TitleACL commands being ignored
Date14-Sep-2006 13:43:01 EEST
Bug criticalityBadBug
Browser versionIE 6.0.28/Firefox
Bug statusOpenBug
PageProvider used
Servlet ContainerTomcat 5.0.28
Operating SystemSolaris 10
Java version1.5.0_06-b05


I have just depolyed JSP Wiki and am playing around with the Authentication and Authorisation trying to learn how it works!

I have the wiki configured to use container based Authentication and have modified the jspwiki.policy to only allow Authenticated users to edit and create pages.

All other users should be allow to view all pages except on a per page basis where ACL Markup is used.

The problem that I am encountering is that even though I have included ACL view restriction as per below:

[{ALLOW view Authenticated, User1}]

all users can wiew this page. It appears as though the Markup is being ignored?

As I said I am trying to learn how the wiki works and prior to making some of my modifications to the security settings the ACL was working.

I seemed to be having some problems with pages caching (not sure wheher it was in browser, at proxy server or within the JSP container - or a combination of all of these) whereby the output markup was being rendered with the previously logged in users settings (e.g. if a newly logged in user tried to create a new group they would see the last new group created by the previously logged in user) so I have configured with:

jspwiki.usePageCache = false

I am not sure that this is not a separate issue which is obfuscating my view of the ACL issue?

Anyway, no matter what I now do in the page markup - the ACL is just ignored..

Any ideas?



I think this is somehow related to some other caching bugs we are seeing (e.g. author names not updating). If you re-edit the page, does the ACL then refresh?

-- JanneJalkanen, 24-Sep-2006

