I have modified permissions in DefaultPermissions.txt to deny edit permissions to known users.

[{SET defaultpermissions='ALLOW view Guest;DENY edit Guest;DENY edit KnownPerson'}]

[{DENY view Guest}]
[{DENY edit Guest}]
[{DENY edit KnownPerson}]

And also specified the following property: jspwiki.auth.administrator=WikiInfoAdmin

Cerated a wikie page WikiInfoAdmin.txt that lists couple of members.

This configuration allows only admin members specified in WikiInfoAdmin.txt to modify wiki pages. And is been working fine.

Recently, I modified the work directory property (After seeing several work directories, within Tomcat temp, created everytime JSPWiki is started).

jspwiki.workDir=c:\jspwiki-temp\

I observe that this is being used fine. As a result, there is only one work directory (across several tomcat process lifetimes). But I also found that none of the above permissions that I setup are being used now. And it defaults to hard-coded permissions. I see a corresponding log text.

Debugging through JSPWiki code, I realize that reference manager now finds an old serialized file in the work directory and successfully deserializes it everytime I restart tomcat. And, for some reason, seem to ignore permissions setup in DefaultPermissions.txt

I also tried the exact same configuration with v2.1.161. Now, DefaultPermissions.txt and WikiInfoAdmin.txt settings are completely ignored irrespective of whether I have jspwiki.workDir is configured or not. Not sure if something is fundamentally changed in v2.1.161

Authentication system is buggy and known not to work. Bugs won't be fixed, the whole thing will be replaced with something new.

(Set jspwiki.auth.useOldAuth = true in your jspwiki.properties to enable old functionality.)

-- JanneJalkanen