|Title|Authentication Improperly Allowed on Windows XP
|Date|05-Sep-2006 23:31:08 EEST
|Version|2.4.38
|Submitter|TS
|[Bug criticality]|MediumBug
|Browser version|Firefox 1.5
|[Bug status]|ClosedBug
|[PageProvider] used|JDBCPageProvider
|Servlet Container|tomcat 5.5.17
|Operating System|All
|URL|n/a
|Java version|1.5

Running JSPWiki on Windows XP, I had a page with this restriction: 
{{{
[{ALLOW edit Admin}]
[{ALLOW view Admin}]
}}}
There is an Admin group which does *NOT* include user terry2.  User terry2 is, however, able to access the page.

When deployed to Linux, terry2 was denied access.  Logged out and logged back in again as terry2, and the access was allowed.

When deployed on a host provider, terry2 was denied access.  Then discovered the ACL error, and changed it to: 
{{{
[{ALLOW edit Admin}]
[{ALLOW view Authenticated}]
}}}

Then user terry2 had capability to view the page.


----

There is a possibility that this was related to a bug pre-2.4.48.  Could you please check if you can duplicate this using the latest version?

-- JanneJalkanen

----
No response from bug reporter, closing the bug.

--HarryMetske