Title | ACL commands being ignored |
Date | 14-Sep-2006 13:43:01 EEST |
Version | 2.4.53 |
Submitter | 213.233.159.69 |
Bug criticality | BadBug |
Browser version | IE 6.0.28/Firefox 1.5.0.6 |
Bug status | OpenBug |
PageProvider used | |
Servlet Container | Tomcat 5.0.28 |
Operating System | Solaris 10 |
URL | |
Java version | 1.5.0_06-b05 |
Hi,
I have just depolyed JSP Wiki and am playing around with the Authentication and Authorisation trying to learn how it works!
I have the wiki configured to use container based Authentication and have modified the jspwiki.policy to only allow Authenticated users to edit and create pages.
All other users should be allow to view all pages except on a per page basis where ACL Markup is used.
The problem that I am encountering is that even though I have included ACL view restriction as per below:
[{ALLOW view Authenticated, User1}]
all users can wiew this page. It appears as though the Markup is being ignored?
As I said I am trying to learn how the wiki works and prior to making some of my modifications to the security settings the ACL was working.
I seemed to be having some problems with pages caching (not sure wheher it was in browser, at proxy server or within the JSP container - or a combination of all of these) whereby the output markup was being rendered with the previously logged in users settings (e.g. if a newly logged in user tried to create a new group they would see the last new group created by the previously logged in user) so I have configured jspwiki.properties with:
jspwiki.usePageCache = false
I am not sure that this is not a separate issue which is obfuscating my view of the ACL issue?
Anyway, no matter what I now do in the page markup - the ACL is just ignored..
Any ideas?
Thanks,
Paul
I think this is somehow related to some other caching bugs we are seeing (e.g. author names not updating). If you re-edit the page, does the ACL then refresh?
-- JanneJalkanen, 24-Sep-2006
I'm having the same issue as well. [{ALLOW edit JamesW}] is the top line of the .txt file, but it allows everyone to edit.
I also have the page cache turned to false.
I'm trying various things to get the ACL command to work, re-editing the page, etc. Shutting down & starting back up....nothing works.
--James W., 19-Oct-2006
Seems to be working nicely here. Put braces around your ACL, because it was preventing anyone from viewing the page ;-)
What if you turn the page cache to "true"?
-- JanneJalkanen, 20-Oct-2006
I have since rolled back the installation and deployed the latest release 2.4.71. I am unable to recreate this problem now, so the problem seems to be resolved.
Not sure if there has been a fix in this latest release of if the roll back of some configuration setting that I had previously implemented has had the dessired effect? Either way it seems fine now.
Anyway thanks for your suggestions.
Paul
--Paul, 24-Oct-2006