|Title|ACL commands being ignored
|Date|14-Sep-2006 13:43:01 EEST
|[Bug criticality]|BadBug
|Browser version|IE 6.0.28/Firefox
|[Bug status]|NewBug
|[PageProvider] used|
|Servlet Container|Tomcat 5.0.28
|Operating System|Solaris 10
|Java version|1.5.0_06-b05


I have just depolyed JSP Wiki and am playing around with the Authentication and Authorisation trying to learn how it works!

I have the wiki configured to use container based Authentication and have modified the jspwiki.policy to only allow Authenticated  users to edit and create pages. 

All other users should be allow to view all pages except on a per page basis where ACL Markup is used.

The problem that I am encountering is that even though I have included ACL view restriction as per below:

{{{[{ALLOW view Authenticated, User1}]}}}

all users can wiew this page.  It appears as though the Markup is being ignored?

As I said I am trying to learn how the wiki works and prior to making some of my modifications to the security settings the ACL was working. 

I seemed to be having some problems with pages caching (not sure wheher it was in browser, at proxy server or within the JSP container - or a combination of all of these) whereby the output markup was being rendered with the previously logged in users settings (e.g. if a newly logged in user tried to create a new group they would see the last new group created by the previously logged in user) so I have configured jspwiki.properties with:

jspwiki.usePageCache = false

I am not sure that this is not a separate issue which is obfuscating my view of the ACL issue?  

Anyway, no matter what I now do in the page markup - the ACL is just ignored..

Any ideas?