored.  The security is taken from the 
> jspwiki.policy file.
> When I restart Tomcat, the ACL setting on the page-level is enforced.  
> However, if I make any change to the ACL, I notice that the ACL setting is 
> ignored again. The ACL changes include the followings: 1) edit the ACL 
> setting on the same page or other pages, and 2) creating new JSPWiki group.
> This issue seems like a caching issue.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to