This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]
TitleACL commands being ignored
Date14-Sep-2006 13:43:01 EEST
Version2.4.53
Submitter213.233.159.69
Bug criticalityBadBug
Browser versionIE 6.0.28/Firefox 1.5.0.6
Bug statusOpenBug
PageProvider used
Servlet ContainerTomcat 5.0.28
Operating SystemSolaris 10
URL
Java version1.5.0_06-b05

Hi,

I have just depolyed JSP Wiki and am playing around with the Authentication and Authorisation trying to learn how it works!

I have the wiki configured to use container based Authentication and have modified the jspwiki.policy to only allow Authenticated users to edit and create pages.

All other users should be allow to view all pages except on a per page basis where ACL Markup is used.

The problem that I am encountering is that even though I have included ACL view restriction as per below:

[{ALLOW view Authenticated, User1}]

all users can wiew this page. It appears as though the Markup is being ignored?

As I said I am trying to learn how the wiki works and prior to making some of my modifications to the security settings the ACL was working.

I seemed to be having some problems with pages caching (not sure wheher it was in browser, at proxy server or within the JSP container - or a combination of all of these) whereby the output markup was being rendered with the previously logged in users settings (e.g. if a newly logged in user tried to create a new group they would see the last new group created by the previously logged in user) so I have configured jspwiki.properties with:

jspwiki.usePageCache = false

I am not sure that this is not a separate issue which is obfuscating my view of the ACL issue?

Anyway, no matter what I now do in the page markup - the ACL is just ignored..

Any ideas?

Thanks,

Paul


I think this is somehow related to some other caching bugs we are seeing (e.g. author names not updating). If you re-edit the page, does the ACL then refresh?

-- JanneJalkanen, 24-Sep-2006


I'm having the same issue as well. [{ALLOW edit JamesW}] is the top line of the .txt file, but it allows everyone to edit.

I also have the page cache turned to false.

I'm trying various things to get the ACL command to work, re-editing the page, etc. Shutting down & starting back up....nothing works.

--James W., 19-Oct-2006


Seems to be working nicely here. Put braces around your ACL, because it was preventing anyone from viewing the page ;-)

What if you turn the page cache to "true"?

-- JanneJalkanen, 20-Oct-2006

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 20-Oct-2006 14:30 by JanneJalkanen.